Azure Key Vault is a great way to store your IdentityServer4 signing keys; it is secure, versioned, and gives you access to robust access control mechanisms. However, I keep seeing many Azure Key Vault integrations that miss many of its features by storing the private key as a secret and then downloading the private key on application startup.

In this article, we will see how we can skip Identity server 4 login page if we have integrated Azure AD with identity server 4.

An issue related to antiforgery that I couldn’t understand at the time. I went with a workaround but thought I’d dig a bit deeper when I have time. Let’s have a look at it together!

But what do you do when you have to access an authenticated API from your application, for which you need the access token or the refresh token that was obtained as part of that sign-in flow?

ASOS (AspNet.Security.OpenIdConnect.Server) is an advanced OAuth2 for ASP.NET Core 1.x and 2.x. In this article, we explain the integration process of ASOS, corresponding to client_credentials and password grant types, to enable:

n this article, we will create a web application using ASP.NET Core and Angular. We will then implement authentication and policy-based authorization in the application with the help of JWT. The web application will have two roles – Admin and User. The application will have role-based access for each role. We will learn how to configure and validate a JWT.

ASP.NET Core identity allows you to implement authentication and authorization for your web applications. While working with ASP.NET Core Identity at times you need to create default user accounts and roles in the system. In ASP.NET MVC you could have easily done this in Global.asax and Application_Start event handler. In ASP.NET Core the process is bit different since the application startup process is different. To that end this article explains a way to seed such user and roles data in your a

Multi-factor authentication or MFA requires multiple factors to authenticate a user. Two-factor authentication (2FA) is an MFA with two factors. There is no real limit on how many factors we can add but it’s not practical for a user to use many factors as it hurts usability of the application if the login process is too long and complicated. Adding a second factor is usually enough to stop the brute-force and dictionary attacks.

this tutorial, we are going to cover a simple example of how to implement Role Based Authorization / access control in Asp.Net Core 3.0 using visual studio 2019.

So while the benefits of using Single Sign On are obvious and there many articles about it, it way less discussed topic is Single Sign Out – the process of signing out the user from all web application which use the same IdP.