Category Web
Using Azure Service Bus Topics Subscription Filters in ASP.NET Core
This article shows how to implement Azure Service Bus filters for topic subscriptions used in an ASP.NET Core API application. The application uses the Microsoft.Azure.ServiceBus NuGet package for all the Azure Service Bus client logic. Code: https://github.com/damienbod/AspNetCoreServiceBus Posts in this series: History Azure Service Bus Topic Sender The topic sender from the previous post was […]
Using Azure Service Bus Topics in ASP.NET Core
This article shows how to implement two ASP.NET Core API applications to communicate with each other using Azure Service Bus Topics. This post continues on from the last article, this time using topics and subscriptions to communicate instead of a queue. By using a topic with subscriptions, and message can be sent to n receivers. […]
Securing browser based Javascript, Typescript applications
This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]
ASP.NET Core OAuth Device Flow Client with IdentityServer4
This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage. IdentityServer4 is used to implement the secure token server. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History 2020-12-11 Updated to .NET 5 2019-10-06 Updated to .NET Core […]
Passing Javascript values to ASP.NET Core View components
In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’ will not work, as this is rendered before the Javascript value has been created. Code: https://github.com/damienbod/AspNetCoreBootstrap4Validation History 2019-01-24 Added an Anti-Forgery token […]
Is a SPA less secure than a server rendered web application?
In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single Page Application (SPA)? A single page application runs in the browser, and handles routing in the client without posting back to […]
Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource Manager templates
This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using an Azure Resource Group project, the secret app settings can be fetched from the Azure Key Vault during deployment, […]
Using Azure Key Vault with ASP.NET Core and Azure App Services
This article shows how to use an Azure Key Vault with an ASP.NET Core application deployed as an Azure App Service. The Azure App Service can use the system assigned identity to access the Key Vault. This needs to be configured in the Key Vault access policies using the service principal. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in […]
OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4
This article shows how to implement an OpenID Connect back-channel logout, which uses Azure Redis cache so that the session logout will work with multi instance deployments. Code: https://github.com/damienbod/AspNetCoreBackChannelLogout Posts in this series: OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4 Using Azure Key Vault with ASP.NET Core and Azure App Services Deploying […]
Software Engineering 