Category Security
Supporting both Local and Windows Authentication in ASP.NET Core MVC using IdentityServer4
This article shows how to setup an ASP.NET Core MVC application to support both users who can login in with a local login account, solution specific, or use a windows authentication login. The identity created from the windows authentication could then be allowed to do different tasks, for example administration, or a user from the […]
Comparing the HTTPS Security Headers of Swiss banks
This post compares the security HTTP Headers used by different banks in Switzerland. securityheaders.io is used to test each of the websites. The website of each bank as well as the e-banking login was tested. securityheaders.io views the headers like any browser. The tested security headers help protect against some of the possible attacks, especially […]
Securing the CDN links in the ASP.NET Core 2.1 templates
This article uses the the ASP.NET Core 2.1 MVC template and shows how to secure the CDN links using the integrity parameter. A new ASP.NET Core MVC application was created using the 2.1 template in Visual Studio. This template uses HTTPS per default and has added some of the required HTTPS headers like HSTS which […]
Securing an ASP.NET Core MVC application which uses a secure API
The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]
Using the dotnet Angular template with Azure AD OIDC Implicit Flow
This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2019-09-23 Updated to ASP.NET Core 3.0, OIDC 10.0.8 2018-07-13 Removed static calls to the […]
Using an EF Core database for the IdentityServer4 configuration data
This article shows how to implement a database store for the IdentityServer4 configurations for the Client, ApiResource and IdentityResource settings using Entity Framework Core and SQLite. This could be used, if you need to create clients, or resources dynamically for the STS, or if you need to deploy the STS to multiple instances, for example […]
Sending Direct Messages using SignalR with ASP.NET Core and Angular
This article shows how SignalR could be used to send direct messages between different clients using ASP.NET Core to host the SignalR Hub and Angular to implement the clients. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 .NET 5, ngrx implementation2020-03-21 updated packages, fixed Admin UI STS2019-08-18 […]
IdentityServer4 Localization using ui_locales and the query string
This post is part 2 from the previous post IdentityServer4 Localization with the OIDC Implicit Flow where the localization was implemented using a shared cookie between the applications. This has its restrictions, due to the cookie domain constraints and this post shows how the oidc optional parameter ui_locales can be used instead, to pass the […]
IdentityServer4 Localization with the OIDC Implicit Flow
This post shows how to implement localization in IdentityServer4 when using the Implicit Flow with an Angular client. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow The problem When the oidc implicit client calls the endpoint /connect/authorize to authenticate and authorize the client and the identity, the user is redirected to the AccountController login method using the IdentityServer4 package. If the […]
Software Engineering 