Category Security

Anti-Forgery Validation with ASP.NET Core MVC and Angular

May 9, 2017 · by · in .NET Core, angular, ASP.NET Core, ASPNET5, dotnet, Security · 11 Comments

This article shows how API requests from an Angular SPA inside an ASP.NET Core MVC application can be protected against XSRF by adding an anti-forgery cookie. This is required, if using Angular, when using cookies to persist the auth token. Code: https://github.com/damienbod/AspNetCoreMvcAngular Blogs in this Series Using Angular in an ASP.NET Core View with Webpack […]

Secure ASP.NET Core MVC with Angular using IdentityServer4 OpenID Connect Hybrid Flow

May 6, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, dotnet, MVC, OAuth2, Security, Typescript · 20 Comments

This article shows how an ASP.NET Core MVC application using Angular in the razor views can be secured using IdentityServer4 and the OpenID Connect Hybrid Flow. The user interface uses server side rendering for the MVC views and the Angular app is then implemented in the razor view. The required security features can be added […]

ASP.NET Core IdentityServer4 Resource Owner Password Flow with custom UserRepository

April 14, 2017 · by · in .NET, .NET Core, ASP.NET Core, ASPNET5, dotnet, OAuth2, Security · 19 Comments

This article shows how a custom user store or repository can be used in IdentityServer4. This can be used for an existing user management system which doesn’t use Identity or request user data from a custom source. The Resource Owner Flow using refresh tokens is used to access the protected data on the resource server. […]

Implementing OpenID Code Flow with PKCE using OpenIddict and Angular

April 11, 2017 · by · in .NET Core, angular, ASP.NET Core, ASPNET5, MVC, OAuth2, Security, SQLite, Typescript, Uncategorized, Web · 49 Comments

This article shows how to implement the OpenID Connect Code Flow with PKCE using OpenIddict hosted in an ASP.NET Core application, an ASP.NET Core Web API and an Angular application as the client. Code: https://github.com/damienbod/AspNetCoreOpeniddict 2021-12-24 Updated to ASP.NET Core 6, Angular 13 2020-12-26 Updated to ASP.NET Core 5, Angular 11, OpenIddict 3 2017-05-27 Updated […]

Extending Identity in IdentityServer4 to manage users in ASP.NET Core

November 18, 2016 · by · in .NET, angular, ASP.NET Core, ASPNET5, dotnet, MVC, OAuth2, Security, Typescript, Web · 21 Comments

This article shows how Identity can be extended and used together with IdentityServer4 to implement application specific requirements. The application allows users to register and can access the application for 7 days. After this, the user cannot log in. Any admin can activate or deactivate a user using a custom user management API. Extra properties […]

IdentityServer4, Web API and Angular in a single ASP.NET Core project

October 1, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, dotnet, Entity Framework, javascript, MVC, OAuth2, Security, Web · 48 Comments

This article shows how IdentityServer4 with Identity, a data Web API, and an Angular SPA could be setup inside a single ASP.NET Core project. The application uses the OpenID Connect Implicit Flow with reference tokens to access the API. The Angular application uses webpack to build. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow History: 2019-09-20: Updated ASP.NET Core 3.0, Angular […]

Full Server logout with IdentityServer4 and OpenID Connect Implicit Flow

September 16, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, dotnet, OAuth2, Security, Typescript · 3 Comments

The article shows how to fully logout from IdentityServer4 using an OpenID Connect Implicit Flow. Per design when using an access token to use protected data from a resource server, even if the client has logged out from the server, the access token can be used so long it is valid (AccessTokenLifetime) as it is […]

Secure file download using IdentityServer4, Angular2 and ASP.NET Core

March 14, 2016 · by · in angular, AngularJS, ASP.NET Core, ASPNET5, javascript, MVC, OAuth2, Security, TopHeaderMenu, Typescript, Web · 12 Comments

This article shows how a secure file download can be implemented using Angular 2 with an OpenID Connect Implicit Flow using IdentityServer4. The resource server needs to process the access token in the query string and the NuGet package IdentityServer4.AccessTokenValidation makes it very easy to support this. The default security implementation jwtBearerHandler reads the token […]

Angular OpenID Connect Implicit Flow with IdentityServer4

March 2, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, javascript, MVC, OAuth2, Security, TopHeaderMenu, Typescript, Web · 141 Comments

This article shows how to implement an OpenID Connect Implicit Flow client in Angular. The Angular client is implemented in Typescript and uses IdentityServer4 and an ASP.NET core 2.0 resource server. The OpenID Connect specification for Implicit Flow can be found here. Code: https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow History: 2019-09-20: Updated ASP.NET Core 3.0, Angular 8.2.6 2018-12-05: Updated to […]

AngularJS OpenID Connect Implicit Flow with IdentityServer4

February 26, 2016 · by · in .NET, AngularJS, ASP.NET Core, MVC, OAuth2, Security, TopHeaderMenu, Web · 18 Comments

This article shows how to implement the OpenID Connect Implicit Flow using Angular. This previous blog implemented the OAuth2 Implicit Flow which is not an authentication protocol. The OpenID Connect specification for Implicit Flow can be found here. Code: VS2017 msbuild | VS2015 project.json History: 2017.03.18: Updated to angular 2.4.10, oidc client validation Full history: […]

Older posts Newer posts