Tag Archives: .NET

ASP.NET Core delegated OAuth Token Exchange access token management

February 10, 2025 · by · in .NET Core, ASP.NET Core, OAuth2, Security · 3 Comments

This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be implemented and how an application can request delegated access tokens on behalf of a user and another application, providing […]

Multiple client sign-in customizations using Duende identity provider

February 3, 2025 · by · in Uncategorized · 2 Comments

This post looks at customizing the sign-in UI and the sign-in options in an ASP.NET Core application using Duende IdentityServer and ASP.NET Core Identity. There are multiple ways of changing the look and feel of the UI for different OpenID Connect clients or different client flows. Code: https://github.com/damienbod/duende-multi-tenant Blogs in the series Setup The solution […]

Using ASP.NET Core with Azure Key Vault

December 2, 2024 · by · in Uncategorized · 1 Comment

This article looks at setting up an ASP.NET Core application to use Azure Key Vault. When deployed to Azure, it works like in the Azure documentation but when working on development PCs, some changes are required for a smooth developer experience. Code: https://github.com/damienbod/UsingAzureKeyVaultInDevelopment I develop using Visual Studio and manage multiple accounts and test environments. […]

ASP.NET Core BFF using OpenID Connect and Vue.js

November 18, 2024 · by · in Uncategorized · 1 Comment

This article shows how to implement a secure web application using Vue.js and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both technical stacks as one web application. HTTP only secure cookies are used to persist the session. OpenIddict is used as the identity provider and the token […]

Implement security headers for an ASP.NET Core API supporting OpenAPI Swagger UI

October 21, 2024 · by · in .NET, .NET Core, ASP.NET Core, Security, Web · Leave a comment

This article shows how to implement security headers for an application supporting an API and a swagger UI created from a open API in .NET 9. The security headers are implemented using the NetEscapades.AspNetCore.SecurityHeaders Nuget packages from Andrew Lock. Code: https://github.com/damienbod/WebApiOpenApi Deploying a web application which supports both an API and a UI have different […]

Implement a Geo-distance search using .NET Aspire, Elasticsearch and ASP.NET Core

September 23, 2024 · by · in .NET, .NET Core, ASP.NET Core, Docker, Elasticsearch, MVC, Web · 1 Comment

This article shows how to implement a geo location search in an ASP.NET Core application using a LeafletJs map. The selected location can be used to find the nearest location with an Elasticsearch Geo-distance query. The Elasticsearch container and the ASP.NET Core UI application are setup for development using .NET Aspire. Code: https://github.com/damienbod/WebGeoElasticsearch Setup For […]

Using Elasticsearch with .NET Aspire

September 16, 2024 · by · in .NET Core, ASP.NET Core, Elasticsearch · 3 Comments

This post shows how to use Elasticsearch in .NET Aspire. Elasticsearch is setup to use HTTPS with the dotnet developer certificates and and simple client can be implemented to query the data. Code: https://github.com/damienbod/keycloak-backchannel Setup Two services are setup to run in .NET Aspire. The first service is the official Elasticsearch docker container and deployed […]

Implement ASP.NET Core OpenID Connect OAuth PAR client with Keycloak using .NET Aspire

September 2, 2024 · by · in .NET Core, ASP.NET Core, MVC, OAuth2, Security, Web · 1 Comment

This post shows how to implement an ASP.NET Core application which uses OpenID Connect and OAuth PAR for authentication. The client application uses Keycloak as the identity provider. The Keycloak application is hosted in a docker container. The applications are run locally using .NET Aspire. This makes it really easy to develop using containers. Code: […]

Add a Swagger UI using a .NET 9 Json OpenAPI file

August 12, 2024 · by · in .NET, ASP.NET Core, OAuth2, Security · 1 Comment

This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production target. Sometimes, it is required to deploy the Swagger UI to a development deployment target and not the test or […]

Creating hashes in .NET

July 1, 2024 · by · in .NET Core, ASP.NET Core · 3 Comments

This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases. When storing hashes in a database, extra care must be taken and the recommended approach from Microsoft should be used when […]

Older posts Newer posts