Security posts

Azure AD Authentication in ASP.NET Core APIs part 2: Custom permissions, multi-tenant APIs

Posted on: 02-08-2018

In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.

Azure AD Authentication in ASP.NET Core APIs part 1: Basic setup, checking scopes, creating a test client

Posted on: 12-06-2018

This first part looks at the basic setup for Azure AD authentication in an ASP.NET Core API as well as creating a test client app

Azure AD Authentication with Azure Storage + Managed Service Identity

Posted on: 24-05-2018

Getting rid of access keys and instead using Azure AD with Managed Service Identity to access Azure Storage

ASP.NET Core + Azure Key Vault + Azure AD MSI = Awesome way to do config

Posted on: 06-03-2018

Looks at an example for storing sensitive configuration in Azure Key Vault, and connecting it to the ASP.NET Core configuration pipeline.

Creating an authentication scheme in ASP.NET Core 2.0

Posted on: 02-02-2018

How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.

Adding custom claims to a user during authentication with ASP.NET Core 2.0

Posted on: 05-12-2017

How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.

Apply Authorization by default in ASP.NET Core

Posted on: 29-11-2017

How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.

Content Security Policy (CSP) in ASP.NET Core

Posted on: 01-02-2017

Control from where resources are allowed to load on your ASP.NET Core site

HTTP Public Key Pinning (HPKP) in ASP.NET Core

Posted on: 24-01-2017

How can you protect your app from possible Certificate Authority compromise?

HTTP Strict Transport Security (HSTS) in ASP.NET Core

Posted on: 22-01-2017

Shows how you can make sure your site is (almost) always accessed over a secure connection

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET, Azure, and Web development.

Azure MVP, MCT, MCSE: Cloud Platform and Infrastructure, MCSD: App Builder