Tag Archives: aspnetcore

Improving application security in Blazor using HTTP headers – Part 2

August 23, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 3 Comments

This article shows how to improve the security of an ASP.NET Core Blazor application by adding security headers to all HTTP Razor Page responses (Blazor WASM hosted in a ASP.NET Core hosted backend). The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not […]

Verify vaccination data using Zero Knowledge Proofs with ASP.NET Core and MATTR

May 31, 2021 · by · in .NET Core, ASP.NET Core, Security, Self Sovereign Identity, SignalR · 3 Comments

This article shows how Zero Knowledge Proofs ZKP verifiable credentials can be used to verify a persons vaccination data implemented in ASP.NET Core and MATTR. The ZKP BBS+ verifiable credentials are issued and stored on a digital wallet using a Self-Issued Identity Provider (SIOP) and Open ID Connect. The data can then be used to […]

Securing Blazor Web assembly using cookies

March 8, 2021 · by · in .NET Core, ASP.NET Core, Azure, MVC, OAuth2, Security, Web · 8 Comments

The article shows how a Blazor web assembly UI hosted in an ASP.NET Core application can be secured using cookies. Azure AD is used as the identity provider and the Microsoft.Identity.Web Nuget package is used to secure the trusted server rendered application. The API calls are protected using the secure cookie and anti-forgery tokens to […]

Using ASP.NET Core Controllers and Razor Pages from a separate shared project or assembly

January 18, 2021 · by · in .NET, .NET Core, ASP.NET Core · 4 Comments

This post shows how to use shared projects or shared assemblies for ASP.NET Core API Controllers or ASP.NET Core Razor Pages. Sometimes shared logic for different ASP.NET Web API or Web App projects can be implemented in a shared project. The shared project controllers, Razor Pages, services can be referenced and used in the host […]

Securing an ASP.NET Core API which uses multiple access tokens

December 3, 2020 · by · in .NET Core, ASP.NET Core, ASPNET5, MVC, OAuth2, Security · 11 Comments

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]

Using Key Vault certificates with Microsoft.Identity.Web and ASP.NET Core applications

October 9, 2020 · by · in .NET Core, App Service, Azure, Azure functions, Azure Key Vault, OAuth2, Security · 5 Comments

This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Microsoft Entra ID App Registrations requires a certificate instead of a client secret. Code: https://github.com/damienbod/MicrosoftEntraIDAuthMicrosoftIdentityWeb Posts in this series History 2023-11-28 Updated to .NET 8 Creating the Key Vault certificates […]

Using Key Vault and Managed Identities with Azure Functions

July 20, 2020 · by · in .NET Core, App Service, ASP.NET Core, Azure, Azure functions, Azure Key Vault · 4 Comments

This article shows how Azure Key Vault could be used together with Azure Functions. The Azure Functions can use the system assigned identity to access the Key Vault. This needs to be configured in the Key Vault access policies using the service principal. By using the Microsoft.Azure.KeyVault and the Microsoft.Extensions.Configuration.AzureKeyVault nuget packages, defining direct references […]

Using Certificates from Azure Key Vault in ASP.NET Core

April 9, 2020 · by · in .NET Core, Azure, Web · 10 Comments

This post shows how you can create and use X509 certificates in Azure Key Vault. The certificates are created using Azure CLI and are used inside an ASP.NET Core application. Code: StsServerIdentity/Services/Certificate Setup using Azure CLI Azure CLI can be used to setup the Azure Key Vault and also create certificates for an existing Key […]

Create Certificates for IdentityServer4 signing using .NET Core

February 10, 2020 · by · in .NET Core, ASP.NET Core, dotnet, Security · 14 Comments

This article shows how to create certificates for an IdentityServer4 application to use for signing and token validation. The certificates are created using the CertificateManager nuget package. Both RSA and ECDsa certificates can be used for signing in IdentityServer4. Code: Certificates for IdentityServer4 signing using .NET Core Creating the Certificates in .NET Core A simple […]

User claims in ASP.NET Core using OpenID Connect Authentication

November 1, 2019 · by · in .NET Core, ASP.NET Core, MVC · 9 Comments

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an OpenID Connect server. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi History The Microsoft.AspNetCore.Authentication.OpenIdConnect Nuget package can be used to support OpenID Connect in an ASP.NET Core application. This needs […]

Older posts Newer posts