Collaborate Disseminate
I’ve read a ton of articles that we need to write applications that are secure. That it’s critical to write defensively from the start and implement all best practice secure suggestions.
What I can’t find is the list of suggestions. I know… Continue reading What are the best practices to create a secure ASP.NET app?
I created a new ASP.NET Core 6.0 MVC web application, and I define it to use Azure AD for authentication, as follows:
Then I was asked to create an owned application, so I created one named "ad" as follows:
Inside my applicat… Continue reading Why the Active Directory App created using Visual Studio does not have any "Certificate & Secrets".. is this fine?
I am looking for a "best practises" approach for creating SPAs protected using OIDC + PKCE.
Most of our applications are hosted on two independent web servers with a load balancer routing requests to them in a round-robin configu… Continue reading Using `react-oidc-context` and storing the `access_token` and `refresh_token` together
I am having a stateful service which is using target framework as "netcoreapp3.1". And This service will be calling Some test projects and other dependencies. We need to add these projects and dependencies as reference. Most of t… Continue reading Feasible dotnet version [migrated]
I have an application connecting to any IDP using the OIDC Protocol. This application stores part of the user identity in it’s database. The problem I have is when the user gets disabled on the IDP the application still treats it’s record … Continue reading OpenId Connect: Is there a way to listen for user events from the IDP
Describe the bug
I am using Microsoft.AspNetCore.Authentication.OpenIdConnect middleware in my application for openidcocnnect protocol. When Client application get redirected two persistent cookies are created AspNetCore.OpenIdConnect.Nonc… Continue reading "AspNetCore.OpenIdConnect.Nonce" and "AspNetCore.Correlation" cookies should be Session cookies [closed]
Can the API keys somehow be accidentally exposed?
Are there any other dangers that this approach could entail?
There is a feature in the ASP.NET Core, that allows you to store sensitive configuration keys in the Azure Key Vault as Secrets.
However, I can’t see any attack scenario, in which this will help to protect my configuration values.
If my se… Continue reading Why I need to store my ASP.NET service configuration in Azure Key Vault
Are files put into the Pages/Shared folder public to the whole WWW if the website is hosted publicly? I am asking since I want to implement a partial view load thru a controller and want to know whether it’s secure.
I am using ASP.NET Core… Continue reading ASP.NET Core – are files put in the Shared folder under Pages (where the Razor pages reside) publicly accessible?
I am using https for my website. i am not getting clear idea about how https internally works and how it makes our website more secure.
if the headers or data is encrypted as mentioned here SO then it can be allow for decode or not.
My Qu… Continue reading client-server data sharing is not encrypted in https [duplicate]