Nobody wants to sign in every hour. Yet that’s exactly what happens when access tokens expire in applications without proper token management. The good news? We can fix this by implementing automatic token renewal in our BFF! This is a big topic, so I’ve split it into multiple parts. You can jump to the section […]
BFF in ASP.NET Core #5 – Automatic Token Renewal Read More »
In this blog post, we’ll implement a minimal yet complete Backend-for-Frontend (BFF) in ASP.NET Core. By starting with a simple foundation and adding features incrementally, you’ll learn not just how to build a BFF, but why each component matters for securing modern web applications. This is a big topic, so I’ve split it into multiple
BFF in ASP.NET Core #4 – Implementing a BFF from scratch Read More »
The BFF pattern eliminates many SPA security risks, but it introduces a new critical component: the session cookie. This cookie becomes the key to your user’s authentication. If it’s not properly secured, you’ve simply moved the vulnerability from JavaScript tokens to HTTP cookies. This post shows you how to properly secure the session cookie using
BFF in ASP.NET Core #3 – The BFF Pattern Explained Read More »
How do you secure a Single-Page Application without storing tokens in the browser? The answer lies in the Backend-for-Frontend (BFF) pattern. This architectural approach shifts authentication complexity to the backend, keeping your frontend simple and secure. Let’s explore how it works and why it’s become the gold standard for SPA security. This is a big
BFF in ASP.NET Core #2 – The BFF Pattern Explained Read More »
This multi-part blog series will show you how to implement secure authentication for Single-Page Applications using the Backend-for-Frontend (BFF) pattern with ASP.NET Core. We’ll explore why handling OpenID Connect directly in SPAs creates security risks, then build a complete BFF implementation that eliminates browser token storage and follows OAuth 2.0 best practices. In short, it
Implementing BFF Pattern in ASP.NET Core for SPAs Read More »
In this blog post, you will learn how to deploy a test instance of KurrentDB to Azure and access it from a console application in .NET. Why did I write this blog post? While updating my DDD, CQRS, and Event Sourcing in .NET training course to the latest version of .NET and C#, I also
How to Use KurrentDB for Event Sourcing in C# on Azure Read More »
In my previous blog post, I explained what the Forwarded Headers Middleware does and why it matters. In this post, I will show you how to add it to your application, configure it, and point out a few common issues that can arise in configuring the forwarded headers middleware. In this blog post: Testing the
Configuring ASP.NET Core Forwarded Headers Middleware Read More »
Proxies are vital for load balancing and security, but they obscure the actual client IP, scheme, and domain, causing broken links, inaccurate logging, and other headaches. In this post, we’ll look at how ASP.NET Core’s Forwarded Headers Middleware restores these details so your services behave as though they’re directly on the public internet. What is
Exploring the Forwarded Headers Middleware in ASP.NET Core Read More »
In ASP.NET Core 9, a new feature called AdditionalAuthorizationParameters allows you to customize OAuth and OpenID Connect (OIDC) flows more quickly. This new feature allows developers to add custom authentication parameters without needing to rely on the complex workarounds that existed before ASP.NET Core 9 was released. Sounds familiar? Then you’re going to like this!
AdditionalAuthorizationParameters in ASP.NET Core 9 Read More »
In this final post in this series, we’ll now resolve logout challenges you might run into with IdentityServer, ensure proper sign-out redirects, and summarize the key takeaways from the series. Let’s complete the setup and finalize our IdentityServer configuration! This blog has been broken up into four separate posts: IdentityServer in Docker Containers: Adding Containers
IdentityServer In Docker Containers – Handle Logout (Part 4) Read More »