Tag Archives: ASP.NET Core

BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT

April 8, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security, Web · 6 Comments

This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]

Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC

March 4, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra ID · 2 Comments

This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. […]

Using Blob storage from ASP.NET Core with Entra ID authentication

February 12, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Microsoft Entra ID · 4 Comments

This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Security architecture The application is setup to store the file uploads […]

Migrate ASP.NET Core Blazor Server to Blazor Web

January 15, 2024 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This article shows how to migrate a Blazor server application to a Blazor Web application. The migration used the ASP.NET Core migration documentation, but this was not complete and a few extra steps were required. The starting point was a Blazor Server application secured using OpenID Connect for authentication. The target system is a Blazor […]

Securing a MudBlazor UI web application using security headers and Microsoft Entra ID

December 13, 2023 · by · in .NET Core, App Service, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2, Security · 5 Comments

This article shows how a Blazor application can be implemented in a secure way using MudBlazor UI components and Microsoft Entra ID as an identity provider. The MudBlazor UI components adds some inline styles and requires a specific CSP setup due to this and the Blazor WASM script requirements. Code: https://github.com/damienbod/MicrosoftEntraIDMudBlazor Setup The application is […]

Authentication with multiple identity providers in ASP.NET Core

November 13, 2023 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2 · 2 Comments

This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need to be separated per scheme for the sign-in flow and the sign-out flow. The claims are different and would require mapping logic depending on the authorization logic of […]

Implement a secure web application using Vue.js and an ASP.NET Core server

October 2, 2023 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure, Entra CIAM, Microsoft Entra External ID, Microsoft Entra ID · 1 Comment

This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stack distributions as one web application. HTTP only secure cookies are used to persist the session. Microsoft Entra ID is used as the identity provider […]

Implement a secure web application using nx Standalone Angular and an ASP.NET Core server

September 11, 2023 · by · in .NET Core, angular, App Service, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 10 Comments

This article shows how to implement a secure web application using Angular and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stack distributions as one web application. HTTP only secure cookies are used to persist the session. Microsoft Entra ID is used as the identity provider […]

ASP.NET Core Logging using Serilog and Azure

August 21, 2023 · by · in .NET Core, App Service, ASP.NET Core, Azure · 10 Comments

This article shows how to implement logging in an ASP.NET Core application using Serilog and Azure as a hosting environment. Code: https://github.com/damienbod/aspnetcore-azure-logging History Priority logging use cases Two types of default logging use cases need to be supported in most software solutions. The application requires near real time logs which can be easily viewed and […]

Securing APIs using ASP.NET Core and OAuth 2.0 DPoP

August 14, 2023 · by · in .NET Core, ASP.NET Core, OAuth2 · 2 Comments

This article shows how an ASP.NET Core application can access an ASP.NET Core API using OAuth Demonstrating Proof-of-Possession (DPoP). This is a really powerful security enhancement which is relatively easy to support. The access tokens should only be used for what the access tokens are intended for. OAuth DPoP helps force this. This solution was […]

Older posts Newer posts