Category Security

Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates

January 7, 2019 · by · in .NET, .NET Core, ASP.NET Core, Azure, Deployment, MVC, Security, Web · 1 Comment

This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]

Using Azure Key Vault with ASP.NET Core and Azure App Services

December 23, 2018 · by · in .NET, .NET Core, ASP.NET Core, Azure, Deployment, MVC, Security, Web · 4 Comments

This article shows how to use an Azure Key Vault with an ASP.NET Core application deployed as an Azure App Service. The Azure App Service can use the system assigned identity to access the Key Vault. This needs to be configured in the Key Vault access policies using the service principal. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in […]

OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4

December 18, 2018 · by · in .NET Core, ASP.NET Core, Azure, Deployment, MVC, Security, Web · 12 Comments

This article shows how to implement an OpenID Connect back-channel logout, which uses Azure Redis cache so that the session logout will work with multi instance deployments. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in this series: OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4 Using Azure Key Vault with ASP.NET Core and Azure App Services Deploying […]

Implementing User Management with ASP.NET Core Identity and custom claims

October 30, 2018 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 6 Comments

The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a successful login, and then an ASP.NET Core policy is used to authorize the identity. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity History 2023-01-07 Updated .NET 7, Angular […]

Implementing a multi-tenant OIDC Azure AD external login for IdentityServer4

August 15, 2018 · by · in ASP.NET Core, dotnet, MVC, OAuth2, Security · 7 Comments

This article shows how to setup a multi-tenant Azure AD external login for IdentityServer4 which uses ASP.NET Core Identity. Code: IdentityServer4 app with Identity Setting up the Azure AD Application registration for multiple tenants An Azure AD Application registration needs to be setup for the Active Directory tenant. Login to the Azure portal and switch […]

Disabling parts of ASP.NET Core Identity

August 7, 2018 · by · in ASP.NET Core, Security · 6 Comments

This article shows how to disable parts of ASP.NET Core Identity in a Web Application. In the ASP.NET Core Identity, the Identiy UI is deployed as part of the NuGet package. So per default everything is enabled and you have to opt-out, unlike the older versions which was opt-in. If you are not careful, this […]

Adding Localization to the ASP.NET Core Identity Pages

July 3, 2018 · by · in ASP.NET Core, Security · 13 Comments

The article shows how to localize the new Identity Pages in an ASP.NET Core application. The views, code from the pages, and models require localized strings and are read from global identity resource files. This makes it easy to add translations for further languages, and prevents duplication. Code: https://github.com/damienbod/AspNetCorePagesWebpack The application is setup using this […]

Updating ASP.NET Core Identity to use Bootstrap 4

June 26, 2018 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, MVC, Security, UI, Web · 1 Comment

This article shows how to update the default Identity Pages template to use Bootstrap 4. You need to scaffold the views into the project, and change the layouts and the views to use the new Bootstrap 4 classes and javascript. The base project is built using Webpack and npm. Bootstrap 4 is loaded from npm, […]

OAuth using OIDC Authentication with PKCE for a .NET Core Console Native Application

April 25, 2018 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 5 Comments

This article shows how to use a .NET Core console application securely with an API using the RFC 7636 specification. The app logs into IdentityServer4 using the OIDC authorization code flow with a PKCE (Proof Key for Code Exchange). The app can then use the access token to consume data from a secure API. This […]

ASP.NET Core Authorization for Windows, Local accounts

April 19, 2018 · by · in .NET, .NET Core, ASP.NET Core, ASPNET5, OAuth2, Security · 5 Comments

This article shows how authorization could be implemented for an ASP.NET Core MVC application. The authorization logic is extracted into a separate project, which is required by some certification software requirements. This could also be deployed as a separate service. Code: https://github.com/damienbod/AspNetCoreWindowsAuth Blogs in this series: Supporting both Local and Windows Authentication in ASP.NET Core […]

Older posts Newer posts