Security posts

Creating an authentication scheme in ASP.NET Core 2.0

Posted on: 02-02-2018

How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.

Adding custom claims to a user during authentication with ASP.NET Core 2.0

Posted on: 05-12-2017

How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.

Apply Authorization by default in ASP.NET Core

Posted on: 29-11-2017

How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.

Content Security Policy (CSP) in ASP.NET Core

Posted on: 01-02-2017

Control from where resources are allowed to load on your ASP.NET Core site

HTTP Public Key Pinning (HPKP) in ASP.NET Core

Posted on: 24-01-2017

How can you protect your app from possible Certificate Authority compromise?

HTTP Strict Transport Security (HSTS) in ASP.NET Core

Posted on: 22-01-2017

Shows how you can make sure your site is (almost) always accessed over a secure connection

Enforcing HTTPS in ASP.NET Core

Posted on: 21-01-2017

How to make sure all requests hitting an ASP.NET Core app are done over a secure channel.

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Developer Associate.