Category OAuth2

Securing a Web API using multiple token servers

October 25, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE

October 11, 2019 · by · in ASP.NET Core, MVC, OAuth2, Security · 8 Comments

This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using Duende IdentityServer but any secure token server (STS) can be used which supports PKCE. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi See WebCodeFlowPkceClient project. History An ASP.NET […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

October 4, 2019 · by · in ASP.NET Core, dotnet, javascript, OAuth2, Security, SQLite, Typescript, UI, Uncategorized, Web · 8 Comments

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

System Testing ASP.NET Core APIs using XUnit

July 7, 2019 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how an ASP.NET Core API could be tested using system tests implemented using XUnit. The API is protected using JWT Bearer token authorization, and the API uses a secure token server to validate the API requests. When running the tests, the access token needs to be requested, and used to access the […]

Using Chained Certificates for Certificate Authentication in ASP.NET Core 3.1

June 27, 2019 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 4 Comments

This article shows how to create self signed certificates and use these for chained certificate authentication in ASP.NET Core. By using chained certificates, each client application can use a unique certificate which was created from a root CA directly, or an intermediate certificate which was created from the root CA. The clients can then be […]

Certificate Authentication in ASP.NET Core 3.1

June 13, 2019 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security · 28 Comments

This article shows how Certificate Authentication can be implemented in ASP.NET Core 3.1. In this example, a shared self signed certificate is used to authenticate one application calling an API on a second ASP.NET Core application. Code https://github.com/damienbod/AspNetCoreCertificateAuth Posts in this series Certificate Authentication in ASP.NET Core 3.1 (Self Signed) Using Chained Certificates for Certificate […]

Handling Access Tokens for private APIs in ASP.NET Core

May 10, 2019 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security · 5 Comments

This article shows how to persist access tokens for a trusted ASP.NET Core application which needs to access secure APIs. These tokens which are persisted are not meant for public clients, but are used for the service to service communication. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Posts in this series: Securing an ASP.NET Core MVC application which uses a […]

Securing browser based Javascript, Typescript applications

April 2, 2019 · by · in angular, javascript, MVC, OAuth2, Security, SignalR, Typescript, UI, Web · 2 Comments

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

gRPC Bi-directional streaming with Razor Pages and a Hosted Service gRPC client

March 25, 2019 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Protobuf, Security · 10 Comments

This article shows how a Bi-directional streaming gRPC service could be implemented using an .NET Core Hosted Service as a gRPC client, and a Razor Page to send Bi-directional streaming messages to the servers connected clients. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a […]

Security Experiments with gRPC and ASP.NET Core 5

March 6, 2019 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 10 Comments

This article shows how a gRPC service could implement OAuth2 security using IdentityServer4 as the token service. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a gRPC service in a single ASP.NET Core application gRPC Bi-directional streaming with Razor Pages and a Hosted Service gRPC […]

Older posts Newer posts