Category OAuth2

Securing browser based Javascript, Typescript applications

April 2, 2019 · by · in angular, javascript, MVC, OAuth2, Security, SignalR, Typescript, UI, Web · 2 Comments

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

gRPC Bi-directional streaming with Razor Pages and a Hosted Service gRPC client

March 25, 2019 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Protobuf, Security · 10 Comments

This article shows how a Bi-directional streaming gRPC service could be implemented using an .NET Core Hosted Service as a gRPC client, and a Razor Page to send Bi-directional streaming messages to the servers connected clients. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a […]

Security Experiments with gRPC and ASP.NET Core 5

March 6, 2019 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 10 Comments

This article shows how a gRPC service could implement OAuth2 security using IdentityServer4 as the token service. Code: https://github.com/damienbod/Secure_gRpc Posts in this series Security Experiments with gRPC and ASP.NET Core 5 Running Razor Pages and a gRPC service in a single ASP.NET Core application gRPC Bi-directional streaming with Razor Pages and a Hosted Service gRPC […]

ASP.NET Core OAuth Device Flow Client with IdentityServer4

February 20, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 5 Comments

This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2020-12-11 Updated to .NET 5 2019-10-06 Updated to .NET Core […]

Securing a Vue.js app using OpenID Connect Code Flow with PKCE and IdentityServer4

January 29, 2019 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, javascript, OAuth2, Security, Typescript, UI · 9 Comments

This article shows how to setup a Vue.js SPA application to authenticate and authorize using OpenID Connect Code flow with PKCE. This is good solution when implementing SPA apps requesting data from APIs on separate domains. The oidc-client-js npm package is used to implement the client side authentication logic and validation logic. IdentityServer4 and ASP.NET […]

Is a SPA less secure than a server rendered web application?

January 20, 2019 · by · in MVC, OAuth2, Security, Web · 2 Comments

In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]

Securing Angular applications using the OpenID Connect Code Flow with PKCE

January 9, 2019 · by · in .NET, angular, ASP.NET Core, OAuth2, Security · 19 Comments

In this post, I show how an Angular application could be secured using the OpenID Connect Code Flow with Proof Key for Code Exchange (PKCE). The Angular application uses the OIDC lib angular-auth-oidc-client. In this example, the src code is used directly, but you could also use the npm package. Here’s an example which uses […]

Implementing User Management with ASP.NET Core Identity and custom claims

October 30, 2018 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 6 Comments

The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a successful login, and then an ASP.NET Core policy is used to authorize the identity. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity History 2023-01-07 Updated .NET 7, Angular […]

Implementing a multi-tenant OIDC Azure AD external login for IdentityServer4

August 15, 2018 · by · in ASP.NET Core, dotnet, MVC, OAuth2, Security · 7 Comments

This article shows how to setup a multi-tenant Azure AD external login for IdentityServer4 which uses ASP.NET Core Identity. Code: IdentityServer4 app with Identity Setting up the Azure AD Application registration for multiple tenants An Azure AD Application registration needs to be setup for the Active Directory tenant. Login to the Azure portal and switch […]

OAuth using OIDC Authentication with PKCE for a .NET Core Console Native Application

April 25, 2018 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 5 Comments

This article shows how to use a .NET Core console application securely with an API using the RFC 7636 specification. The app logs into IdentityServer4 using the OIDC authorization code flow with a PKCE (Proof Key for Code Exchange). The app can then use the access token to consume data from a secure API. This […]

Older posts Newer posts