ASP.NET Core – Page 5 – WindowsTechs.com

Is it ok to write OidC Bearer token to log?

Posted on September 17, 2017 by Michael Freidgeim

During development we added to error logs details of http requests, including headers, to have better understanding for error investigation. Our architect pointed that we should not place sensitive information in logs. My question was shou… Continue reading Is it ok to write OidC Bearer token to log?→

ASP.NET – why default SecurityStamp validation interval is set to 30 minutes?

Posted on August 19, 2017 by PJDev

I’m currently studying authentication mechanisms in ASP.NET Core and came across SecurityStamp feature, which is known also from ASP.NET Standard. From what I understand from the answer here, this was added to perform sign ou… Continue reading ASP.NET – why default SecurityStamp validation interval is set to 30 minutes?→

.Net Core MVC Clickjacking attack

Posted on July 17, 2017 by Rithu Bimasha

How can we prevent a clickjacking attack using iframes etc. in .Net MVC core application?

Continue reading .Net Core MVC Clickjacking attack→

ASP.Net Core MVC preventing CSRF attack

Posted on July 12, 2017 by Stealth-prg

What are some specific ASP.Net configuration or development practices that help prevent CSRF( Cross Site Request Forgery ) attacks in a ASP.Net Core MVC application ?

Continue reading ASP.Net Core MVC preventing CSRF attack→

ASP.Net Core MVC Content Security Policy

Posted on July 12, 2017 by Stealth-prg

I am developing a MVC core web application and i am in the process of hardning the security of the application. My current question is , is it usefull to implement the CSP ( Content Security Policy ) in a web application ?

… Continue reading ASP.Net Core MVC Content Security Policy→

ASP NET Core Identity password reset form prompts for email address

Posted on May 23, 2017 by Steve S

I notice that the default ASP.NET Core Identity templates ask for email address after the reset email notification link has been followed (i.e. the “choose a new password” form in the ResetPassword.cshtml view).

Why would ha… Continue reading ASP NET Core Identity password reset form prompts for email address→

Secure authentication on SPA/Javascript application with “remember me” support

Posted on April 2, 2017 by Hasan Ayan

I have 3 website projects as follows;

identity.example.com (asp.netcore + IdentityServer4)
api.example.com (asp.netcore webapi)
www.example.com (asp.netcore + aurelia)

I am able to authenticate the user using SPA user-agent using impli… Continue reading Secure authentication on SPA/Javascript application with “remember me” support→

encrypted information that is not accessible to database administrators

Posted on January 31, 2017 by Sergio

I work with asp.net core 1 and I will introduce an encrypted storage of user data. These data must not be accessible to the database administrator but only for users with a passphrase.

I thought of using:

IdentityServer to… Continue reading encrypted information that is not accessible to database administrators→

Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program

Posted on September 2, 2016 by Tom Spring

Microsoft adds .NET Core and ASP.NET to its bug bounty program offering bug hunters payouts that range from $500 to $15,000. Continue reading Microsoft Adds .NET Core, ASP.NET to Bug Bounty Program→