Read expert blog posts on Duende IdentityServer, covering authentication, authorization, OpenID Connect, and security best practices.
Duende IdentityServer is the leading OpenID Connect and OAuth 2 server for .NET. In this tutorial, I’ll walk you through setting up Duende IdentityServer 7.4.4 from scratch using ASP.NET Core 10. What you’ll learn: How to add and configure the IdentityServer middleware How to integrate the sample user interface for login and logout How to […]
Duende IdentityServer 7: A Complete Setup Guide for ASP.NET Core Read More »
In the previous blog posts in this series, we built our own Backend-for-Frontend (BFF) implementation in ASP.NET Core from scratch. Now, you might be wondering about how much effort it would take to replace our custom solution with the Duende BFF Security Framework? In this post, we’ll walk through that migration process and see just
BFF in ASP.NET Core #7 – Introducing the Duende BFF Library Read More »
Nobody wants to sign in every hour. Yet that’s exactly what happens when access tokens expire in applications without proper token management. The good news? We can fix this by implementing automatic token renewal in our BFF! This is a big topic, so I’ve split it into multiple parts. You can jump to the section
BFF in ASP.NET Core #5 – Automatic Token Renewal Read More »
In this final post in this series, we’ll now resolve logout challenges you might run into with IdentityServer, ensure proper sign-out redirects, and summarize the key takeaways from the series. Let’s complete the setup and finalize our IdentityServer configuration! This blog has been broken up into four separate posts: IdentityServer in Docker Containers: Adding Containers
IdentityServer In Docker Containers – Handle Logout (Part 4) Read More »
In this third part of the series, we tackle login issues in IdentityServer caused by cookie restrictions in HTTP and show how to resolve them by implementing HTTPS. We’ll guide you through securing communication between the host, client, and IdentityServer containers and configuring HTTPS in Docker to ensure everything runs smoothly. This blog has been
IdentityServer in Docker Containers: HTTPS and SameSite (Part 3) Read More »
This is part 2 of a blog series on containerizing a Duende IdentityServer and a client application. In this post, we resolve communication challenges that arise when these applications run in separate Docker containers. You’ll learn how to fix back-channel issues, handle localhost conflicts, and establish proper networking between the client and IdentityServer. This blog
IdentityServer in Docker Containers: Networking (Part 2) Read More »
Getting Duende IdentityServer and a client application up and running in separate containers can be challenging. This blog post will provide a step-by-step guide for a smooth setup and show you how to resolve common challenges along the way. We will also learn about security, cookies, ports, containers, and certificates. This is a big topic,
Understanding the differences between IdentityResource, ApiResource, and ApiScope in Duende IdentityServer is a common question among developers, often seen on platforms like Stack Overflow. My answer to this question has gained significant traction as one of my most upvoted responses. In this blog post, I’ll dive deeper into these resource types, explaining what they are,
IdentityServer – IdentityResource vs. ApiResource vs. ApiScope Read More »