Category Uncategorized

Use swiyu, the Swiss E-ID to authenticate users with Duende and .NET Aspire

October 27, 2025 · by · in .NET, .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity, Uncategorized · 3 Comments

This post shows how to authenticate users using Duende IdentityServer and ASP.NET Core Identity which verifies identities (verifiable digital credentials) using the Swiss Digital identity and trust infrastructure (swiyu). The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Presentations standards as well as many other standards for implementing […]

Reset Cookies and force new sign-in using ASP.NET Core Identity

August 18, 2025 · by · in Uncategorized · 3 Comments

This post looks at implementing a cookie reset in an ASP.NET Core application using Duende identity server which federates to Entra ID. Sometimes cookies need to be reset for end users due to size problems, or unknown remote authentication server errors. The cookies can be cleared and a new sign in can be forced. Code: […]

Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect

August 6, 2025 · by · in .NET Core, ASP.NET Core, OAuth2, OpenId, Security, Uncategorized · 1 Comment

Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]

Revisiting using a Content Security Policy (CSP) nonce in Blazor

May 26, 2025 · by · in Uncategorized · 2 Comments

This blog looks at implementing a strong Content Security Policy (CSP) in web applications implemented using Blazor and ASP.NET Core. When implementing CSP, I always recommend using a CSP nonce or at least CSP hashes. If a technical stack does not support CSP nonces, you should probably avoid using this solution when implementing secure and […]

Multiple client sign-in customizations using Duende identity provider

February 3, 2025 · by · in Uncategorized · 2 Comments

This post looks at customizing the sign-in UI and the sign-in options in an ASP.NET Core application using Duende IdentityServer and ASP.NET Core Identity. There are multiple ways of changing the look and feel of the UI for different OpenID Connect clients or different client flows. Code: https://github.com/damienbod/duende-multi-tenant Blogs in the series Setup The solution […]

Using ASP.NET Core with Azure Key Vault

December 2, 2024 · by · in Uncategorized · 1 Comment

This article looks at setting up an ASP.NET Core application to use Azure Key Vault. When deployed to Azure, it works like in the Azure documentation but when working on development PCs, some changes are required for a smooth developer experience. Code: https://github.com/damienbod/UsingAzureKeyVaultInDevelopment I develop using Visual Studio and manage multiple accounts and test environments. […]

ASP.NET Core BFF using OpenID Connect and Vue.js

November 18, 2024 · by · in Uncategorized · 1 Comment

This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stacks as one web application. HTTP only secure cookies are used to persist the session. OpenIddict is used as the identity provider and the token […]

Implement a secure Blazor Web application using OpenID Connect and security headers

April 15, 2024 · by · in ASP.NET Core, dotnet, Uncategorized · 9 Comments

This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used to implement the security headers and OpenIddict is used to implement the OIDC server. Code: https://github.com/damienbod/BlazorWebOidc OpenIddict is used as the identity provider and an OpenID connect […]

Improve ASP.NET Core authentication using OAuth PAR and OpenID Connect

November 20, 2023 · by · in Uncategorized · 4 Comments

This article shows how an ASP.NET Core application can be authenticated using OpenID Connect and OAuth 2.0 Pushed Authorization Requests (PAR) RFC 9126. The OpenID Connect server is implemented using Duende IdentityServer. The Razor Page ASP.NET Core application authenticates using an OpenID Connect confidential client with PKCE and using the OAuth PAR extension. By using […]

Secure an Angular application using Microsoft Entra External ID and ASP.NET Core with BFF

October 24, 2023 · by · in Uncategorized · 8 Comments

This article looks at implementing an ASP.NET Core application hosting an Angular nx application which authenticates using Microsoft Entra External ID for customers (CIAM). The ASP.NET Core authentication is implemented using the Microsoft.Identity.Web Nuget package. The client implements the OpenID Connect code flow with PKCE and is a confidential client. Code: https://github.com/damienbod/bff-MicrosoftEntraExternalID-aspnetcore-angular Microsoft Entra External […]

Older posts