webmaster

Persisting the ASP.NET Core Data Protection Key Ring in Azure Key Vault

The Data Protection API (DPAPI) is an essential service in ASP.NET Core that is often overlooked. This post will give an overview of what it does and how we can store its encryption keys in Azure Key Vault. The API’s main purpose is to encrypt and decrypt data. For example, it is used to: Protect …

Persisting the ASP.NET Core Data Protection Key Ring in Azure Key Vault Read More »

Improving ASP.NET Core Security By Putting Your Cookies On A Diet

Improving ASP.NET Core Security By Putting Your Cookies On A Diet

This blog post explores how we can improve the security of your ASP.NET Core authentication security by reducing the size of our cookies. Problem #1 – Large cookies When you work with authentication in ASP.NET Core, you typically use the Cookie handler to sign in the user. As a result of the sign-in, it will …

Improving ASP.NET Core Security By Putting Your Cookies On A Diet Read More »

In the world of web application security, OpenID Connect plays a key role in streamlining authentication processes. But what makes it really tick? In this blog post, we dive deep into two critical security features of OpenID Connect – the state and nonce parameters – and how they are used in ASP.NET Core.

Demystifying OpenID Connect’s State and Nonce Parameters in ASP.NET Core

In the world of web application security, OpenID Connect plays a key role in streamlining authentication processes. But what makes it really tick? In this blog post, we dive deep into two critical security features of OpenID Connect – the state and nonce parameters – and how they are used in ASP.NET Core. This simplified …

Demystifying OpenID Connect’s State and Nonce Parameters in ASP.NET Core Read More »

ASP.NET Core issues several cookies, including authentication, antiforgery, and session cookies. This blog post will explore what these cookies contain and how they are protected.

Exploring what is inside the ASP.NET Core cookies

ASP.NET Core issues several cookies, including authentication, antiforgery, and session cookies. This blog post will explore what these cookies contain and how they are protected. Protecting the cookies The content of these cookies is protected through a combination of encryption and signing mechanisms. These protective measures ensure the confidentiality and integrity of the information stored …

Exploring what is inside the ASP.NET Core cookies Read More »

I have answered over 1000 questions on Stack Overflow, and cookies are a common source of trouble for developers, especially when working with authentication and OpenID Connect in ASP.NET Core.

Debugging cookie problems in ASP.NET Core

Troubleshooting cookie problems in ASP.NET Core I have answered over 1000 questions on Stack Overflow, and cookies are a common source of trouble for developers, especially when working with authentication and OpenID Connect in ASP.NET Core.   Cookie problems can, in my experience, be categorized into the following categories: Browser RejectionCookies provided by the server that …

Debugging cookie problems in ASP.NET Core Read More »