Category Web

Using Azure Service Bus Topics in ASP.NET Core

This article shows how to implement two ASP.NET Core API applications to communicate with each other using Azure Service Bus Topics. This post continues on from the last article, this time using topics and subscriptions to communicate instead of a queue. By using a topic with subscriptions, and message can be sent to n receivers. […]

Securing browser based Javascript, Typescript applications

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]

ASP.NET Core OAuth Device Flow Client with IdentityServer4

This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2019-10-06 Updated to .NET Core 3.0 2019-02-24 Updated packages, API […]

Using Azure Key Vault from a non-Azure App

In this article, I show how Azure Key Vault can be used with a non Azure application. An example of this, is a console application used for data migrations, or data seeding during release pipelines. This app could then read the secret connection strings from the Key Vault, and then do the app logic as […]

Passing Javascript values to ASP.NET Core View components

In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’ will not work, as this is rendered before the Javascript value has been created. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation History 2019-01-24 Added an Anti-Forgery token […]

Is a SPA less secure than a server rendered web application?

In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]

Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates

This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]

Using Azure Key Vault with ASP.NET Core and Azure App Services

This article shows how to use an Azure Key Vault with an ASP.NET Core application deployed as an Azure App Service. The Azure App Service can use the system assigned identity to access the Key Vault. This needs to be configured in the Key Vault access policies using the service principal. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in […]

OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4

This article shows how to implement an OpenID Connect back-channel logout, which uses Azure Redis cache so that the session logout will work with multi instance deployments. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in this series: OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4 Using Azure Key Vault with ASP.NET Core and Azure App Services Deploying […]

Using MVC ASP.NET Core APPs in a Host ASP.NET Core Application

This article shows how ASP.NET Core applications could be deployed inside a separate host ASP.NET Core MVC application. This could be useful if you have separate applications, services, or layouts but want to have a common user interface, or common deployment to improve the user experience. Code: https://github.com/damienbod/MultipleMvcApps Setup The applications are split into four […]