Tag Archives: OpenId connect
Securing an ASP.NET Core MVC application which uses a secure API
The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]
Using the dotnet Angular template with Azure AD OIDC Implicit Flow
This article shows how to use Azure AD with an Angular application implemented using the Microsoft dotnet template and the angular-auth-oidc-client npm package to implement the OpenID Implicit Flow. The Angular app uses bootstrap 4 and Angular CLI. Code: https://github.com/damienbod/dotnet-template-angular History 2019-09-23 Updated to ASP.NET Core 3.0, OIDC 10.0.8 2018-07-13 Removed static calls to the […]
Creating specific themes for OIDC clients using razor views with IdentityServer4
This post shows how to use specific themes in an ASPNET Core STS application using IdentityServer4. For each OpenId Connect (OIDC) client, a separate theme is used. The theme is implemented using Razor, based on the examples, code from Ben Foster. Thanks for these. The themes can then be customized as required. Code: https://github.com/damienbod/AspNetCoreIdentityServer4Persistence Setup […]
Using an EF Core database for the IdentityServer4 configuration data
This article shows how to implement a database store for the IdentityServer4 configurations for the Client, ApiResource and IdentityResource settings using Entity Framework Core and SQLite. This could be used, if you need to create clients, or resources dynamically for the STS, or if you need to deploy the STS to multiple instances, for example […]
Sending Direct Messages using SignalR with ASP.NET Core and Angular
This article shows how SignalR could be used to send direct messages between different clients using ASP.NET Core to host the SignalR Hub and Angular to implement the clients. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity Posts in this series History 2023-01-08 Updated Angular 15, .NET 72021-01-25 Updated Angular 11.1.0 .NET 5, ngrx implementation2020-03-21 updated packages, fixed Admin UI STS2019-08-18 […]
Auto redirect to an STS server in an Angular app using oidc Implicit Flow
This article shows how to implement an auto redirect in an Angular application, if using the OIDC Implicit Flow with an STS server. When a user opens the application, it is sometimes required that the user is automatically redirected to the login page on the STS server. This can be tricky to implement, as you […]
Angular OIDC OAuth2 client with Google Identity Platform
This article shows how an Angular client could implement a login for a SPA application using Google Identity Platform OpenID. The Angular application uses the npm package angular-auth-oidc-client to implement the OpenID Connect Implicit Flow to connect with the google identity platform. Code: https://github.com/damienbod/angular-auth-oidc-sample-google-openid History 2020-05-03 Updated to OIDC lib version 11.0.0, Angular 9.1.4, ASP.NET […]
Implementing a silent token renew in Angular for the OpenID Connect Implicit flow
This article shows how to implement a silent token renew in Angular using IdentityServer4 as the security token service server. The SPA Angular client implements the OpenID Connect Implicit Flow ‘id_token token’. When the id_token expires, the client requests new tokens from the server, so that the user does not need to authorise again. Code: […]
ASP.NET Core IdentityServer4 Resource Owner Password Flow with custom UserRepository
This article shows how a custom user store or repository can be used in IdentityServer4. This can be used for an existing user management system which doesn’t use Identity or request user data from a custom source. The Resource Owner Flow using refresh tokens is used to access the protected data on the resource server. […]
Software Engineering 