Category Security

Implementing custom policies in ASP.NET Core using the HttpContext

October 23, 2017 · by · in .NET Core, ASP.NET Core, Security · 9 Comments

This article shows how to implement a custom ASP.NET Core policy using the AuthorizationHandler class. The handler validates, that the identity from the HttpContext has the authorization to update the object in the database. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 .NET 5, ngrx implementation2020-03-21 updated packages, fixed Admin UI […]

Securing an Angular SignalR client using JWT tokens with ASP.NET Core and Duende IdentityServer

October 16, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, Entity Framework, OAuth2, Security, SignalR · 18 Comments

This post shows how an Angular SignalR client can send secure messages using JWT bearer tokens with an API and an STS server. The STS server is implemented using Duende IdentityServer and the API is implemented using ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 […]

Auto redirect to an STS server in an Angular app using oidc Implicit Flow

September 26, 2017 · by · in angular, javascript, OAuth2, Security, Typescript, UI, Web · 18 Comments

This article shows how to implement an auto redirect in an Angular application, if using the OIDC Implicit Flow with an STS server. When a user opens the application, it is sometimes required that the user is automatically redirected to the login page on the STS server. This can be tricky to implement, as you […]

SignalR Group messages with ngrx and Angular

September 18, 2017 · by · in .NET Core, ASP.NET Core, ASPNET5, dotnet, OAuth2, Security, SignalR · 5 Comments

This article shows how SignalR can be used to send grouped messages to an Angular SignalR client, which uses ngrx to handle the SignalR events in the Angular client. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 .NET 5, ngrx implementation2020-03-21 updated packages, fixed Admin UI STS2019-08-18 […]

Implementing Two-factor authentication with IdentityServer4 and Twilio

July 14, 2017 · by · in .NET Core, MVC, OAuth2, Security, Uncategorized, Web · 14 Comments

This article shows how to implement two factor authentication using Twilio and IdentityServer4 using Identity. On the Microsoft’s Two-factor authentication with SMS documentation, Twilio and ASPSMS are promoted, but any SMS provider can be used. Code: https://github.com/damienbod/AspNetCoreID4External 2017-09-23 Updated to ASP.NET Core 2.0 Setting up Twilio Create an account and login to https://www.twilio.com/ Now create […]

Angular OIDC OAuth2 client with Google Identity Platform

June 16, 2017 · by · in angular, Security · 23 Comments

This article shows how an Angular client could implement a login for a SPA application using Google Identity Platform OpenID. The Angular application uses the npm package angular-auth-oidc-client to implement the OpenID Connect Implicit Flow to connect with the google identity platform. Code: https://github.com/damienbod/angular-auth-oidc-sample-google-openid History 2020-05-03 Updated to OIDC lib version 11.0.0, Angular 9.1.4, ASP.NET […]

angular-auth-oidc-client Release, an OpenID Implicit Flow client in Angular

June 14, 2017 · by · in angular, Security · 22 Comments

I have been blogging and writing code for Angular and OpenID Connect since Nov 1, 2015. Now after all this time, I have decided to create my first npm package for Angular: angular-auth-oidc-client, which makes it easier to use the Angular Auth OpenID client. This is now available on npm. npm package: https://www.npmjs.com/package/angular-auth-oidc-client github code: […]

OpenID Connect Session Management using an Angular application and IdentityServer4

June 11, 2017 · by · in angular, ASP.NET Core, ASPNET5, Security · 5 Comments

The article shows how the OpenID Connect Session Management can be implemented in an Angular application. The OpenID Connect Session Management 1.0 provides a way of monitoring the user session on the server using iframes. IdentityServer4 implements the server side of the specification. This does not monitor the lifecycle of the tokens used in the […]

Implementing a silent token renew in Angular for the OpenID Connect Implicit flow

June 2, 2017 · by · in .NET Core, angular, ASP.NET Core, ASPNET5, OAuth2, Security · 10 Comments

This article shows how to implement a silent token renew in Angular using IdentityServer4 as the security token service server. The SPA Angular client implements the OpenID Connect Implicit Flow ‘id_token token’. When the id_token expires, the client requests new tokens from the server, so that the user does not need to authorise again. Code: […]

Older posts Newer posts