Category OAuth2

Securing Azure Functions using ME-ID JWT Bearer token authentication for user access tokens

September 24, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure functions, Microsoft Entra ID, OAuth2, Security · 10 Comments

This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Microsoft Entra ID and App registrations. A client web application implemented in ASP.NET Core is used to authenticate and the access token created for the identity is used to access the API implemented using Azure Functions. […]

Login and use an ASP.NET Core API with Azure AD Auth and user access tokens

May 29, 2020 · by · in .NET Core, Azure, MVC, OAuth2, Security, Web · 25 Comments

In this blog post, Azure AD will be setup and used to authenticate and authorize an ASP.NET core Razor Page application which uses an API from a separate ASP.NET Core MVC project. User access tokens are used to access to API, so that an email can be used in the API. The API is not […]

Securing an Angular application using Azure B2C

May 14, 2020 · by · in angular, Microsoft Entra External ID, OAuth2, Security · 4 Comments

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using refresh tokens. Code: Angular Azure B2C History 2021-11-22 Updated to Angular OIDC 13.0.0 2021-07-20 Updated to Angular OIDC 12.0.2 Setting up Azure B2C In the Azure portal, create a new […]

Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4

December 18, 2019 · by · in .NET Core, ASP.NET Core, dotnet, MVC, OAuth2, Security, Web · 3 Comments

This post adds the custom ASP.NET Core Identity, IdentityServer4 logic to check for the “acr_values” and react if a client application requests MFA for authentication. The “acr_values” parameter is used to pass the mfa value from the client to the server in the authentication request. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID […]

Force ASP.NET Core OpenID Connect client to require MFA

December 16, 2019 · by · in .NET, .NET Core, ASP.NET Core, Azure, dotnet, MVC, OAuth2, Security, Web · 6 Comments

This article shows how an ASP.NET Core Razor Page application which uses OpenID Connect to sign in, can require that users have authenticated using MFA (multi factor authentication). Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID Connect client to require MFA Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity […]

WPF Azure AD signin with Sharepoint Online API call using Graph API

November 9, 2019 · by · in .NET, OAuth2, Security · 1 Comment

This article shows how a native WPF application could authenticate and authorize using an Azure Active Directory App Registration and then upload and download files in Sharepoint Online. The Graph API is used to access Sharepoint. Other Sharepoint libraries will NOT work if using an Azure AD signin. Code: https://github.com/damienbod/WpfAzureADSharepointOnlineGraphApi Setup the Azure Active Directory […]

Securing a Web API using multiple token servers

October 25, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE

October 11, 2019 · by · in ASP.NET Core, MVC, OAuth2, Security · 8 Comments

This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using Duende IdentityServer but any secure token server (STS) can be used which supports PKCE. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi See WebCodeFlowPkceClient project. History An ASP.NET […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

October 4, 2019 · by · in ASP.NET Core, dotnet, javascript, OAuth2, Security, SQLite, Typescript, UI, Uncategorized, Web · 8 Comments

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

System Testing ASP.NET Core APIs using XUnit

July 7, 2019 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how an ASP.NET Core API could be tested using system tests implemented using XUnit. The API is protected using JWT Bearer token authorization, and the API uses a secure token server to validate the API requests. When running the tests, the access token needs to be requested, and used to access the […]

Older posts Newer posts