Category MVC
Handling Access Tokens for private APIs in ASP.NET Core
This article shows how to persist access tokens for a trusted ASP.NET Core application which needs to access secure APIs. These tokens which are persisted are not meant for public clients, but are used for the service to service communication. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Posts in this series: Securing an ASP.NET Core MVC application which uses a […]
Using Entity Framework Core to process Azure Service Messages in ASP.NET Core
This article shows how to use Entity Framework Core together with an Azure Service Bus receiver in ASP.NET Core. This message handler is a singleton and so requires that an Entity Framework Core context inside this singleton is not registered as a scoped service but created and disposed for each message event. Code: https://github.com/damienbod/AspNetCoreServiceBus Posts […]
Using Azure Service Bus Topics Subscription Filters in ASP.NET Core
This article shows how to implement Azure Service Bus filters for topic subscriptions used in an ASP.NET Core API application. The application uses the Microsoft.Azure.ServiceBus NuGet package for all the Azure Service Bus client logic. Code: https://github.com/damienbod/AspNetCoreServiceBus Posts in this series: History Azure Service Bus Topic Sender The topic sender from the previous post was […]
Using Azure Service Bus Topics in ASP.NET Core
This article shows how to implement two ASP.NET Core API applications to communicate with each other using Azure Service Bus Topics. This post continues on from the last article, this time using topics and subscriptions to communicate instead of a queue. By using a topic with subscriptions, and message can be sent to n receivers. […]
Securing browser based Javascript, Typescript applications
This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]
ASP.NET Core OAuth Device Flow Client with IdentityServer4
This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2020-12-11 Updated to .NET 5 2019-10-06 Updated to .NET Core […]
Passing Javascript values to ASP.NET Core View components
In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’ will not work, as this is rendered before the Javascript value has been created. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation History 2019-01-24 Added an Anti-Forgery token […]
Is a SPA less secure than a server rendered web application?
In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]
Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates
This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]
Software Engineering 