Tag Archives: Blazor

Implement MFA using swiyu, the Swiss E-ID with Duende IdentityServer, ASP.NET Core Identity and .NET Aspire

November 10, 2025 · by · in .NET Core, ASP.NET Core, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 4 Comments

The post shows how to use the Swiss Digital identity and trust infrastructure, (swiyu) as an MFA method in an ASP.NET Core web application using ASP.NET Core Identity and Duende IdentityServer. The generic containers from swiyu are used to integrate the Swiss E-ID and the OpenID for Verifiable Presentations standards. Code: https://github.com/swiss-ssi-group/swiyu-idp-mfa-aspire-aspnetcore Blogs in this […]

Creating and downloading a PDF or DOCX in ASP.NET Core

June 5, 2024 · by · in .NET Core, ASP.NET Core, Web · 4 Comments

The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or whatever you require. Code: https://github.com/damienbod/AspNetCoreCreatePdf Why GemBox? There are many different tools to generate PDF all […]

Implement a secure Blazor Web application using OpenID Connect and security headers

April 15, 2024 · by · in ASP.NET Core, dotnet, Uncategorized · 9 Comments

This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used to implement the security headers and OpenIddict is used to implement the OIDC server. Code: https://github.com/damienbod/BlazorWebOidc OpenIddict is used as the identity provider and an OpenID connect […]

Using a CSP nonce in Blazor Web

February 19, 2024 · by · in .NET Core, ASP.NET Core, javascript · 7 Comments

OLD, please refer to the blogs in the github repo. This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks and other such Javascript vulnerabilities. Code: https://github.com/damienbod/BlazorServerOidc Notes The code […]

Secure an ASP.NET Core Blazor Web app using Microsoft Entra ID

February 5, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID · 2 Comments

This article shows how to implement an ASP.NET Core Blazor Web application using Microsoft Entra ID for authentication. Microsoft.Identity.Web is used to implement the Microsoft Entra ID OpenID Connect client. Code: https://github.com/damienbod/Hostedblazor8MeID Note: I based this implementation on the example provided by Tomás López Rodríguez and adapted it. Setup The Blazor Web application is an […]

Securing a Blazor Server application using OpenID Connect and security headers

January 3, 2024 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2, Security · 2 Comments

This article shows how to secure a Blazor Server application. The application implements an OpenID Connect confidential client with PKCE using .NET 8 and configures the security headers as best possible for the Blazor Server application. OpenIddict is used to implement the identity provider and the OpenID Connect server. Code: https://github.com/damienbod/BlazorServerOidc OpenID Connect flow In […]

Blazor and CSP

May 22, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 6 Comments

This post looks at the a recent fix for Blazor which I think is of massive importance. You can now develop with Blazor in Visual Studio using a strong CSP. Code: https://github.com/damienbod/Hostedblazor8Aad History When developing applications, the development environment should be as close as possible to the target production deployment. As a rule, the more […]

A first look at Blazor and .NET 8

March 20, 2023 · by · in .NET, .NET Core, ASP.NET Core · 5 Comments

In this post, Blazor and .NET 8 is used to implement a simple website. I took a .NET 7 project, updated it to .NET 8 and tried out some of the new features in .NET 8. Code: https://github.com/damienbod/Hostedblazor8Aad Setup The project was setup using a .NET 7 project which implements an Azure AD authentication using […]

Force MFA in Blazor using Azure AD and Continuous Access

June 13, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, Uncategorized · 4 Comments

This article shows how to force MFA from your application using Azure AD and a continuous access auth context. When producing software which can be deployed to multiple tenants, instead of hoping IT admins configure this correctly in their tenants, you can now force this from the application. Many tenants do not force MFA. Code: […]

Implement Azure AD Continuous Access (CA) standalone with Blazor ASP.NET Core

May 30, 2022 · by · in .NET Core, ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID, Uncategorized · 1 Comment

This post shows how to force an Azure AD policy using Azure AD Continuous Access (CA) in an ASP.NET Core Blazor application. An authentication context is used to require MFA. The “acrs” claim in the id_token is used to validate whether or not an Azure AD CAE policy has been fulfilled. If the claim is […]

Older posts