Tag Archives: ASP.NET Core

Using Digital Signatures to check integrity of cipher texts in ASP.NET Core Razor Pages

This post shows how digital signatures can be implemented to check the integrity of cipher texts in ASP.NET Core Razor Pages. The cipher texts are encrypted with AES symmetric encryption and the key and the IV required to decrypt the texts are encrypted with asymmetric encryption using RSA certificates with a key size of 3072. […]

Encrypting texts for an Identity in ASP.NET Core Razor Pages using AES and RSA

The article shows how encrypted texts can be created for specific users in an ASP.NET Core Razor page application. Symmetric encryption is used to encrypt the text or the payload. Asymmetric encryption is used to encrypt the AES key and the IV of the symmetric encryptions. Each ASP.NET Core Identity has an associated X509Certificate2 with […]

Create, Build, Deploy and Configure an Azure App Service with Azure DevOps and Azure CLI

This post shows how to create, build, deploy and configure an Azure App Service using Azure DevOps, Azure CLI and Powershell. An Azure Service is created in Azure using Azure DevOps with Azure CLI and Powershell. The Azure App Service is created and built using ASP.NET Core and Visual Studio. This solution is deployed to […]

Using Certificates from Azure Key Vault in ASP.NET Core

This post shows how you can create and use X509 certificates in Azure Key Vault. The certificates are created using Azure CLI and are used inside an ASP.NET Core application. Code: StsServerIdentity/Services/Certificate Setup using Azure CLI Azure CLI can be used to setup the Azure Key Vault and also create certificates for an existing Key […]

Create, Build, Deploy and Configure an Azure Function with Azure DevOps and Azure CLI

This post shows how to create, build, deploy and configure an Azure Function using Azure DevOps, Azure CLI and Powershell. An Azure Function is created in Azure using Azure DevOps with Azure CLI and Powershell. The Azure Function (V3) project is created and built using Visual Studio and C#. This project is deployed to the […]

Requiring MFA for Admin Pages in an ASP.NET Core Identity application

This article shows how MFA could be forced on users to access sensitive pages within an ASP.NET Core Identity application. This could be useful for applications where different levels of access exist for the different identities. For example, users might be able to view the profile data using a password login, but an administrator would […]

Using HTTP Request Routes, Request Body, and Query string parameters for Authorization in ASP.NET Core

This post shows how HTTP route parameters, a HTTP request body or HTTP request query string parameters can be used for authorization in ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreWindowsAuth Authorization using ASP.NET Core Route parameters An AuthorizationHandler can be used to implement authorization logic in ASP.NET Core. The handler can authorize HTTP requests using a route parameter […]

User claims in ASP.NET Core using OpenID Connect Authentication

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an IdentityServer4 service. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi To use OpenID Connect in an ASP.NET Core application, the Microsoft.AspNetCore.Authentication.OpenIdConnect package can be used. This needs to be added […]

Securing a Web API using multiple token servers

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Adding FIDO2 Passwordless authentication to an ASP.NET Core Identity App

This article shows how FIDO2 WebAuthn could be used for a passwordless sign in integrated into an ASP.NET Core Identity application. The FIDO2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo code created by Anders Åberg. The application is implemented using ASP.NET Core 3.0 with Identity. For information about FIDO2 and WebAuthn, please […]