Tag Archives: aspnetcore

Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR

February 2, 2026 · by · in .NET, .NET Core, ASP.NET Core, aspire, dotnet, e-id, OAuth2, OpenId, Security · 6 Comments

This post looks at implement client assertions in an ASP.NET Core application OpenID Connect client using OAuth Demonstrating Proof of Possession (DPoP) and OAuth Pushed Authorization Requests (PAR). Code: https://github.com/swiss-ssi-group/swiyu-passkeys-idp-loi-loa Blogs in this series: Setup An ASP.NET code application is setup to authentication using OpenID Connect and OAuth PAR. The web application is an OIDC […]

Force step up authentication in web applications

January 26, 2026 · by · in dotnet, e-id, OAuth2, OpenId, Security · 7 Comments

The post shows how to implement a step up authorization using the OAuth 2.0 Step Up Authentication Challenge Protocol RFC 9470. The application uses ASP.NET Core to implement the API, the web application and the identity provider. Duende IdentityServer is used to implement the OpenID Connect server standard and also OAuth DPoP token binding as […]

Implementing Level of Authentication (LoA) with ASP.NET Core Identity and Duende

January 12, 2026 · by · in .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 6 Comments

This post shows how to implement an application which requires a user to authenticate using passkeys. The identity provider returns three claims to prove the authentication level (loa), the identity level, (loi) and the amr claim showing the used authentication method. Code: https://github.com/swiss-ssi-group/swiyu-passkeys-idp-loi-loa Blogs in this series: The amr claim and the loa claim returns […]

Implement forgot your password using swiyu, ASP.NET Core Identity and Aspire

November 17, 2025 · by · in .NET Core, ASP.NET Core, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 4 Comments

This post show to implement a “Forgot your password” flow using the Swiss Digital identity and trust infrastructure, (swiyu) in an ASP.NET Core web application using ASP.NET Core Identity and Duende IdentityServer. The generic containers from swiyu are used to integrate the Swiss E-ID and the OpenID for Verifiable Presentations standards. .NET Aspire is used […]

Use swiyu, the Swiss E-ID to authenticate users with Duende and .NET Aspire

October 27, 2025 · by · in .NET, .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity, Uncategorized · 3 Comments

This post shows how to authenticate users using Duende IdentityServer and ASP.NET Core Identity which verifies identities (verifiable digital credentials) using the Swiss Digital identity and trust infrastructure (swiyu). The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Presentations standards as well as many other standards for implementing […]

Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect

August 6, 2025 · by · in .NET Core, ASP.NET Core, OAuth2, OpenId, Security, Uncategorized · 1 Comment

Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]

Issue and verify credentials using the Swiss Digital identity public beta, ASP.NET Core and .NET Aspire

August 4, 2025 · by · in ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 6 Comments

This post shows how to issue and verify identities (verifiable credentials) using the Swiss Digital identity and trust infrastructure, (swiyu), ASP.NET Core and .NET Aspire. The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Credential Issuance and the OpenID for Verifiable Presentations standards as well as many other […]

Using multiple external identity providers from ASP.NET Core Identity and Duende IdentityServer

May 19, 2025 · by · in .NET Core, ASP.NET Core · 1 Comment

This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende IdentityServer. The same scheme is used for all the external providers and mapped to the identity for the client UI and the application. Using OpenID […]

Implement client assertions for OAuth client credential flows in ASP.NET Core

April 21, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog implements client assertions using an OAuth client credential flow in ASP.NET Core. Client assertions provide a secure way for client authentication without sharing a secret, enhancing the security the OAuth client credentials flow. By using JSON Web Tokens (JWTs) client assertions, this approach ensures strong client identity (application) verification and mitigates risks associated […]

Implement Phone verification, 2FA using ASP.NET Core Identity

March 3, 2025 · by · in .NET, .NET Core, ASP.NET Core · 2 Comments

This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The implementation uses ASP.NET Core Identity’s extensibility to incorporate SMS-based verification during user registration and login processes. SMS is no longer a recommended authentication method due to security risks but […]

Older posts