This article shows how an ASP.NET Core Razor Page application which uses OpenID Connect to sign in, can require that users have authenticated using MFA (multi factor authentication). Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID Connect client to require MFA Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity […]
This post shows how HTTP route parameters, a HTTP request body or HTTP request query string parameters can be used for authorization in ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreWindowsAuth Authorization using ASP.NET Core Route parameters An AuthorizationHandler can be used to implement authorization logic in ASP.NET Core. The handler can authorize HTTP requests using a route parameter […]
This article shows how a native WPF application could authenticate and authorize using an Azure Active Directory App Registration and then upload and download files in Sharepoint Online. The Graph API is used to access Sharepoint. Other Sharepoint libraries will NOT work if using an Azure AD signin. Code: https://github.com/damienbod/WpfAzureADSharepointOnlineGraphApi Setup the Azure Active Directory […]
This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an OpenID Connect server. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History The Microsoft.AspNetCore.Authentication.OpenIdConnect Nuget package can be used to support OpenID Connect in an ASP.NET Core application. This needs […]
This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]
This article shows how FIDO2 WebAuthn could be used for a passwordless sign in integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about FIDO2 and WebAuthn, please […]
This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using Duende IdentityServer but any secure token server (STS) can be used which supports PKCE. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi See WebCodeFlowPkceClient project. History An ASP.NET […]
This article shows how FIDO2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about Fido2 and WebAuthn, please refer to […]
This article shows how Javascript packages, files, CSS files could be built and bundled in an ASP.NET Core MVC or Razor Page application. The Javascript packages are loaded using npm in which most Javascript projects are deployed. No CDNs are used, only local files so that all external URLs, non self URL links can be […]
This article shows how an ASP.NET Core API could be tested using system tests implemented using XUnit. The API is protected using JWT Bearer token authorization, and the API uses a secure token server to validate the API requests. When running the tests, the access token needs to be requested, and used to access the […]
Software Engineering 