search

Azure Key Vault is a great way to store your IdentityServer4 signing keys; it is secure, versioned, and gives you access to robust access control mechanisms. However, I keep seeing many Azure Key Vault integrations that miss many of its features by storing the private key as a secret and then downloading the private key on application startup.

Bharat Dwarkani shared on Mar 30, 2020
image
scottbrady91.com
bookmarks
share
favorite_border0 visibility0
favorite_border0 visibility0 share bookmarks

The purpose here is to configure the data protection system in such a way that its keys are stored outside the app server, but also to do so in a secure manner. By default data protection keys may be stored in a local folder

Bharat Dwarkani shared on Mar 15, 2020
image
joonasw.net
bookmarks
share
favorite_border0 visibility13
favorite_border0 visibility13 share bookmarks

Specifying headers in middleware can be done in C# code by creating one or more pieces of middleware. Most examples in this post will use this approach. In short, you either create a new middleware class or call the Use method directly in the Configure method in Startup.cs

Bharat Dwarkani shared on Mar 13, 2020
image
blog.elmah.io
bookmarks
share
favorite_border0 visibility15
favorite_border0 visibility15 share bookmarks

Cross Site Request Forgery (aka CSRF or XSRF) is one of the most common attacks in which the user is tricked into executing an unwanted action through his browser on his behalf, in one of the sites he is currently authenticated. ASP.Net Core contains an Antiforgery package that can be used to secure your application against this particular risk. For those who have used earlier versions of ASP.Net will see that things have changed a bit in the new framework.

Bharat Dwarkani shared on Mar 05, 2020
image
dotnetcurry.com
bookmarks
share
favorite_border0 visibility21
favorite_border0 visibility21 share bookmarks

An issue related to antiforgery that I couldn’t understand at the time. I went with a workaround but thought I’d dig a bit deeper when I have time. Let’s have a look at it together!

Bharat Dwarkani shared on Mar 05, 2020
image
mderriey.com
bookmarks
share
favorite_border0 visibility14
favorite_border0 visibility14 share bookmarks

If you decide to go with cookies and if your web api is consumed through a web application (e.g. Angular) it will be vulnerable to cross-site request forgery attacks (frequently referred to as CSRF or XSRF).

Bharat Dwarkani shared on Mar 05, 2020
image
blinkingcaret.com
bookmarks
share
favorite_border0 visibility12
favorite_border0 visibility12 share bookmarks

Learn how to add authentication and authorization to gRPC for microservices in .NET Core.

Bharat Dwarkani shared on Feb 27, 2020
image
auth0.com
bookmarks
share
favorite_border0 visibility19
favorite_border0 visibility19 share bookmarks

This post is part of the series 'Vulnerabilities'. Be sure to check out the rest of the blog posts of the series! Impersonation and security SQL injections How to prevent CSRF attacks ASP MVC and XSRF Cross-site scripting (XSS) ASP MVC: Mass Assignment Regex - Deny of Service (ReDoS) (this post) Deserialization can be dangerous Prevent Zip bombs in .NET

Bharat Dwarkani shared on Jan 22, 2020
image
meziantou.net
bookmarks
share
favorite_border0 visibility15
favorite_border0 visibility15 share bookmarks

ASP.NET Core enables developers to easily configure and manage security for their apps. ASP.NET Core contains features for managing authentication, authorization, data protection, HTTPS enforcement, app secrets, anti-request forgery protection, and CORS management. These security features allow you to build robust yet secure ASP.NET Core apps.

Bharat Dwarkani shared on Jan 19, 2020
image
docs.microsoft.com
bookmarks
share
favorite_border0 visibility18
favorite_border0 visibility18 share bookmarks

Cross-Site Scripting (XSS) is a security vulnerability which enables an attacker to place client side scripts (usually JavaScript) into web pages. When other users load affected pages the attacker's scripts will run, enabling the attacker to steal cookies and session tokens, change the contents of the web page through DOM manipulation or redirect the browser to another page. XSS vulnerabilities generally occur when an application takes user input and outputs it to a page without validating, enco

Bharat Dwarkani shared on Jan 19, 2020
image
docs.microsoft.com
bookmarks
share
favorite_border0 visibility30
favorite_border0 visibility30 share bookmarks
add