Showing Security posts

Adding custom claims to a user during authentication with ASP.NET Core 2.0

Posted on: 05-12-2017

How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.

Apply Authorization by default in ASP.NET Core

Posted on: 29-11-2017

How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.

Content Security Policy (CSP) in ASP.NET Core

Posted on: 01-02-2017

Control from where resources are allowed to load on your ASP.NET Core site

HTTP Public Key Pinning (HPKP) in ASP.NET Core

Posted on: 24-01-2017

How can you protect your app from possible Certificate Authority compromise?

HTTP Strict Transport Security (HSTS) in ASP.NET Core

Posted on: 22-01-2017

Shows how you can make sure your site is (almost) always accessed over a secure connection

Enforcing HTTPS in ASP.NET Core

Posted on: 21-01-2017

How to make sure all requests hitting an ASP.NET Core app are done over a secure channel.

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET, Azure, and Web development.

MCT, MCSE: Cloud Platform and Infrastructure, MCSD: App Builder