Clik here to view.
Implementing a multi-tenant OIDC Azure AD external login for IdentityServer4
This article shows how to setup a multi-tenant Azure AD external login for IdentityServer4 which uses ASP.NET Core Identity. Code: IdentityServer4 app with Identity Setting up the Azure AD Application...
View ArticleClik here to view.
Implementing User Management with ASP.NET Core Identity and custom claims
The article shows how to implement user management for an ASP.NET Core application using ASP.NET Core Identity. The application uses custom claims, which need to be added to the user identity after a...
View ArticleClik here to view.
ASP.NET Core MVC Ajax Form requests using jquery-unobtrusive
This article shows how to send Ajax requests in an ASP.NET Core MVC application using jquery-unobtrusive. This can be tricky to setup, for example when using a list of data items with forms using the...
View ArticleClik here to view.
Using MVC ASP.NET Core APPs in a Host ASP.NET Core Application
This article shows how ASP.NET Core applications could be deployed inside a separate host ASP.NET Core MVC application. This could be useful if you have separate applications, services, or layouts but...
View ArticleClik here to view.
OpenID Connect back-channel logout using Azure Redis Cache and IdentityServer4
This article shows how to implement an OpenID Connect back-channel logout, which uses Azure Redis cache so that the session logout will work with multi instance deployments. Code:...
View ArticleClik here to view.
Using Azure Key Vault with ASP.NET Core and Azure App Services
This article shows how to use an Azure Key Vault with an ASP.NET Core application deployed as an Azure App Service. The Azure App Service can use the system assigned identity to access the Key Vault....
View ArticleClik here to view.
Deploying ASP.NET Core App Services using Azure Key Vault and Azure Resource...
This article shows how to create an Azure Resource Manager (ARM) template which uses an Azure Key Vault. The ARM template is used to deploy an ASP.NET Core application as an Azure App Service. By using...
View ArticleClik here to view.
Is a SPA less secure than a server rendered web application?
In this post, I try to explain some of the differences between a single page application and a server rendered application and why the application types have different threat models. What is an Single...
View ArticleClik here to view.
Using Azure Key Vault from a non-Azure App
In this article, I show how Azure Key Vault can be used with a non Azure application. An example of this, is a console application used for data migrations, or data seeding during release pipelines....
View ArticleClik here to view.
ASP.NET Core OAuth Device Flow Client with IdentityServer4
This article shows how to implement the OAuth 2.0 Device Flow for Browserless and Input Constrained Devices in an ASP.NET Core application. The tokens are then saved to a cookie for later usage....
View ArticleClik here to view.
Securing browser based Javascript, Typescript applications
This article should help you in choosing the right security for your browser based Javascript or Typescript applications. You should aim to secure the application as best as possible. The following...
View ArticleClik here to view.
Using Azure Service Bus Topics in ASP.NET Core
This article shows how to implement two ASP.NET Core API applications to communicate with each other using Azure Service Bus Topics. This post continues on from the last article, this time using topics...
View ArticleClik here to view.
Passing Javascript values to ASP.NET Core View components
In this post, I show how an ASP.NET Core MVC view can send a Javascript parameter value to an ASP.NET Core view component. Invoking a view component in the view using ‘@await Component.InvokeAsync’...
View ArticleUsing Azure Service Bus Topics Subscription Filters in ASP.NET Core
This article shows how to implement Azure Service Bus filters for topic subscriptions used in an ASP.NET Core API application. The application uses the Microsoft.Azure.ServiceBus NuGet package for all...
View ArticleUsing Entity Framework Core to process Azure Service Messages in ASP.NET Core
This article shows how to use Entity Framework Core together with an Azure Service Bus receiver in ASP.NET Core. This message handler is a singleton and so requires that an Entity Framework Core...
View ArticleClik here to view.
Handling Access Tokens for private APIs in ASP.NET Core
This article shows how to persist access tokens for a trusted ASP.NET Core application which needs to access secure APIs. These tokens which are persisted are not meant for public clients, but are used...
View ArticleClik here to view.
Certificate Authentication in ASP.NET Core 3.0
This article shows how Certificate Authentication can be implemented in ASP.NET Core 3.0. In this example, a shared self signed certificate is used to authenticate one application calling an API on a...
View ArticleClik here to view.
System Testing ASP.NET Core APIs using XUnit
This article shows how an ASP.NET Core API could be tested using system tests implemented using XUnit. The API is protected using JWT Bearer token authorization, and the API uses a secure token server...
View ArticleClik here to view.
An alternative way to build and bundle Javascript, CSS in ASP.NET Core MVC...
This article shows how Javascript packages, files, CSS files could be built and bundled in an ASP.NET Core MVC or Razor Page application. The Javascript packages are loaded using npm in which most...
View ArticleClik here to view.
ASP.NET Core Identity with Fido2 WebAuthn MFA
This article shows how Fido2 WebAuthn could be used as 2FA and integrated into an ASP.NET Core Identity application. The Fido2 WebAuthn is implemented using the fido2-net-lib Nuget package, and demo...
View Article