Clik here to view.
Implement security headers for an ASP.NET Core API supporting OpenAPI Swagger UI
This article shows how to implement security headers for an application supporting an API and a swagger UI created from a open API in .NET 9. The security headers are implemented using the...
View ArticleClik here to view.
Using Entra External ID with an Auth0 OpenID Connect identity provider
This post looks at implementing an Open ID Connect identity provider in Microsoft Entra External ID. Auth0 is used as the identity provider and an ASP.NET Core application is used to test the...
View ArticleClik here to view.
ASP.NET Core user delegated access token management
The article looks at managing user delegated access tokens for a downstream API in an ASP.NET Core web application. There are many ways of implementing this, all with advantages and disadvantages. The...
View ArticleClik here to view.
ASP.NET Core delegated OAuth Token Exchange access token management
This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be...
View ArticleClik here to view.
Customizing a single client sign-in using parameters in Duende IdentityServer
This post looks at customizing the sign-in UI and the sign-in options in an ASP.NET Core application using Duende IdentityServer and ASP.NET Core Identity. There are multiple ways of changing the look...
View ArticleClik here to view.
Use client assertions in OpenID Connect and ASP.NET Core
Client assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens...
View ArticleClik here to view.
Implement Phone verification, 2FA using ASP.NET Core Identity
This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The...
View ArticleClik here to view.
ASP.NET Core delegated Microsoft OBO access token management (Entra only)
This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the...
View ArticleClik here to view.
Implement client assertions with client credentials flow using OAuth DPoP
This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorization...
View ArticleClik here to view.
Using multiple external identity providers from ASP.NET Core Identity and...
This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende...
View Article