The DefaultAzureCredentials is key for using Azure services, but how exactly does it work and when should you use it? In this post, we’ll break down how it operates, its challenges, and other ways to access Azure services. This guide will help you get a clearer picture of how to handle Azure authentication simply and […]
When you’re working with the Data Protection API in ASP.NET, you quickly notice how powerful and simple this service is. At the same time, you have little insight into how it operates. In this blog post, I will introduce a simple debugger I wrote to better demonstrate how it operates in my training classes. Head
Introducing the Data Protection API Key Ring Debugger Read More »
The ASP.NET Core Data Protection API (DPAPI) is an essential service in ASP.NET Core that is often overlooked. This post will give an overview of what it does and how we can persist the encryption keys in Azure Key Vault. The API’s main purpose is to encrypt and decrypt data. For example, it is used
Persisting the ASP.NET Core Data Protection Key Ring in Azure Key Vault Read More »
In this blog post, we’ll explore a practical way to enhance the security of your ASP.NET Core applications by reducing the size of authentication cookies. Large cookies can lead to performance issues and security risks, especially when using OpenID Connect or storing sensitive information. By implementing these optimizations, you can keep your application secure, streamlined,
Improving ASP.NET Core Security By Putting Your Cookies On A Diet Read More »
In the world of web application security, OpenID Connect plays a key role in streamlining authentication processes. But what makes it really tick? In this blog post, we dive deep into two critical security features of OpenID Connect – the state and nonce parameters – and how they are used in ASP.NET Core. This simplified
Demystifying OpenID Connect’s State & Nonce Parameters in ASP.NET Core Read More »
ASP.NET Core generates various types of cookies, such as authentication, antiforgery, and session cookies. In this blog post, we’ll take a closer look at what information these cookies store, how they function, and the security measures used to protect them, including encryption and the Data Protection API. Protecting The ASP.NET Core Cookies The content of
Exploring what is inside the ASP.NET Core cookies Read More »
Troubleshooting cookie problems in ASP.NET Core Having answered over 1000 questions on Stack Overflow, I’ve found that cookie-related issues are a frequent challenge for developers using ASP.NET Core, especially when implementing authentication and OpenID Connect. Cookie problems can, in my experience, be categorized into the following categories: Browser RejectionCookies provided by the server that aren’t
Microsoft introduced the new BearerToken authentication handler in ASP.NET Core 8 as part of an initiative to streamline and modernize authentication processes. This blog post dives into how the BearerToken in ASP.NET Core handler works, its key features, and how it differs from existing authentication handlers like Cookie and JwtBearer. Head over to the blog
BearerToken: The new Authentication handler in ASP.NET Core 8 Read More »
A common problem when protecting your ASP.NET Core APIs is that expected claims are not found in the user object. In this blog post, I will give you some ideas for how to diagnose these types of problems. If you have claim problems related to the OpenIDConnect handler, head over to the blog post about
Debugging JwtBearer Claim Problems in ASP.NET Core Read More »
Missing claims in the ClaimsPrincipal user object is a frequent problem when using OpenID Connect authentication in ASP.NET Core. In this blog post, we’ll explore common causes behind these claim issues and provide troubleshooting steps to help you identify and resolve them effectively. What is the purpose of the OpenIDConnect handler? The handler has two
Debugging OpenID Connect Claim Problems in ASP.NET Core Read More »