How do you secure a Single-Page Application without storing tokens in the browser? The answer lies in the Backend-for-Frontend (BFF) pattern. This architectural approach shifts authentication complexity to the backend, keeping your frontend simple and secure. Let’s explore how it works and why it’s become the gold standard for SPA security. This is a big […]
BFF in ASP.NET Core #2 – The BFF Pattern Explained Read More »
This multi-part blog series will show you how to implement secure authentication for Single-Page Applications using the Backend-for-Frontend (BFF) pattern with ASP.NET Core. We’ll explore why handling OpenID Connect directly in SPAs creates security risks, then build a complete BFF implementation that eliminates browser token storage and follows OAuth 2.0 best practices. In short, it
Implementing BFF Pattern in ASP.NET Core for SPAs Read More »
In this blog post, you will learn how to deploy a test instance of KurrentDB to Azure and access it from a console application in .NET. Why did I write this blog post? While updating my DDD, CQRS, and Event Sourcing in .NET training course to the latest version of .NET and C#, I also
How to Use KurrentDB for Event Sourcing in C# on Azure Read More »
In my previous blog post, I explained what the Forwarded Headers Middleware does and why it matters. In this post, I will show you how to add it to your application, configure it, and point out a few common issues that can arise in configuring the forwarded headers middleware. In this blog post: Testing the
Configuring ASP.NET Core Forwarded Headers Middleware Read More »
Proxies are vital for load balancing and security, but they obscure the actual client IP, scheme, and domain, causing broken links, inaccurate logging, and other headaches. In this post, we’ll look at how ASP.NET Core’s Forwarded Headers Middleware restores these details so your services behave as though they’re directly on the public internet. What is
Exploring the Forwarded Headers Middleware in ASP.NET Core Read More »
In ASP.NET Core 9, a new feature called AdditionalAuthorizationParameters allows you to customize OAuth and OpenID Connect (OIDC) flows more quickly. This new feature allows developers to add custom authentication parameters without needing to rely on the complex workarounds that existed before ASP.NET Core 9 was released. Sounds familiar? Then you’re going to like this!
AdditionalAuthorizationParameters in ASP.NET Core 9 Read More »
In this final post in this series, we’ll now resolve logout challenges you might run into with IdentityServer, ensure proper sign-out redirects, and summarize the key takeaways from the series. Let’s complete the setup and finalize our IdentityServer configuration! This blog has been broken up into four separate posts: IdentityServer in Docker Containers: Adding Containers
IdentityServer In Docker Containers – Handle Logout (Part 4) Read More »
In this third part of the series, we tackle login issues in IdentityServer caused by cookie restrictions in HTTP and show how to resolve them by implementing HTTPS. We’ll guide you through securing communication between the host, client, and IdentityServer containers and configuring HTTPS in Docker to ensure everything runs smoothly. This blog has been
IdentityServer in Docker Containers: HTTPS and SameSite (Part 3) Read More »
This is part 2 of a blog series on containerizing a Duende IdentityServer and a client application. In this post, we resolve communication challenges that arise when these applications run in separate Docker containers. You’ll learn how to fix back-channel issues, handle localhost conflicts, and establish proper networking between the client and IdentityServer. This blog
IdentityServer in Docker Containers: Networking (Part 2) Read More »
Getting Duende IdentityServer and a client application up and running in separate containers can be challenging. This blog post will provide a step-by-step guide for a smooth setup and show you how to resolve common challenges along the way. We will also learn about security, cookies, ports, containers, and certificates. This is a big topic,