Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC
Damienbod Software Engineering
by damienbod
3w ago
This article shows how to onboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles. Each user in a client group can only access a single blob storage and has no access to blob containers belonging to different clients. Microsoft Entra ID is used to implement the blob storage access. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Using Blob storage from ASP.NET Core with Entra ID authentication Delegated read and application write acc ..read more
Visit website
Delegated read and application write access to blob storage using ASP.NET Core with Entra ID authentication
Damienbod Software Engineering
by damienbod
1M ago
This article shows how an ASP.NET Core application can control the write access to an Azure blob storage container using an application app registration. Microsoft Entra ID is used to control the user access and to implement the authentication of the web application. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Blogs in this series Using Blob storage from ASP.NET Core with Entra ID authentication Delegated read and application write access to blob storage using ASP.NET Core with Entra ID authentication Multi client blob storage access using ASP.NET Core with Entra ID authen ..read more
Visit website
Using a CSP nonce in Blazor Web
Damienbod Software Engineering
by damienbod
1M ago
This article shows how to use a CSP nonce in a Blazor Web application using the InteractiveServer server render mode. Using a CSP nonce is a great way to protect web applications against XSS attacks and other such Javascript vulnerabilities. Code: https://github.com/damienbod/BlazorServerOidc Notes The code in this example was built using the example provided by Javier Calvarro Nelson. https://github.com/javiercn/BlazorWebNonceService Services and middleware The Blazor Web application is implemented using the AddInteractiveServerComponents for the InteractiveServer server render mode. The nonc ..read more
Visit website
Using Blob storage from ASP.NET Core with Entra ID authentication
Damienbod Software Engineering
by damienbod
1M ago
This article shows how to implement a secure upload and a secure download in ASP.NET Core using Azure blob storage. The application uses Microsoft Entra ID for authentication and also for access to the Azure Blob storage container. Code: https://github.com/damienbod/AspNetCoreEntraIdBlobStorage Security architecture The application is setup to store the file uploads to an Azure Blob storage container. The authentication uses delegated only flows. A user can authenticate into the application using Microsoft Entra ID. The Azure App registration defines App roles to use for access authorization ..read more
Visit website
Secure an ASP.NET Core Blazor Web app using Microsoft Entra ID
Damienbod Software Engineering
by damienbod
1M ago
This article shows how to implement an ASP.NET Core Blazor Web application using Microsoft Entra ID for authentication. Microsoft.Identity.Web is used to implement the Microsoft Entra ID OpenID Connect client. Code: https://github.com/damienbod/Hostedblazor8MeID Note: I based this implementation on the example provided by Tomás López Rodríguez and adapted it. Setup The Blazor Web application is an OpenID Connect confidential client (code flow, PKCE) which uses Microsoft Entra ID for authentication. An Azure App registration (Web configuration) is used to create the client and only delegated s ..read more
Visit website
Migrate ASP.NET Core Blazor Server to Blazor Web
Damienbod Software Engineering
by damienbod
2M ago
This article shows how to migrate a Blazor server application to a Blazor Web application. The migration used the ASP.NET Core migration documentation, but this was not complete and a few extra steps were required. The starting point was a Blazor Server application secured using OpenID Connect for authentication. The target system is a Blazor Web application using the “InteractiveServer” rendermode. Note The result of this project is not ready to use in production as it was not possible to migrate the security headers fully and I am not sure if the state management works correctly. I would hol ..read more
Visit website
Securing a Blazor Server application using OpenID Connect and security headers
Damienbod Software Engineering
by damienbod
3M ago
This article shows how to secure a Blazor Server application. The application implements an OpenID Connect confidential client with PKCE using .NET 8 and configures the security headers as best possible for the Blazor Server application. OpenIddict is used to implement the identity provider and the OpenID Connect server. Code: https://github.com/damienbod/BlazorServerOidc OpenID Connect flow In the first step, the authentication can be solved using OpenID Connect. With this, the process of user authentication is removed from the client application and delegated to an identity provider. In this ..read more
Visit website
Securing a MudBlazor UI web application using security headers and Microsoft Entra ID
Damienbod Software Engineering
by damienbod
3M ago
This article shows how a Blazor application can be implemented in a secure way using MudBlazor UI components and Microsoft Entra ID as an identity provider. The MudBlazor UI components adds some inline styles and requires a specific CSP setup due to this and the Blazor WASM script requirements. Code: https://github.com/damienbod/MicrosoftEntraIDMudBlazor Setup The application is setup using a Blazor WASM UI hosted in an ASP.NET Core application. The MudBlazor Nuget package was added to client project. Some MudBlazor components were added to the UI using MudBlazor documentation. Security Header ..read more
Visit website
Improve ASP.NET Core authentication using OAuth PAR and OpenID Connect
Damienbod Software Engineering
by damienbod
4M ago
This article shows how an ASP.NET Core application can be authenticated using OpenID Connect and OAuth 2.0 Pushed Authorization Requests (PAR) RFC 9126. The OpenID Connect server is implemented using Duende IdentityServer. The Razor Page ASP.NET Core application authenticates using an OpenID Connect confidential client with PKCE and using the OAuth PAR extension. Code: https://github.com/damienbod/oidc-par-aspnetcore-duende Note: The code in this example was created using the Duende example found here: https://github.com/DuendeSoftware/IdentityServer By using Pushed Authorization Requests (PA ..read more
Visit website
Authentication with multiple identity providers in ASP.NET Core
Damienbod Software Engineering
by damienbod
4M ago
This article shows how to implement authentication in ASP.NET Core using multiple identity providers or secure token servers. When using multiple identity providers, the authentication flows need to be separated per scheme for the sign-in flow and the sign-out flow. The claims are different and would require mapping logic depending on the authorization logic of the application. Code: https://github.com/damienbod/MulitipleClientClaimsMapping Setup OpenID Connect is used for the authentication and the session is stored in a cookie. A confidential client using OpenID Connect code flow with PKCE i ..read more
Visit website

Follow Damienbod Software Engineering on FeedSpot

Continue with Google
Continue with Apple
OR