Tag Archives: ASP.NET Core

Implement OpenID Connect Back-Channel Logout using ASP.NET Core, Keycloak and .NET Aspire

September 9, 2024 · by · in ASP.NET Core, dotnet, OAuth2, Security · 1 Comment

This post shows how to implement an OpenID Connect back-channel logout using Keycloak, ASP.NET Core and .NET Aspire. The Keycloak and the Redis cache are run as containers using .NET Aspire. Two ASP.NET Core UI applications are used to demonstrate the server logout. Code: https://github.com/damienbod/keycloak-backchannel Setup The applications are run and tested using .NET Aspire. […]

Implement ASP.NET Core OpenID Connect OAuth PAR client with Keycloak using .NET Aspire

September 2, 2024 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This post shows how to implement an ASP.NET Core application which uses OpenID Connect and OAuth PAR for authentication. The client application uses Keycloak as the identity provider. The Keycloak application is hosted in a docker container. The applications are run locally using .NET Aspire. This makes it really easy to develop using containers. Code: […]

Add a Swagger UI using a .NET 9 Json OpenAPI file

August 12, 2024 · by · in .NET, ASP.NET Core, OAuth2, Security · 1 Comment

This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production target. Sometimes, it is required to deploy the Swagger UI to a development deployment target and not the test or […]

Sonar Webinar, end to end security of a web application

June 11, 2024 · by · in .NET Core, angular, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security, Typescript · 1 Comment

I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional, pleasant and fun to do. Here’s the recording: Link to the Sonar Q&A: https://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405 Link to the repository: https://github.com/damienbod/EndToEndSecurity

Creating and downloading a PDF or DOCX in ASP.NET Core

June 5, 2024 · by · in .NET Core, ASP.NET Core, Web · 4 Comments

The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or whatever you require. Code: https://github.com/damienbod/AspNetCoreCreatePdf Why GemBox? There are many different tools to generate PDF all […]

Implement a secure Blazor Web application using OpenID Connect and security headers

April 15, 2024 · by · in ASP.NET Core, dotnet, Uncategorized · 9 Comments

This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used to implement the security headers and OpenIddict is used to implement the OIDC server. Code: https://github.com/damienbod/BlazorWebOidc OpenIddict is used as the identity provider and an OpenID connect […]

BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT

April 8, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security, Web · 6 Comments

This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]

Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC

March 4, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra ID · 2 Comments

This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. […]

Using Blob storage from ASP.NET Core with Entra ID authentication

February 12, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Microsoft Entra ID · 4 Comments

This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Security architecture The application is setup to store the file uploads […]

Migrate ASP.NET Core Blazor Server to Blazor Web

January 15, 2024 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This article shows how to migrate a Blazor server application to a Blazor Web application. The migration used the ASP.NET Core migration documentation, but this was not complete and a few extra steps were required. The starting point was a Blazor Server application secured using OpenID Connect for authentication. The target system is a Blazor […]

Older posts Newer posts