Category OAuth2

Adding HTTP Headers to improve Security in an ASP.NET MVC Core application

This article shows how to add headers in a HTTPS response for an ASP.NET Core MVC application. The HTTP headers help protect against some of the attacks which can be executed against a website. securityheaders.io is used to test and validate the HTTP headers as well as F12 in the browser. NWebSec is used to […]

Securing an ASP.NET Core MVC application which uses a secure API

The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]

Using the dotnet Angular template with Azure AD OIDC Implicit Flow

This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2018-07-13 Removed static calls to the well known endpoints, and the jwt keys API […]

Sending Direct Messages using SignalR with ASP.NET core and Angular

This article shows how SignalR could be used to send direct messages between different clients using ASP.NET Core to host the SignalR Hub and Angular to implement the clients. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series Getting started with SignalR using ASP.NET Core and Angular SignalR Group messages with ngrx and Angular Using EF Core and […]

Auto redirect to an STS server in an Angular app using oidc Implicit Flow

This article shows how to implement an auto redirect in an Angular application, if using the OIDC Implicit Flow with an STS server. When a user opens the application, it is sometimes required that the user is automatically redirected to the login page on the STS server. This can be tricky to implement, as you […]

SignalR Group messages with ngrx and Angular

This article shows how SignalR can be used to send grouped messages to an Angular SignalR client, which uses ngrx to handle the SignalR events in the Angular client. Code: https://github.com/damienbod/AspNetCoreAngularSignalR Posts in this series Getting started with SignalR using ASP.NET Core and Angular SignalR Group messages with ngrx and Angular Using EF Core and […]

Implementing Two-factor authentication with IdentityServer4 and Twilio

This article shows how to implement two factor authentication using Twilio and IdentityServer4 using Identity. On the Microsoft’s Two-factor authentication with SMS documentation, Twilio and ASPSMS are promoted, but any SMS provider can be used. Code: https://github.com/damienbod/AspNetCoreID4External 2017-09-23 Updated to ASP.NET Core 2.0 Setting up Twilio Create an account and login to https://www.twilio.com/ Now create […]