Category Security
Implementing Two-factor authentication with IdentityServer4 and Twilio
This article shows how to implement two factor authentication using Twilio and IdentityServer4 using Identity. On the Microsoft’s Two-factor authentication with SMS documentation, Twilio and ASPSMS are promoted, but any SMS provider can be used. Code: https://github.com/damienbod/AspNetCoreID4External 2017-09-23 Updated to ASP.NET Core 2.0 Setting up Twilio Create an account and login to https://www.twilio.com/ Now create […]
Adding an external Microsoft login to IdentityServer4
This article shows how to implement a Microsoft Account as an external provider in an IdentityServer4 project using ASP.NET Core Identity with a SQLite database. Code https://github.com/damienbod/AspNetCoreID4External Updated: You can also login using OpenID Connect instead of using Microsoft Account. Updating Microsoft Account Logins in ASP.NET Core with OpenID Connect and Azure Active Directory 2019-05-17 […]
Angular OIDC OAuth2 client with Google Identity Platform
This article shows how an Angular client could implement a login for a SPA application using Google Identity Platform OpenID. The Angular application uses the npm package angular-auth-oidc-client to implement the OpenID Connect Implicit Flow to connect with the google identity platform. Code: https://github.com/damienbod/angular-auth-oidc-sample-google-openid History 2020-05-03 Updated to OIDC lib version 11.0.0, Angular 9.1.4, ASP.NET […]
angular-auth-oidc-client Release, an OpenID Implicit Flow client in Angular
I have been blogging and writing code for Angular and OpenID Connect since Nov 1, 2015. Now after all this time, I have decided to create my first npm package for Angular: angular-auth-oidc-client, which makes it easier to use the Angular Auth OpenID client. This is now available on npm. npm package: https://www.npmjs.com/package/angular-auth-oidc-client github code: […]
OpenID Connect Session Management using an Angular application and IdentityServer4
The article shows how the OpenID Connect Session Management can be implemented in an Angular application. The OpenID Connect Session Management 1.0 provides a way of monitoring the user session on the server using iframes. IdentityServer4 implements the server side of the specification. This does not monitor the lifecycle of the tokens used in the […]
Implementing a silent token renew in Angular for the OpenID Connect Implicit flow
This article shows how to implement a silent token renew in Angular using IdentityServer4 as the security token service server. The SPA Angular client implements the OpenID Connect Implicit Flow ‘id_token token’. When the id_token expires, the client requests new tokens from the server, so that the user does not need to authorise again. Code: […]
Anti-Forgery Validation with ASP.NET Core MVC and Angular
This article shows how API requests from an Angular SPA inside an ASP.NET Core MVC application can be protected against XSRF by adding an anti-forgery cookie. This is required, if using Angular, when using cookies to persist the auth token. Code: https://github.com/damienbod/AspNetCoreMvcAngular Blogs in this Series Using Angular in an ASP.NET Core View with Webpack […]
ASP.NET Core IdentityServer4 Resource Owner Password Flow with custom UserRepository
This article shows how a custom user store or repository can be used in IdentityServer4. This can be used for an existing user management system which doesn’t use Identity or request user data from a custom source. The Resource Owner Flow using refresh tokens is used to access the protected data on the resource server. […]
Implementing OpenID Code Flow with PKCE using OpenIddict and Angular
This article shows how to implement the OpenID Connect Code Flow with PKCE using OpenIddict hosted in an ASP.NET Core application, an ASP.NET Core Web API and an Angular application as the client. Code: https://github.com/damienbod/AspNetCoreOpeniddict 2021-12-24 Updated to ASP.NET Core 6, Angular 13 2020-12-26 Updated to ASP.NET Core 5, Angular 11, OpenIddict 3 2017-05-27 Updated […]
Software Engineering 