Clik here to view.
Using Blob storage from ASP.NET Core with Entra ID authentication
This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to...
View ArticleClik here to view.
Using a CSP nonce in Blazor Web
This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks...
View ArticleClik here to view.
Delegated read and application write access to blob storage using ASP.NET...
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the user...
View ArticleClik here to view.
Multi client blob storage access using ASP.NET Core with Entra ID...
This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied...
View ArticleClik here to view.
Create conditional access base policies for a Microsoft Entra ID tenant
This article shows some of the base conditional access policies which can be implemented for all Microsoft Entra ID tenants. Phishing resistant authentication should be required for all administration...
View ArticleClik here to view.
BFF secured ASP.NET Core application using downstream API and an OAuth client...
This article shows how to implement a web application using backend for frontend security architecture for authentication and consumes data from a downstream API protected using a JWT access token...
View ArticleClik here to view.
Implement a secure Blazor Web application using OpenID Connect and security...
This article shows how to implement a secure .NET 8 Blazor Web application using OpenID Connect and security headers with CSP nonces. The NetEscapades.AspNetCore.SecurityHeaders nuget package is used...
View ArticleClik here to view.
Using SonarCloud with ASP.NET Core, Angular and github actions
This article demonstrates how to implement code analysis and Static Application Security Testing (SAST) using SonarCloud and GitHub Actions. The solution involves building a secure web application...
View ArticleClik here to view.
Implement a Microsoft Entra ID external authentication method using ASP.NET...
The article shows how to implement a Microsoft Entra ID external authentication method (EAM) using ASP.NET Core, OpenIddict and FIDO2/passkeys. The application using ASP.NET Core Identity to manage...
View ArticleClik here to view.
Creating and downloading a PDF or DOCX in ASP.NET Core
The post shows how a PDF can be created from data in an ASP.NET Core backend and downloaded using an API. The data could be loaded from different locations and exported then as a PDF or a docx or...
View ArticleSonar Webinar, end to end security of a web application
I did a Webinar on application security with Denis Troller and Sonar. I would like to thank Sonar for this opportunity, I really enjoyed it and found doing this together with you really professional,...
View ArticleClik here to view.
Creating hashes in .NET
This article looks at different ways to create hashes in .NET Core. Hashes are useful for one way encryption which can be used for password storage, JWT validation and some other security use cases....
View ArticleClik here to view.
Implementing an ASP.NET Core API with .NET 9 and OpenAPI
This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we used...
View ArticleClik here to view.
Add a Swagger UI using a .NET 9 Json OpenAPI file
This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production target....
View ArticleClik here to view.
Implement ASP.NET Core OpenID Connect OAuth PAR client with Keycloak using...
This post shows how to implement an ASP.NET Core application which uses OpenID Connect and OAuth PAR for authentication. The client application uses Keycloak as the identity provider. The Keycloak...
View ArticleClik here to view.
Implement OpenID Connect Back-Channel Logout using ASP.NET Core, Keycloak and...
This post shows how to implement an OpenID Connect back-channel logout using Keycloak, ASP.NET Core and .NET Aspire. The Keycloak and the Redis cache are run as containers using .NET Aspire. Two...
View ArticleClik here to view.
Using Elasticsearch with .NET Aspire
This post shows how to use Elasticsearch in .NET Aspire. Elasticsearch is setup to use HTTPS with the dotnet developer certificates and and simple client can be implemented to query the data. Code:...
View ArticleClik here to view.
Implement a Geo-distance search using .NET Aspire, Elasticsearch and ASP.NET...
This article shows how to implement a geo location search in an ASP.NET Core application using a LeafletJs map. The selected location can be used to find the nearest location with an Elasticsearch...
View ArticleClik here to view.
Microsoft Entra ID App-to-App security architecture
This article looks at the different setups when using App-to-App security with Microsoft Entra ID (OAuth client credentials). Microsoft Entra App registrations are used to configure the OAuth clients...
View ArticleClik here to view.
Implement security headers for an ASP.NET Core API supporting OpenAPI Swagger UI
This article shows how to implement security headers for an application supporting an API and a swagger UI created from a open API in .NET 9. The security headers are implemented using the...
View Article