Security posts
Azure AD Authentication in ASP.NET Core APIs part 1: Basic setup, checking scopes, creating a test client
Posted on: 12-06-2018
This first part looks at the basic setup for Azure AD authentication in an ASP.NET Core API as well as creating a test client app
Azure AD Authentication with Azure Storage + Managed Service Identity
Posted on: 24-05-2018
Getting rid of access keys and instead using Azure AD with Managed Service Identity to access Azure Storage
ASP.NET Core + Azure Key Vault + Azure AD MSI = Awesome way to do config
Posted on: 06-03-2018
Looks at an example for storing sensitive configuration in Azure Key Vault, and connecting it to the ASP.NET Core configuration pipeline.
Creating an authentication scheme in ASP.NET Core 2.0
Posted on: 02-02-2018
How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.
Adding custom claims to a user during authentication with ASP.NET Core 2.0
Posted on: 05-12-2017
How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.
Apply Authorization by default in ASP.NET Core
Posted on: 29-11-2017
How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.
Content Security Policy (CSP) in ASP.NET Core
Posted on: 01-02-2017
Control from where resources are allowed to load on your ASP.NET Core site
HTTP Public Key Pinning (HPKP) in ASP.NET Core
Posted on: 24-01-2017
How can you protect your app from possible Certificate Authority compromise?
HTTP Strict Transport Security (HSTS) in ASP.NET Core
Posted on: 22-01-2017
Shows how you can make sure your site is (almost) always accessed over a secure connection
Enforcing HTTPS in ASP.NET Core
Posted on: 21-01-2017
How to make sure all requests hitting an ASP.NET Core app are done over a secure channel.
