Tag Archives: Identity

Implementing Level of Identification (LoI) with ASP.NET Core Identity and Duende

January 18, 2026 · by · in .NET Core, ASP.NET Core, dotnet, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 5 Comments

This article explores how to implement Level of Identification (LOI) in an ASP.NET Core application. The solution uses Duende IdentityServer as the OpenID Connect provider and ASP.NET Core Identity for user management. Identity verification is performed using the Swiyu Public Beta infrastructure. Any OpenID Connect client can consume the loi claim together with the loa […]

Implementing Level of Authentication (LoA) with ASP.NET Core Identity and Duende

January 12, 2026 · by · in .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 5 Comments

This post shows how to implement an application which requires a user to authenticate using passkeys. The identity provider returns three claims to prove the authentication level (loa), the identity level, (loi) and the amr claim showing the used authentication method. Code: https://github.com/swiss-ssi-group/swiyu-passkeys-idp-loi-loa Blogs in this series: The amr claim and the loa claim returns […]

Digital Authentication and Identity validation

December 20, 2025 · by · in e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 4 Comments

This post looks at authentication and identity validation and describes what should be validated and some of the concepts. With the increasing push to move processes to a digital world and the new threat models, authentication and identity validation MUST be implemented in a professional way. Using standards like OpenID Connect, OAuth and OpenID VCs […]

Implement forgot your password using swiyu, ASP.NET Core Identity and Aspire

November 17, 2025 · by · in .NET Core, ASP.NET Core, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 4 Comments

This post show to implement a “Forgot your password” flow using the Swiss Digital identity and trust infrastructure, (swiyu) in an ASP.NET Core web application using ASP.NET Core Identity and Duende IdentityServer. The generic containers from swiyu are used to integrate the Swiss E-ID and the OpenID for Verifiable Presentations standards. .NET Aspire is used […]

Implement MFA using swiyu, the Swiss E-ID with Duende IdentityServer, ASP.NET Core Identity and .NET Aspire

November 10, 2025 · by · in .NET Core, ASP.NET Core, e-id, OAuth2, OpenId, Security, Self Sovereign Identity · 4 Comments

The post shows how to use the Swiss Digital identity and trust infrastructure, (swiyu) as an MFA method in an ASP.NET Core web application using ASP.NET Core Identity and Duende IdentityServer. The generic containers from swiyu are used to integrate the Swiss E-ID and the OpenID for Verifiable Presentations standards. Code: https://github.com/swiss-ssi-group/swiyu-idp-mfa-aspire-aspnetcore Blogs in this […]

Use swiyu, the Swiss E-ID to authenticate users with Duende and .NET Aspire

October 27, 2025 · by · in .NET, .NET Core, ASP.NET Core, aspire, e-id, OAuth2, OpenId, Security, Self Sovereign Identity, Uncategorized · 3 Comments

This post shows how to authenticate users using Duende IdentityServer and ASP.NET Core Identity which verifies identities (verifiable digital credentials) using the Swiss Digital identity and trust infrastructure (swiyu). The swiyu infrastructure is implemented using the provided generic containers which implement the OpenID for Verifiable Presentations standards as well as many other standards for implementing […]

Implement ASP.NET Core OpenID Connect with Keycloak to implement Level of Authentication (LoA) requirements

July 2, 2025 · by · in .NET, .NET Core, ASP.NET Core, OAuth2, Security · 7 Comments

This post looks at implementing an OpenID Connect client in ASP.NET Core and require a level of authentication (LoA) implemented using Keycloak. The applications are hosted using Aspire. The LoA is requested in Keycloak using the acr_values claim. Code: https://github.com/damienbod/IdentityExternalErrorHandling Setup The applications are implemented using Aspire. An ASP.NET Core application uses an OpenID Connect […]

Using multiple external identity providers from ASP.NET Core Identity and Duende IdentityServer

May 19, 2025 · by · in .NET Core, ASP.NET Core · 1 Comment

This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende IdentityServer. The same scheme is used for all the external providers and mapped to the identity for the client UI and the application. Using OpenID […]

Implement Phone verification, 2FA using ASP.NET Core Identity

March 3, 2025 · by · in .NET, .NET Core, ASP.NET Core · 2 Comments

This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The implementation uses ASP.NET Core Identity’s extensibility to incorporate SMS-based verification during user registration and login processes. SMS is no longer a recommended authentication method due to security risks but […]

Implement a Microsoft Entra ID external authentication method using ASP.NET Core and OpenIddict

May 27, 2024 · by · in ASP.NET Core, Azure, dotnet, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage the accounts and the passkeys. Code: https://github.com/damienbod/MfaServer The following flow diagram from the Microsoft docs explains how EAM works. Refer to the documentation for a full explanation. […]

Older posts