Tag Archives: CSP

Blazor and CSP

May 22, 2023 · by · in .NET, ASP.NET Core, .NET Core, Azure, Azure AD · 5 Comments

This post looks at the a recent fix for Blazor which I think is of massive importance. You can now develop with Blazor in Visual Studio (Preview) using a strong CSP. Code: https://github.com/damienbod/Hostedblazor8Aad When developing applications, the development environment should be as close as possible to the target production deployment. As a rule, the more […]

Improving application security in an ASP.NET Core API using HTTP headers – Part 3

August 30, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 10 Comments

This article shows how to improve the security of an ASP.NET Core Web API application by adding security headers to all HTTP API responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authorization. The application uses Microsoft.Identity.Web to authorize the […]

Improving application security in Blazor using HTTP headers – Part 2

August 23, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 3 Comments

This article shows how to improve the security of an ASP.NET Core Blazor application by adding security headers to all HTTP Razor Page responses (Blazor WASM hosted in a ASP.NET Core hosted backend). The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not […]

Improving application security in ASP.NET Core Razor Pages using HTTP headers – Part 1

August 16, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security, Web · 7 Comments

This article shows how to improve the security of an ASP.NET Core Razor Page application by adding security headers to all HTTP Razor Page responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authentication. The application is authenticated using Open […]

Adding HTTP Headers to improve Security in an ASP.NET MVC Core application

February 8, 2018 · by · in .NET, .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 5 Comments

This article shows how to add headers in a HTTPS response for an ASP.NET Core MVC application. The HTTP headers help protect against some of the attacks which can be executed against a website. securityheaders.io is used to test and validate the HTTP headers as well as F12 in the browser. NWebSec is used to […]

Secure ASP.NET Core MVC with Angular using IdentityServer4 OpenID Connect Hybrid Flow

May 6, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, dotnet, MVC, OAuth2, Security, Typescript · 20 Comments

This article shows how an ASP.NET Core MVC application using Angular in the razor views can be secured using IdentityServer4 and the OpenID Connect Hybrid Flow. The user interface uses server side rendering for the MVC views and the Angular app is then implemented in the razor view. The required security features can be added […]