Tag Archives: OIDC

Angular SPA with an ASP.NET Core API using Azure AD Auth and user access tokens

This post shows how to authenticate an Angular SPA application using Azure AD and consume secure data from an ASP.NET Core API which is protected by Azure AD. Azure AD App registrations are used to configure and setup the authentication and authorization. The Angular application uses the OpenID Connect Code flow with PKCE and the […]

Login and use an ASP.NET Core API with Azure AD Auth and user access tokens

In this blog post, Azure AD will be setup and used to authenticate and authorize an ASP.NET core Razor Page application which uses an API from a separate ASP.NET Core MVC project. User access tokens are used to access to API, so that an email can be used in the API. The API is not […]

Securing an Angular application using Azure B2C

This article shows how to secure an Angular application using Azure B2C with OpenID Connect Code Flow and PKCE. The silent renew is supported using iframes. Code: Angular Azure B2C Setting up Azure B2C In the Azure portal, create a new App registration in your B2C tenant. Configure a mobile and desktop application and add […]

Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4

This post adds the custom ASP.NET Core Identity, IdentityServer4 logic to check for the “acr_values” and react if a client application requests MFA for authentication. The “acr_values” parameter is used to pass the mfa value from the client to the server in the authentication request. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID […]

Force ASP.NET Core OpenID Connect client to require MFA

This article shows how an ASP.NET Core Razor Page application which uses OpenID Connect to sign in, can require that users have authenticated using MFA (multi factor authentication). Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi Blogs in this series Force ASP.NET Core OpenID Connect client to require MFA Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity […]

User claims in ASP.NET Core using OpenID Connect Authentication

This article shows two possible ways of getting user claims in an ASP.NET Core application which uses an IdentityServer4 service. Both ways have advantages and require setting different code configurations in both applications. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi To use OpenID Connect in an ASP.NET Core application, the Microsoft.AspNetCore.Authentication.OpenIdConnect package can be used. This needs to be added […]

Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE

This article shows how to secure an ASP.NET Core Razor Page application using the Open ID Connect code flow with PKCE (Proof Key for Code Exchange). The secure token server is implemented using IdentityServer4 but any STS could be used which supports PKCE. Code: https://github.com/damienbod/AspNetCoreHybridFlowWithApi An ASP.NET Core 3.0 Razor Page application without identity was […]

Building and securing an ASP.NET Core API with a hosted Vue.js UI

This article shows how Vue.js can be used together with ASP.NET Core 3 in a single project. The Vue.js application is built using the Vue.js CLI and built to the wwwroot of the ASP.NET Core application. The ASP.NET Core application is used to implement the APIs consumed by the Vue.js UI. The application is secured […]

Securing browser based Javascript, Typescript applications

This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following diagram should help you in making your decision. Also for any of these flows, you should always use HTTPS. Appendix SPA: Single page application […]