Tag Archives: dotnet

Creating hashes in .NET

July 1, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases. When storing hashes in a database, extra care must be taken and the recommended approach from Microsoft should be used when […]

Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict

May 27, 2024 · by · in ASP.NET Core, Azure, dotnet, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage the accounts and the passkeys. Code: https://github.com/damienbod/MfaServer The following flow diagram from the Microsoft docs explains how EAM works. Refer to the documentation for a full explanation. […]

Using SonarCloud with ASP.NET Core, Angular and github actions

May 13, 2024 · by · in angular, ASP.NET Core, dotnet, javascript, Microsoft Entra ID, Typescript, Web · 2 Comments

This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application with ASP.NET Core for the backend and an Angular UI for the frontend, following a backend-for-frontend security architecture. Both the ASP.NET Core (C#) codebase and the Angular (TypeScript […]

Using a CSP nonce in Blazor Web

February 19, 2024 · by · in .NET Core, ASP.NET Core, javascript · 7 Comments

OLD, please refer to the blogs in the github repo. This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks and other such Javascript vulnerabilities. Code: https://github.com/damienbod/BlazorServerOidc Notes The code […]

Using Blob storage from ASP.NET Core with Entra ID authentication

February 12, 2024 · by · in .NET Core, App Service, ASP.NET Core, Azure, Microsoft Entra ID · 4 Comments

This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Security architecture The application is setup to store the file uploads […]

Secure an ASP.NET Core Blazor Web app using Microsoft Entra ID

February 5, 2024 · by · in .NET Core, ASP.NET Core, Microsoft Entra External ID, Microsoft Entra ID · 2 Comments

This article shows how to implement an ASP.NET Core Blazor Web application using Microsoft Entra ID for authentication. Microsoft.Identity.Web is used to implement the Microsoft Entra ID OpenID Connect client. Code: https://github.com/damienbod/Hostedblazor8MeID Note: I based this implementation on the example provided by Tomás López Rodríguez and adapted it. Setup The Blazor Web application is an […]

Migrate ASP.NET Core Blazor Server to Blazor Web

January 15, 2024 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This article shows how to migrate a Blazor server application to a Blazor Web application. The migration used the ASP.NET Core migration documentation, but this was not complete and a few extra steps were required. The starting point was a Blazor Server application secured using OpenID Connect for authentication. The target system is a Blazor […]

Authentication with multiple identity providers in ASP.NET Core

November 13, 2023 · by · in .NET Core, ASP.NET Core, dotnet, OAuth2 · 2 Comments

This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need to be separated per scheme for the sign-in flow and the sign-out flow. The claims are different and would require mapping logic depending on the authorization logic of […]

Secure Angular application using OpenIddict and ASP.NET Core with BFF

September 25, 2023 · by · in .NET Core, ASP.NET Core, OAuth2 · 11 Comments

The article shows how an Angular nx Standalone UI hosted in an ASP.NET Core application can be secured using cookies. OpenIddict is used as the identity provider. The trusted application is protected using the Open ID Connect code flow with a secret and using PKCE. The API calls are protected using the secure cookie and anti-forgery […]

ASP.NET Core Logging using Serilog and Azure

August 21, 2023 · by · in .NET Core, App Service, ASP.NET Core, Azure · 10 Comments

This article shows how to implement logging in an ASP.NET Core application using Serilog and Azure as a hosting environment. Code: https://github.com/damienbod/aspnetcore-azure-logging History Priority logging use cases Two types of default logging use cases need to be supported in most software solutions. The application requires near real time logs which can be easily viewed and […]

Older posts Newer posts