Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]| Software Engineering
This post shows how to issue and verify identities (verifiable credentials) using the Swiss Digital identity and trust infrastructure, (swiyu), ASP.NET Core and .NET Aspire. The swiyu infrastructur…| Software Engineering
In this post I describe how to configure the URLs your application binds to when using Kestrel or the WebListener HTTP servers| Andrew Lock | .NET Escapades
In this post I look at the passkey support added to ASP.NET Core Identity and the Blazor Web App template, explore how it works, and look at the implementation| Andrew Lock | .NET Escapades
In this post I investigate how to create a 'pooled' dependency injection scope that automatically pools services between multiple requests| Andrew Lock | .NET Escapades
In this post I describe the recent major changes to NetEscapades.AspNetCore.SecurityHeaders, a NuGet package for adding security headers to your apps.| Andrew Lock | .NET Escapades
In this post I describe how the Trusted Types Content-Security-Policy feature can protect you against cross-site-scripting attacks.| Andrew Lock | .NET Escapades
In this post I look at the updates to the source generator API in .NET 6, why the changes were made, and how to update your source generators to use them.| Andrew Lock | .NET Escapades
In this post I described how I tried (and failed) to add an interceptor for Enum.ToString(), due to a bug in the Roslyn compiler.| Andrew Lock | .NET Escapades
This post looks at implementing an OpenID Connect client in ASP.NET Core and require a level of authentication (LoA) implemented using Keycloak. The applications are hosted using Aspire. The LoA is…| Software Engineering
This post looks at an alternative way of implementing a native app authentication and authorization. At present, a web browser is used to implement authentication of native applications when using OAuth and OpenID Connect. The alternative approach implemented in the post is based on the OAuth 2.0 for First-Party Applications draft and adapted to be […]| Software Engineering
ASP.NET Core provides great extension points for handling OpenID Connect error events. This blog looks at implementing error handling in an ASP.NET Core application implemented using ASP.NET Core I…| Software Engineering
This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende IdentityServer. The same scheme is used for all the external providers and mapped to the identity for the client UI and the application. Using OpenID […]| Software Engineering
This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorizat…| Software Engineering
In this post I use the new Microsoft's new .NET AI template to ingest the contents of a website and create a chatbot that can answer questions with citations| Andrew Lock | .NET Escapades
In this post I describe 5 different ways to set which URLs your ASP.NET Core application listens on.| Andrew Lock | .NET Escapades
In this post I explore the new .NET AI Chat Web App template (currently in preview) and take a brief look at the implementation it provides| Andrew Lock | .NET Escapades
In this post I investigate some 'experimental' dependency injection scopes that provide additional features over Singleton, Scoped, and Transient| Andrew Lock | .NET Escapades
This blog implements client assertions using an OAuth client credential flow in ASP.NET Core. Client assertions provide a secure way for client authentication without sharing a secret, enhancing th…| Software Engineering
This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The i…| Software Engineering
Client assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens (J…| Software Engineering
This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be impl…| Software Engineering
This article looks at management application access tokens in an ASP.NET Core web application. Any application with or without a user can use application access tokens as long as the application ca…| Software Engineering
The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. …| Software Engineering
In this post, I focus on a middleware technique to add span links between request traces on ASP.NET Core during internal redirects on NET 9.| Steve Gordon - Code with Steve
In this post, I share how to enable testing GitHub webhooks locally using HTTPS with the self-signed ASP.NET Core developer certificate.| Steve Gordon - Code with Steve
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the last post, we looked at migrating our middleware, which we tackle in an as-needed basis. When a controller needs| Jimmy Bogard
This post shows how to implement a Swagger UI using a .NET 9 produced OpenAPI file. The Swagger UI is deployed to a secure or development environment and is not deployed to a public production targ…| Software Engineering
This post implements a basic ASP.NET Core API using .NET 9 and the Microsoft OpenAPI implementation. The OpenAPI Nuget package supports both Controller based APIs and minimal APIs. Until now, we us…| Software Engineering
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the last post, we looked at tackling probably the most important pieces of middleware - authentication. But many ASP.NET| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights Of all the topics in .NET migration, authentication, like always, is the one that is most characterized by "It Depends". The| Jimmy Bogard
In this post, I cover the steps required to create and sign a JSON Web Token, herein abbreviated as JWT, to authenticate a GitHub App built using .NET. I want to state clearly up front that I’m learning as I go while experimenting with a hobby project to develop a GitHub App. Some of the […] The post Authenticating a .NET GitHub App using a JSON Web Token (JWT) appeared first on Steve Gordon - Code with Steve. --- Authenticating a .NET GitHub App using a JSON Web Token (JWT) was first pos...| Steve Gordon – Code with Steve
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the u…| Software Engineering
In this post I show how to create an ASP.NET Core server that listens using Windows Named Pipes, and how to call the server using an HttpClient| Andrew Lock | .NET Escapades
In this post I describe 8 different ways to set which URLs your ASP.NET Core application listens on.| Andrew Lock | .NET Escapades
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the last post, we encountered our first instance of shared runtime data between our different ASP.NET 4.8 and| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights Believe it or not, things have been relatively simple so far. In the next few posts, we'll get to the more| Jimmy Bogard
In this post I describe the changes to .NET 8 docker files in .NET 8 including changes to images, new image types and changes to image tagging| Andrew Lock | .NET Escapades
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights Back when we looked at our first controller, we tried out the "automatic" migration and the controllers migrated just fine but| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the last post we moved just our initial controller over but none of the code used by the controller yet.| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the last post, we prepped for our first set of pages migrated by extracting common logic into a shared library.| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the previous post, we established a beachhead with a completely empty proxy application to prepare for migrating controllers incrementally all| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights In the previous post, we looked at techniques for determining the size and scope of our .NET migration effort, as well| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights When I talk with folks about modernization, inevitably the question comes up "OK but how much is it going to cost?| Jimmy Bogard
Posts in this series: * Intro * Cataloging * Empty Proxy * Shared Library * Our First Controller * Migrating Initial Business Logic * Our First Views * Session State * Hangfire * Authentication * Middleware * Turning Off the Lights Over the past year or so I've been part of a large-ish modernization effort, both migrating from .NET 4.8 to| Jimmy Bogard
In this post I look at the C#12 feature, interceptors. I show how and why they're useful, and how the ASP.NET Core minimal API source generator uses them| Andrew Lock | .NET Escapades
Writing line of business applications usually means creating a lot of forms for data entry. Writing the HTML for them over and over again is tedious and also means copy-pasting the layout structure into every single form. Copy-pasting works fine as long as we one is happy with the design, but when it needs to be altered (beyond what’s possible by CSS), all forms in the application need to change. To remedy this, I created a form-entry tag helper. Now creating an entry for a field in a form ...| Passion for Coding
In this post I take a look at the new minimal API source generator added in .NET 8 preview 3 to support AOT, and explore the code it generates.| Andrew Lock | .NET Escapades
In this post I introduce the new configuration binder source generator added in .NET 8 preview 3, explore how it works, and how to use it in your apps.| Andrew Lock | .NET Escapades
In this post I discuss the Ahead of Time (AOT) compilation coming in .NET 8, look at it's benefits and limitations, and look at the new AOT template| Andrew Lock | .NET Escapades