Tag Archives: XSS

Using a CSP nonce in Blazor Web

February 19, 2024 · by · in .NET Core, ASP.NET Core, javascript · 7 Comments

OLD, please refer to the blogs in the github repo. This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks and other such Javascript vulnerabilities. Code: https://github.com/damienbod/BlazorServerOidc Notes The code […]

Using a strong nonce based CSP with Angular

November 6, 2023 · by · in angular, javascript · 4 Comments

This article shows how to use a strong nonce based CSP with Angular for scripts and styles. When using a nonce, the overall security can be increased and it is harder to do XSS attacks or other type of attacks in the web UI. A separate solution is required for development and production deployments. Code: […]

Improving application security in an ASP.NET Core API using HTTP headers – Part 3

August 30, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 11 Comments

This article shows how to improve the security of an ASP.NET Core Web API application by adding security headers to all HTTP API responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authorization. The application uses Microsoft.Identity.Web to authorize the […]

Improving application security in Blazor using HTTP headers – Part 2

August 23, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security · 3 Comments

This article shows how to improve the security of an ASP.NET Core Blazor application by adding security headers to all HTTP Razor Page responses (Blazor WASM hosted in a ASP.NET Core hosted backend). The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not […]

Improving application security in ASP.NET Core Razor Pages using HTTP headers – Part 1

August 16, 2021 · by · in .NET, .NET Core, ASP.NET Core, Security, Web · 9 Comments

This article shows how to improve the security of an ASP.NET Core Razor Page application by adding security headers to all HTTP Razor Page responses. The security headers are added using the NetEscapades.AspNetCore.SecurityHeaders Nuget package from Andrew Lock. The headers are used to protect the session, not for authentication. The application is authenticated using Open […]

Secure ASP.NET Core MVC with Angular using IdentityServer4 OpenID Connect Hybrid Flow

May 6, 2017 · by · in .NET, .NET Core, angular, ASP.NET Core, ASPNET5, dotnet, MVC, OAuth2, Security, Typescript · 20 Comments

This article shows how an ASP.NET Core MVC application using Angular in the razor views can be secured using IdentityServer4 and the OpenID Connect Hybrid Flow. The user interface uses server side rendering for the MVC views and the Angular app is then implemented in the razor view. The required security features can be added […]