Security posts

Creating an authentication scheme in ASP.NET Core 2.0

Posted on: 02-02-2018

How to make authentication handlers in ASP.NET Core 2.0, and walks through a naive implementation for HTTP Basic authentication.

Tags

ASP.NET CoreSecurity

Adding custom claims to a user during authentication with ASP.NET Core 2.0

Posted on: 05-12-2017

How to add custom claims such as roles to a user after they sign in. OpenID Connect and JWT Bearer token authentication used as examples.

Tags

ASP.NET CoreSecurity

Apply Authorization by default in ASP.NET Core

Posted on: 29-11-2017

How authentication can be required globally, as well as how to apply a different authorization policy on different parts of the app automatically.

Tags

ASP.NET CoreASP.NET MVCAPISecurity

Content Security Policy (CSP) in ASP.NET Core

Posted on: 01-02-2017

Control from where resources are allowed to load on your ASP.NET Core site

Tags

ASP.NET CoreSecurity

HTTP Public Key Pinning (HPKP) in ASP.NET Core

Posted on: 24-01-2017

How can you protect your app from possible Certificate Authority compromise?

Tags

ASP.NET CoreSecurity

HTTP Strict Transport Security (HSTS) in ASP.NET Core

Posted on: 22-01-2017

Shows how you can make sure your site is (almost) always accessed over a secure connection

Tags

ASP.NET CoreSecurity

Enforcing HTTPS in ASP.NET Core

Posted on: 21-01-2017

How to make sure all requests hitting an ASP.NET Core app are done over a secure channel.

Tags

ASP.NET CoreSecurity

Hi! My name is Joonas Westlin, I'm a software developer who blogs about ASP.NET Core, Azure, and Web development.

Azure MVP, Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Developer Associate.

Article tags

Azure (55)

ASP.NET Core (39)

Azure AD (33)

Security (27)

API (9)

ASP.NET MVC (9)

Azure App Service (8)

Azure Functions (8)

Azure Key Vault (7)

Durable Functions (6)