Collaborate Disseminate
We have an ASP.NET Core MVC web application that signs in users (assuming that this is the correct app type). It is pretty simple, users can sign-in via their Entra ID account. Within Entra ID they can be assigned app roles. Various contro… Continue reading Using ID token for role-base authorization in ASP.NET Core MVC
At Build 2024 today, Microsoft announced the release of .NET 9 Preview 4 and a sweeping set of updates and improvements across the stack.
The post Build 2024: .NET Announces Updates for AI, Web, Cloud-First, Cross-Platform, and More appeared first on T… Continue reading Build 2024: .NET Announces Updates for AI, Web, Cloud-First, Cross-Platform, and More
I’ve read a ton of articles that we need to write applications that are secure. That it’s critical to write defensively from the start and implement all best practice secure suggestions.
What I can’t find is the list of suggestions. I know… Continue reading What are the best practices to create a secure ASP.NET app?
I created a new ASP.NET Core 6.0 MVC web application, and I define it to use Azure AD for authentication, as follows:
Then I was asked to create an owned application, so I created one named "ad" as follows:
Inside my applicat… Continue reading Why the Active Directory App created using Visual Studio does not have any "Certificate & Secrets".. is this fine?
I am looking for a "best practises" approach for creating SPAs protected using OIDC + PKCE.
Most of our applications are hosted on two independent web servers with a load balancer routing requests to them in a round-robin configu… Continue reading Using `react-oidc-context` and storing the `access_token` and `refresh_token` together
I am having a stateful service which is using target framework as "netcoreapp3.1". And This service will be calling Some test projects and other dependencies. We need to add these projects and dependencies as reference. Most of t… Continue reading Feasible dotnet version [migrated]
I have an application connecting to any IDP using the OIDC Protocol. This application stores part of the user identity in it’s database. The problem I have is when the user gets disabled on the IDP the application still treats it’s record … Continue reading OpenId Connect: Is there a way to listen for user events from the IDP
Describe the bug
I am using Microsoft.AspNetCore.Authentication.OpenIdConnect middleware in my application for openidcocnnect protocol. When Client application get redirected two persistent cookies are created AspNetCore.OpenIdConnect.Nonc… Continue reading "AspNetCore.OpenIdConnect.Nonce" and "AspNetCore.Correlation" cookies should be Session cookies [closed]
Can the API keys somehow be accidentally exposed?
Are there any other dangers that this approach could entail?
There is a feature in the ASP.NET Core, that allows you to store sensitive configuration keys in the Azure Key Vault as Secrets.
However, I can’t see any attack scenario, in which this will help to protect my configuration values.
If my se… Continue reading Why I need to store my ASP.NET service configuration in Azure Key Vault