API posts

Hide actions from Swagger / OpenAPI documentation in ASP.NET Core

Posted on: 16-03-2020

Two approaches for hiding actions from auto-generated API documentation

Always check permissions in tokens in an Azure AD protected API

Posted on: 05-08-2019

Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable

Azure AD Authentication in ASP.NET Core APIs part 2: Custom permissions, multi-tenant APIs

Posted on: 02-08-2018

In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.

Azure AD Authentication in ASP.NET Core APIs part 1: Basic setup, checking scopes, creating a test client

Posted on: 12-06-2018

This first part looks at the basic setup for Azure AD authentication in an ASP.NET Core API as well as creating a test client app

Exploring ActionResult<T> in ASP.NET Core 2.1

Posted on: 18-02-2018

Checking out the new ActionResult<T> class coming in ASP.NET Core 2.1.

Using Azure AD On-Behalf-Of flow in an ASP.NET Core 2.0 API

Posted on: 06-01-2018

How to call another Azure AD protected API from an API as the user calling it.

Apply Authorization by default in ASP.NET Core

Posted on: 29-11-2017

How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.

Discovering controller actions and Razor Pages in ASP.NET MVC Core

Posted on: 03-11-2017

Using IActionDescriptorCollectionProvider to find what controller actions and Razor Pages are available in an ASP.NET MVC Core application.

Building a basic Web API on ASP.NET Core

Posted on: 18-10-2016

Part 1 of a series, in this one we look at how a basic Web API is built on ASP.NET Core.

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Developer Associate.