Exploring and discovering unfamiliar codebases is always a challenge. In this blog post, I will introduce a novel way to explore a new codebase by looking at the code coverage using NCrunch.NET. Background As a developer, you’re often challenged to understand new libraries; you ask: ‘how does it work’, ‘what makes it tick?’, what parts …
Discovering .NET codebases using code coverage and NCrunch Read More »
The DefaultAzureCredentials is key for using Azure services, but how exactly does it work and when should you use it? In this post, we’ll break down how it operates, its challenges, and other ways to access Azure services. This guide will help you get a clearer picture of how to handle Azure authentication simply and …
When you’re working with the Data Protection API in ASP.NET, you quickly notice how powerful and simple this service is. At the same time, you have little insight into how it operates. In this blog post, I will introduce a simple debugger I wrote to better demonstrate how it operates in my training classes. Head …
Introducing the Data Protection API Key Ring Debugger Read More »
The Data Protection API (DPAPI) is an essential service in ASP.NET Core that is often overlooked. This post will give an overview of what it does and how we can store its encryption keys in Azure Key Vault. The API’s main purpose is to encrypt and decrypt data. For example, it is used to: Protect …
Persisting the ASP.NET Core Data Protection Key Ring in Azure Key Vault Read More »
This blog post explores how we can improve the security of your ASP.NET Core authentication security by reducing the size of our cookies. Problem #1 – Large cookies When you work with authentication in ASP.NET Core, you typically use the Cookie handler to sign in the user. As a result of the sign-in, it will …
Improving ASP.NET Core Security By Putting Your Cookies On A Diet Read More »
In the world of web application security, OpenID Connect plays a key role in streamlining authentication processes. But what makes it really tick? In this blog post, we dive deep into two critical security features of OpenID Connect – the state and nonce parameters – and how they are used in ASP.NET Core. This simplified …
Demystifying OpenID Connect’s State and Nonce Parameters in ASP.NET Core Read More »
ASP.NET Core issues several cookies, including authentication, antiforgery, and session cookies. This blog post will explore what these cookies contain and how they are protected. Protecting the cookies The content of these cookies is protected through a combination of encryption and signing mechanisms. These protective measures ensure the confidentiality and integrity of the information stored …
Exploring what is inside the ASP.NET Core cookies Read More »
Troubleshooting cookie problems in ASP.NET Core I have answered over 1000 questions on Stack Overflow, and cookies are a common source of trouble for developers, especially when working with authentication and OpenID Connect in ASP.NET Core. Cookie problems can, in my experience, be categorized into the following categories: Browser RejectionCookies provided by the server that …
In ASP.NET Core 8, Microsoft added a new authentication handler named BearerToken. In this blog post, I will explain how it works and its purpose. This handler is part of a bigger push by Microsoft to simplify authentication in ASP.NET Core, but in this blog post, we will focus on this handler. Head over to …
BearerToken: The new Authentication handler in .NET 8 Read More »
A common problem when protecting your ASP.NET Core APIs is that expected claims are not found in the user object. In this blog post, I will give you some ideas for how to diagnose these types of problems. If you have claim problems related to the OpenIDConnect handler, head over to the blog post about …
Debugging JwtBearer Claim Problems in ASP.NET Core Read More »