The article shows how to implement a secure model context protocol (MCP) server using OAuth and Entra ID. The MCP server is implemented using ASP.NET Core and uses Microsoft Entra ID to secure the …| Software Engineering
In this post I describe a small native AOT .NET tool that I built to force a Windows PC to go to sleep after a timer expires| Andrew Lock | .NET Escapades
.NET Full Framework updates on your server(s) become available as Windows Updates and can be pushed through centralized tools like Microsoft...| bartwullems.blogspot.com
In one of our applications we are connecting with LDAP through System.DirectoryServices.AccountManagement.. This code worked fine for years until we had to make the switch from LDAP to LDAPS and incorporate SSL in our connections. | The art of simplicity
Out of the box, you get 3 modes in VS Code as explained in the documentation: Chat mode Description ...| bartwullems.blogspot.com
Due to the licensing changes for AutoMapper, we decided to make the switch to Mapster. Although most changes where rather obvious and easy to achieve, there was one question we couldn’t answer immediatelly: | The art of simplicity
As I gladly accept any kind of performance improvement I can get in my applications, I like to use the System.Text.Json source generator to generate the serialization logic for my Data Transfer Objects. | The art of simplicity
As we see security as a top priority, for every new application that we put in production, we let it be penetration tested first. One remark we got with the last pen test was about the information our servers inadvertently revealed through HTTP response headers. Although I think it is not the biggest possible security issue, exposing details about their technology stack through headers like Server and X-Powered-By, gives some reconnaissance information to potential attackers for free. | The art of simplicity
In this post I walk through the process of solving a native library loading issue on alpine with an old .NET runtime, showing the steps we took and the solution| Andrew Lock | .NET Escapades
In this post I discuss the new TUnit testing framework, why I ported one of my libraries to use it instead of xUnit and related issues I had to deal with| Andrew Lock | .NET Escapades
Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]| Software Engineering
Last week I finally started my journey with Microsoft.Extensions.AI after having used only Semantic Kernel for all my agentic AI workflows...| bartwullems.blogspot.com
In this post I look at the updates to the source generator API in .NET 6, why the changes were made, and how to update your source generators to use them.| Andrew Lock | .NET Escapades
This post looks at implementing an OpenID Connect client in ASP.NET Core and require a level of authentication (LoA) implemented using Keycloak. The applications are hosted using Aspire. The LoA is…| Software Engineering
For the last 2 days I have been struggling with a breaking change I had in my ASP.NET Core web api that caused the consuming application to ...| bartwullems.blogspot.com
This post looks at an alternative way of implementing a native app authentication and authorization. At present, a web browser is used to implement authentication of native applications when using OAuth and OpenID Connect. The alternative approach implemented in the post is based on the OAuth 2.0 for First-Party Applications draft and adapted to be […]| Software Engineering
ASP.NET Core provides great extension points for handling OpenID Connect error events. This blog looks at implementing error handling in an ASP.NET Core application implemented using ASP.NET Core I…| Software Engineering
In this post I describe how I converted the deployment method of the mailing-list manager lismonk from a docker-compose.yml file to an Aspire app host project| Andrew Lock | .NET Escapades
This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende IdentityServer. The same scheme is used for all the external providers and mapped to the identity for the client UI and the application. Using OpenID […]| Software Engineering
This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorizat…| Software Engineering
In this post I use the new Microsoft's new .NET AI template to ingest the contents of a website and create a chatbot that can answer questions with citations| Andrew Lock | .NET Escapades
In this post I explore the new .NET AI Chat Web App template (currently in preview) and take a brief look at the implementation it provides| Andrew Lock | .NET Escapades
This blog implements client assertions using an OAuth client credential flow in ASP.NET Core. Client assertions provide a secure way for client authentication without sharing a secret, enhancing th…| Software Engineering
This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the diffe…| Software Engineering
This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The i…| Software Engineering
Client assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens (J…| Software Engineering
This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be impl…| Software Engineering
In this post I show how to emit your source generator output to disk, so you can include it in source control and code reviews.| Andrew Lock | .NET Escapades
This article looks at management application access tokens in an ASP.NET Core web application. Any application with or without a user can use application access tokens as long as the application ca…| Software Engineering
The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. …| Software Engineering
Revisiting an article about how I got triggered after somebody exclaimed that WCF had lower response times than ASP.NET Web API and ASP.NET Core MVC.| Erik Heemskerk
How does WCF, a 13-year-old mega-abstraction framework hold up against the modern, lean, ASP.NET Core? You’d be surprised.| Erik Heemskerk
Somebody published a new version of a NuGet package with a different assembly name. You’ll never guess what happens next.| Erik Heemskerk
MSBuild seems to have issues with transitive NuGet dependencies, but after a deep dive into the build logs, it turns out to be more subtle.| Erik Heemskerk
In this post I describe the experimental interceptor support in NetEscapades.EnumGenerators that replaces ToString() calls with ToStringFast() automatically| Andrew Lock | .NET Escapades
This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production targ…| Software Engineering
This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we us…| Software Engineering
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the u…| Software Engineering
In this post I describe some important things to think about when designing your incremental source generator, particularly the pitfalls to watch out for| Andrew Lock | .NET Escapades
Let’s see how it’s implemented. For why it is implemented, see Part I. The FxCop code analyzers get upset if I don’t declare this, which also impede me from using unsigned numeral…| x += x++
The main idea is to use [ETW events]( to detect when a GC occurs and to call an user provided delegate at that point. You can then do whatever you want in the delegate (i.e. shutdown the process, s…| x += x++
.NET 8 RC2 is now available with new NuGet package READMEs for .NET packages, simple CLI-based project evaluation for MSBuild, publishing containers to tar.gz archives, and Tensor Primitives for .NET.| .NET Blog
Technical blog of Microsoft certified developer James Hickey. Helping you reach the next step of your career as a software developer!| blog.jamesmichaelhickey.com
Technical blog of Microsoft certified developer James Hickey. Helping you reach the next step of your career as a software developer!| blog.jamesmichaelhickey.com
Technical blog of Microsoft certified developer James Hickey. Helping you reach the next step of your career as a software developer!| blog.jamesmichaelhickey.com
Technical blog of Microsoft certified developer James Hickey. Helping you reach the next step of your career as a software developer!| blog.jamesmichaelhickey.com
Technical blog of Microsoft certified developer James Hickey. Helping you reach the next step of your career as a software developer!| blog.jamesmichaelhickey.com
