Tag Archives: Bearer

Securing multiple Auth0 APIs in ASP.NET Core using OAuth Bearer tokens

April 19, 2021 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 2 Comments

This article shows a strategy for security multiple APIs which have different authorization requirements but the tokens are issued by the same authority. Auth0 is used as the identity provider. A user API and a service API are implemented in the ASP.NET Core API project. The access token for the user API data is created […]

Securing Azure Functions using Azure AD JWT Bearer token authentication for user access tokens

September 24, 2020 · by · in App Service, ASP.NET Core, Azure, Azure functions · 7 Comments

This post shows how to implement OAuth security for an Azure Function using user-access JWT Bearer tokens created using Azure AD and App registrations. A client web application implemented in ASP.NET Core is used to authenticate and the access token created for the identity is used to access the API implemented using Azure Functions. Microsoft.Identity.Web […]

Securing a Web API using multiple token servers

October 25, 2019 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This article shows how a single secure Web API could be used together with multiple secure token servers. The API uses JWT Bearer token authentication, but because the access token come from different token servers, the tokens validation need to be changed. Code: https://github.com/damienbod/ApiJwtWithTwoSts Using multiple Authorities with shared certitficate The first way this can […]

Securing an ASP.NET Core MVC application which uses a secure API

February 2, 2018 · by · in .NET, .NET Core, ASP.NET Core, dotnet, MVC, OAuth2, Security, Web · 5 Comments

The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]

Securing an Angular SignalR client using JWT tokens with ASP.NET Core and Duende IdentityServer

October 16, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, Entity Framework, OAuth2, Security, SignalR · 18 Comments

This post shows how an Angular SignalR client can send secure messages using JWT bearer tokens with an API and an STS server. The STS server is implemented using Duende IdentityServer and the API is implemented using ASP.NET Core. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 […]

Full Server logout with IdentityServer4 and OpenID Connect Implicit Flow

September 16, 2016 · by · in .NET, angular, AngularJS, ASP.NET Core, ASPNET5, dotnet, OAuth2, Security, Typescript · 3 Comments

The article shows how to fully logout from IdentityServer4 using an OpenID Connect Implicit Flow. Per design when using an access token to use protected data from a resource server, even if the client has logged out from the server, the access token can be used so long it is valid (AccessTokenLifetime) as it is […]

Authorization Policies and Data Protection with IdentityServer4 in ASP.NET Core

February 14, 2016 · by · in .NET, ASPNET5, Entity Framework, MVC, OAuth2, Security, SQLite, TopHeaderMenu, Web · 24 Comments

This article shows how authorization policies can be used together with IdentityServer4. The policies are configured on the resource server and the ASP.NET Core IdentityServer4 configures the user claims to match these. The resource server is also setup to encrypt a ‘Description’ field in the SQLite database, so it cannot be read by opening the […]