Tag Archives: .NET Core
Use EdDSA signatures to validate tokens in ASP.NET Core using OpenID Connect
Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]
ASP.NET Core delegated OAuth Token Exchange access token management
This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be implemented and how an application can request delegated access tokens on behalf of a user and another application, providing […]
Add a Swagger UI using a .NET 9 Json OpenAPI file
This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production target. Sometimes, it is required to deploy the Swagger UI to a development deployment target and not the test or […]
Creating and downloading a PDF or DOCX in ASP.NET Core
The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or whatever you require. Code: https://github.com/damienbod/AspNetCoreCreatePdf Why GemBox? There are many different tools to generate PDF all […]
BFF secured ASP.NET Core application using downstream API and an OAuth client credentials JWT
This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token which can only be accessed using an app-to-app access token. The access token is acquired using the OAuth2 client credentials flow and the API does […]
Securing a Blazor Server application using OpenID Connect and security headers
This article shows how to secure a Blazor Server application. The application implements an OpenID Connect confidential client with PKCE using .NET 8 and configures the security headers as best possible for the Blazor Server application. OpenIddict is used to implement the identity provider and the OpenID Connect server. Code: https://github.com/damienbod/BlazorServerOidc OpenID Connect flow In […]
Symmetric and Asymmetric Encryption in .NET Core
This post looks at symmetric and asymmetric encryption and how this could be implemented in .NET Core. Symmetric encryption is fast and can encrypt or decrypt large amounts of text, streams or files but requires a shared key. Asymmetric encryption can be used without shared a key, but can only encrypt or decrypt small texts […]
Securing Azure Functions using API Keys
This article shows how to secure Azure Functions using API Keys. This is useful, if you have no control over the API client implementation, the client code base cannot be easily changed or the client is not Azure hosted. This should only be used with trusted clients and is for machine to machine usage. Code: […]
Create, Build, Deploy and Configure an Azure Function with Azure DevOps and Azure CLI
This post shows how to create, build, deploy and configure an Azure Function using Azure DevOps, Azure CLI and Powershell. An Azure Function is created in Azure using Azure DevOps with Azure CLI and Powershell. The Azure Function (V3) project is created and built using Visual Studio and C#. This project is deployed to the […]
Publish Nuget packages in Azure DevOps Pipelines
In Azure DevOps, Pipelines can be used to build your solution, create a Nuget package and publish the Nuget package to the Nuget feed for further usage. This post shows how you can implement this and use the new Nuget package in Visual Studio. Setup Azure DevOps project and git Repository Open the required Azure […]
Software Engineering 