Tag Archives: Security
Implementing User Management with ASP.NET Core Identity and custom claims
The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a successful login, and then an ASP.NET Core policy is used to authorize the identity. Code: https://github.com/damienbod/AspNetCoreAngularSignalRSecurity History 2023-01-07 Updated .NET 7, Angular […]
Disabling parts of ASP.NET Core Identity
This article shows how to disable parts of ASP.NET Core Identity in a Web Application. In the ASP.NET Core Identity, the Identiy UI is deployed as part of the NuGet package. So per default everything is enabled and you have to opt-out, unlike the older versions which was opt-in. If you are not careful, this […]
Adding Localization to the ASP.NET Core Identity Pages
The article shows how to localize the new Identity Pages in an ASP.NET Core application. The views, code from the pages, and models require localized strings and are read from global identity resource files. This makes it easy to add translations for further languages, and prevents duplication. Code: https://github.com/damienbod/AspNetCorePagesWebpack The application is setup using this […]
Updating ASP.NET Core Identity to use Bootstrap 4
This article shows how to update the default Identity Pages template to use Bootstrap 4. You need to scaffold the views into the project, and change the layouts and the views to use the new Bootstrap 4 classes and javascript. The base project is built using Webpack and npm. Bootstrap 4 is loaded from npm, […]
OAuth using OIDC Authentication with PKCE for a .NET Core Console Native Application
This article shows how to use a .NET Core console application securely with an API using the RFC 7636 specification. The app logs into IdentityServer4 using the OIDC authorization code flow with a PKCE (Proof Key for Code Exchange). The app can then use the access token to consume data from a secure API. This […]
Supporting both Local and Windows Authentication in ASP.NET Core MVC using IdentityServer4
This article shows how to setup an ASP.NET Core MVC application to support both users who can login in with a local login account, solution specific, or use a windows authentication login. The identity created from the windows authentication could then be allowed to do different tasks, for example administration, or a user from the […]
Comparing the HTTPS Security Headers of Swiss banks
This post compares the security HTTP Headers used by different banks in Switzerland. securityheaders.io is used to test each of the websites. The website of each bank as well as the e-banking login was tested. securityheaders.io views the headers like any browser. The tested security headers help protect against some of the possible attacks, especially […]
Securing an ASP.NET Core MVC application which uses a secure API
The article shows how an ASP.NET Core MVC application can implement security when using an API to retrieve data. The OpenID Connect Hybrid flow is used to secure the ASP.NET Core MVC application. The application uses tokens stored in a cookie. This cookie is not used to access the API. The API is protected using […]
Creating specific themes for OIDC clients using razor views with IdentityServer4
This post shows how to use specific themes in an ASPNET Core STS application using IdentityServer4. For each OpenId Connect (OIDC) client, a separate theme is used. The theme is implemented using Razor, based on the examples, code from Ben Foster. Thanks for these. The themes can then be customized as required. Code: https://github.com/damienbod/AspNetCoreIdentityServer4Persistence Setup […]
Software Engineering 