Dive into blog posts on OpenID Connect, focusing on integration, authentication, and security in ASP.NET Core. Get expert insights and practical tips to streamline your identity solutions with Nestenius.
In the previous blog posts in this series, we built our own Backend-for-Frontend (BFF) implementation in ASP.NET Core from scratch. Now, you might be wondering about how much effort it would take to replace our custom solution with the Duende BFF Security Framework? In this post, we’ll walk through that migration process and see just […]
BFF in ASP.NET Core #7 – Introducing the Duende BFF Library Read More »
In this post, we take the next step in securing our Backend-for-Frontend (BFF) by adding robust Cross-Origin Resource Sharing (CORS) protection. CORS is essential for defending against a range of cross-origin attacks, and implementing it correctly is crucial for any application that handles sensitive data. We’ll explore the types of attacks that CORS helps prevent,
BFF in ASP.NET Core #6 – Securing our BFF with CORS Read More »
Nobody wants to sign in every hour. Yet that’s exactly what happens when access tokens expire in applications without proper token management. The good news? We can fix this by implementing automatic token renewal in our BFF! This is a big topic, so I’ve split it into multiple parts. You can jump to the section
BFF in ASP.NET Core #5 – Automatic Token Renewal Read More »
The BFF pattern eliminates many SPA security risks, but it introduces a new critical component: the session cookie. This cookie becomes the key to your user’s authentication. If it’s not properly secured, you’ve simply moved the vulnerability from JavaScript tokens to HTTP cookies. This post shows you how to properly secure the session cookie using
BFF in ASP.NET Core #3 – The BFF Pattern Explained Read More »
How do you secure a Single-Page Application without storing tokens in the browser? The answer lies in the Backend-for-Frontend (BFF) pattern. This architectural approach shifts authentication complexity to the backend, keeping your frontend simple and secure. Let’s explore how it works and why it’s become the gold standard for SPA security. This is a big
BFF in ASP.NET Core #2 – The BFF Pattern Explained Read More »
This multi-part blog series will show you how to implement secure authentication for Single-Page Applications using the Backend-for-Frontend (BFF) pattern with ASP.NET Core. We’ll explore why handling OpenID Connect directly in SPAs creates security risks, then build a complete BFF implementation that eliminates browser token storage and follows OAuth 2.0 best practices. In short, it
Implementing BFF Pattern in ASP.NET Core for SPAs Read More »
In ASP.NET Core 9, a new feature called AdditionalAuthorizationParameters allows you to customize OAuth and OpenID Connect (OIDC) flows more quickly. This new feature allows developers to add custom authentication parameters without needing to rely on the complex workarounds that existed before ASP.NET Core 9 was released. Sounds familiar? Then you’re going to like this!
AdditionalAuthorizationParameters in ASP.NET Core 9 Read More »
In this final post in this series, we’ll now resolve logout challenges you might run into with IdentityServer, ensure proper sign-out redirects, and summarize the key takeaways from the series. Let’s complete the setup and finalize our IdentityServer configuration! This blog has been broken up into four separate posts: IdentityServer in Docker Containers: Adding Containers
IdentityServer In Docker Containers – Handle Logout (Part 4) Read More »
In this third part of the series, we tackle login issues in IdentityServer caused by cookie restrictions in HTTP and show how to resolve them by implementing HTTPS. We’ll guide you through securing communication between the host, client, and IdentityServer containers and configuring HTTPS in Docker to ensure everything runs smoothly. This blog has been
IdentityServer in Docker Containers: HTTPS and SameSite (Part 3) Read More »
This is part 2 of a blog series on containerizing a Duende IdentityServer and a client application. In this post, we resolve communication challenges that arise when these applications run in separate Docker containers. You’ll learn how to fix back-channel issues, handle localhost conflicts, and establish proper networking between the client and IdentityServer. This blog
IdentityServer in Docker Containers: Networking (Part 2) Read More »