Tag Archives: dotnet

Sharing Microsoft Graph permissions and solution Azure App Registrations

This article looks at using Microsoft Graph permissions in Azure App registrations and whether you should use Graph in specific Azure App registrations types and if it is ok to expose these with other scopes and roles. Is it ok to expose Graph permissions in public Azure App registrations? Using Graph with public applications As […]

Switch tenants in an ASP.NET Core app using Azure AD with multi tenants

This article shows how to switch between tenants in an ASP.NET Core multi-tenant application using a multi-tenant Azure App registration to implement the identity provider. Azure roles are added to the Azure App registration and this can be used in the separate enterprise applications created from the multi-tenant Azure App registration to assign users and […]

Implement the On Behalf Of flow between an Azure AD protected API and an API protected using OpenIddict

This article shows how to implement the On Behalf Of flow between two APIs, one using Azure AD to authorize the HTTP requests and a second API protected using OpenIddict. The Azure AD protected API uses the On Behalf Of flow (OBO) to get a new OpenIddict delegated access token using the AAD delegated access […]

ASP.NET Core Api Auth with multiple Identity Providers

This article shows how an ASP.NET Core API can be secured using multiple access tokens from different identity providers. ASP.NET Core schemes and policies can be used to set this up. Code: https://github.com/damienbod/AspNetCoreApiAuthMultiIdentityProvider The ASP.NET Core API has a single API and needs to accept access tokens from three different identity providers. Auth0, OpenIddict and […]

Implement a GRPC API with OpenIddict and the OAuth client credentials flow

This post shows how to implement a GRPC service implemented in an ASP.NET Core kestrel hosted service. The GRPC service is protected using an access token. The client application uses the OAuth2 client credentials flow with introspection and the reference token is used to get access to the GRPC service. The GRPC API uses introspection […]

Creating dotnet solution and project templates

This article should how to create and deploy dotnet templates which can be used from the dotnet CLI or from Visual Studio. Code: https://github.com/damienbod/Blazor.BFF.OpenIDConnect.Template Folder Structure The template folder structure is important when creating dotnet templates. The .template.config must be created inside the content folder. This folder has a template.json file and an icon.png image […]

Onboarding new users in an ASP.NET Core application using Azure B2C

This article shows how to onboard new users into your ASP.NET Core application using Azure B2C as the identity provider and the account management. The software has application specific persisted user data and this user data needs to be connected to the identity data from the corresponding user in Azure B2C. Code https://github.com/damienbod/azureb2c-fed-azuread User Case […]

Secure a Blazor WASM ASP.NET Core hosted APP using BFF and OpenIddict

This article shows how to implement authentication and secure a Blazor WASM application hosted in ASP.NET Core using the backend for frontend (BFF) security architecture to authenticate. All security is implemented in the backend and the Blazor WASM is a view of the ASP.NET Core application, no security is implemented in the public client. The […]

Using ASP.NET Core Controllers and Razor Pages from a separate shared project or assembly

This post shows how to use shared projects or shared assemblies for ASP.NET Core API Controllers or ASP.NET Core Razor Pages. Sometimes shared logic for different ASP.NET Web API or Web App projects can be implemented in a shared project. The shared project controllers, Razor Pages, services can be referenced and used in the host […]

Securing an ASP.NET Core API which uses multiple access tokens

This post shows how an ASP.NET Core API can authorize API calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. The access tokens are validated using JWT Bearer authentication as well as an authorization policy which […]