search

Azure Key Vault is a great way to store your IdentityServer4 signing keys; it is secure, versioned, and gives you access to robust access control mechanisms. However, I keep seeing many Azure Key Vault integrations that miss many of its features by storing the private key as a secret and then downloading the private key on application startup.

Bharat Dwarkani shared on Mar 30, 2020
image
scottbrady91.com
bookmarks
share
favorite_border0 visibility2
favorite_border0 visibility2 share bookmarks

In this article, we will see how we can skip Identity server 4 login page if we have integrated Azure AD with identity server 4.

Bharat Dwarkani shared on Mar 15, 2020
image
neelbhatt.com
bookmarks
share
favorite_border0 visibility14
favorite_border0 visibility14 share bookmarks

An issue related to antiforgery that I couldn’t understand at the time. I went with a workaround but thought I’d dig a bit deeper when I have time. Let’s have a look at it together!

Bharat Dwarkani shared on Mar 05, 2020
image
mderriey.com
bookmarks
share
favorite_border0 visibility16
favorite_border0 visibility16 share bookmarks

But what do you do when you have to access an authenticated API from your application, for which you need the access token or the refresh token that was obtained as part of that sign-in flow?

Bharat Dwarkani shared on Jan 17, 2020
image
blog.maartenballiauw.be
bookmarks
share
favorite_border0 visibility21
favorite_border0 visibility21 share bookmarks

ASOS (AspNet.Security.OpenIdConnect.Server) is an advanced OAuth2 for ASP.NET Core 1.x and 2.x. In this article, we explain the integration process of ASOS, corresponding to client_credentials and password grant types, to enable:

Bharat Dwarkani shared on Jan 17, 2020
image
syncfusion.com
bookmarks
share
favorite_border0 visibility2
favorite_border0 visibility2 share bookmarks

n this article, we will create a web application using ASP.NET Core and Angular. We will then implement authentication and policy-based authorization in the application with the help of JWT. The web application will have two roles – Admin and User. The application will have role-based access for each role. We will learn how to configure and validate a JWT.

Bharat Dwarkani shared on Nov 25, 2019
image
ankitsharmablogs.com
bookmarks
share
favorite_border1 visibility61
favorite_border1 visibility61 share bookmarks

ASP.NET Core identity allows you to implement authentication and authorization for your web applications. While working with ASP.NET Core Identity at times you need to create default user accounts and roles in the system. In ASP.NET MVC you could have easily done this in Global.asax and Application_Start event handler. In ASP.NET Core the process is bit different since the application startup process is different. To that end this article explains a way to seed such user and roles data in your a

Bharat Dwarkani shared on Nov 24, 2019
image
binaryintellect.net
bookmarks
share
favorite_border0 visibility218
favorite_border0 visibility218 share bookmarks

Multi-factor authentication or MFA requires multiple factors to authenticate a user. Two-factor authentication (2FA) is an MFA with two factors. There is no real limit on how many factors we can add but it’s not practical for a user to use many factors as it hurts usability of the application if the login process is too long and complicated. Adding a second factor is usually enough to stop the brute-force and dictionary attacks.

Bharat Dwarkani shared on Nov 24, 2019
image
deblokt.com
bookmarks
share
favorite_border1 visibility24
favorite_border1 visibility24 share bookmarks

this tutorial, we are going to cover a simple example of how to implement Role Based Authorization / access control in Asp.Net Core 3.0 using visual studio 2019.

Bharat Dwarkani shared on Nov 24, 2019
image
dotnetdetail.net
bookmarks
share
favorite_border0 visibility39
favorite_border0 visibility39 share bookmarks

So while the benefits of using Single Sign On are obvious and there many articles about it, it way less discussed topic is Single Sign Out – the process of signing out the user from all web application which use the same IdP.

Bharat Dwarkani shared on Nov 10, 2019
image
hajekj.net
bookmarks
share
favorite_border0 visibility4
favorite_border0 visibility4 share bookmarks
add