Tag Archives: OAuth2

Securing APIs using ASP.NET Core and OAuth 2.0 DPoP

August 14, 2023 · by · in .NET Core, ASP.NET Core, OAuth2 · 2 Comments

This article shows how an ASP.NET Core application can access an ASP.NET Core API using OAuth Demonstrating Proof-of-Possession (DPoP). This is a really powerful security enhancement which is relatively easy to support. The access tokens should only be used for what the access tokens are intended for. OAuth DPoP helps force this. This solution was […]

Use multiple identity providers from a Blazor WASM ASP.NET Core App secured using BFF

February 14, 2023 · by · in .NET, ASP.NET Core, dotnet, OAuth2, Security, Web · 7 Comments

This post shows how to implement a Blazor WASM UI hosted in an ASP.NET Core application using multiple identity providers to authenticate. Two confidential OpenID Connect code flow clients with PKCE are used to implement the Blazor authentication. The Blazor WASM and the ASP.NET Core application are a single security context. This is implemented using […]

Implementing secure Microsoft Graph application clients in ASP.NET Core

January 16, 2023 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure · 7 Comments

The article looks at the different way a Microsoft Graph application client can be implemented and secured in an ASP.NET Core application or a .NET application. This type of client is intended for applications or application logic where no user is involved. Code: https://github.com/damienbod/MicrosoftGraphAppToAppSecurity Accessing Microsoft Graph can be initialized for app-to-app (application permissions) security […]

Implement the OAUTH 2.0 Token Exchange delegated flow between an Microsoft Entra ID API and an API protected using OpenIddict

January 9, 2023 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 5 Comments

This article shows how to implement the OAUTH 2.0 Token Exchange RFC 8693 delegated flow between two APIs, one using Microsoft Entra ID to authorize the HTTP requests and a second API protected using OpenIddict. The Microsoft Entra ID protected API uses the OAUTH 2.0 Token Exchange RFC 8693 delegated flow to get a new […]

Azure AD Multi tenant Azure App registration consent

January 2, 2023 · by · in ASP.NET Core, Azure, Microsoft Entra External ID, Microsoft Entra ID · 3 Comments

This article looks at Azure Active directory and consent with multi-tenant Azure App registrations. Consent works different depending on the user type, the tenant policies and the required permissions. It is sometimes hard to understand why a user cannot login or where the consent has to be given for a specific Azure App registration which […]

Switch tenants in an ASP.NET Core app using Azure AD with multi tenants

October 31, 2022 · by · in .NET, .NET Core, App Service, ASP.NET Core, Azure, dotnet, Microsoft Entra ID, OAuth2 · 5 Comments

This article shows how to switch between tenants in an ASP.NET Core multi-tenant application using a multi-tenant Azure App registration to implement the identity provider. Azure roles are added to the Azure App registration and this can be used in the separate enterprise applications created from the multi-tenant Azure App registration to assign users and […]

Is scanning QR Codes for authentication safe?

October 17, 2022 · by · in OAuth2, Security, Self Sovereign Identity · 5 Comments

This article explains why cross device authentication has security issues as it is subject to phishing attacks unless further authentication is used in the client. Scanning QR Codes for authentication does not protect against phishing and leaves the users open to having their session stolen. Phishing There a many forms of phishing and this is […]

Implement the On Behalf Of flow between an Azure AD protected API and an API protected using OpenIddict

October 3, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, Microsoft Entra ID · 7 Comments

This article shows how to implement the On Behalf Of flow between two APIs, one using Azure AD to authorize the HTTP requests and a second API protected using OpenIddict. The Azure AD protected API uses the On Behalf Of flow (OBO) to get a new OpenIddict delegated access token using the AAD delegated access […]

ASP.NET Core Api Auth with multiple Identity Providers

September 19, 2022 · by · in .NET, .NET Core, ASP.NET Core, Azure, OAuth2, Security · 8 Comments

This article shows how an ASP.NET Core API can be secured using multiple access tokens from different identity providers. ASP.NET Core schemes and policies can be used to set this up. Code: https://github.com/damienbod/AspNetCoreApiAuthMultiIdentityProvider History 2023-04-29 Updated packages and revert to default JWT authorization packages due to errors on update. The ASP.NET Core API has a […]

Implement a GRPC API with OpenIddict and the OAuth client credentials flow

September 5, 2022 · by · in .NET, .NET Core, ASP.NET Core · 4 Comments

This post shows how to implement a GRPC service implemented in an ASP.NET Core kestrel hosted service. The GRPC service is protected using an access token. The client application uses the OAuth2 client credentials flow with introspection and the reference token is used to get access to the GRPC service. The GRPC API uses introspection […]

Older posts Newer posts