Showing all posts tagged: 'ASP.NET Core'

A 8-post collection

Setting up Managed Identities for ASP.NET Core web app running on Azure App Service

A few weeks ago I wrote about Secure application development with Key Vault and Azure Managed Identities which are managed, behind the scenes, by Azure Active Directory. At the end of that blog post, I promised to show you how to take your app from local development to production seamlessly, leveraging Managed Identities on the Azure App Service. What does the app currently doBefore setting things up on Azure, let's remind ourselves quickly what the application does and where Azure Managed Identities and Key Vault fit. The Razor Web App retrieves two secrets from Key Vault without having to configure …[read more]


Working with Azure EasyAuth (Azure App Service Authentication) and .NET Core 3.1

Working with authentication in your apps can sometimes be tricky and every app has its own constraints. But the Azure platform provides developers and organizations with many options when it comes to implementing authentication and authorization, from fully customized, coded solutions to turn-key authentication with little to no code changes. Imagine the scenario where you already have an app that was coded without authentication. This could be an app that was developer to run internally but now it needs to be moved to Azure. To secure access to the app, you have 2 options: Add authentication in code so that …[read more]


Create a protected .NET Core 3.1 API that calls into MS Graph on behalf of a Power App

In this blog post I'm going to explain how to create a .NET Core API that accepts authenticated requests from a Power App, validates the user and then makes a call into MS Graph to retrieve the appropriate data. All secured via Azure AD while using the latest (and funkiest) Microsoft.Identity.Web library for authentication and the MS Graph SDK for getting the Graph ┬ádata. If you haven't used the Microsoft.Identity.Web NuGet package yet, ┬áthen I would urge you to have a look at the repo and start integrating it with your ASP.NET Core apps. The …[read more]


Call MS Graph APIs from ASP.NET Core 3.1

As I spend more time in my role as a PM for Microsoft Identity, the more I realize there is a whole world I don't know about. And as many of the developers out there, I make sure I spend as much time as I can learning new things. Today's learning? Integrating MS Graph into an existing ASP.NET Core 3.1 app. It may sound straightforward, but getting it to work proved a little bit more challenging because our developer story is so new. In addition, I wanted to experience what it would take to add MS Graph to …[read more]


ASP.NET Core SAML Authentication with Azure AD

I love delegated authentication. I strongly feel that this is one of the priorities that the ASP.NET Core team got right by "forcing" or better coercing developers and companies to use an external service to manage user authentication and authorisation. The right route. Why? Only a couple of days T-Mobile Austria made the news (and Twitter news) for claiming that they have "Amazingly Good Security" while storing users' passwords in clear text! You can read all about it [here](https://motherboard.vice.com/en_us/article/7xdeby/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-security" target="_). However, we're not here …[read more]


Enforcing HTTPS only traffic with ASP.NET Core and Kestrel

In the early days of ASP.NET Core, [Kestrel](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?tabs=aspnetcore2x" target="_blank) (the lightweight, open source web server) was fairly basic. And this was totally intentional! Kestrel provides a mechanism to spin up and run ASP.NET Core websites and APIs fast and efficiently with as little overhead as possible. This, combined with the other ASP.NET Core improvements (90% smaller HTTP requests etc) have contributed to ASP.NET Core's speed. Kestrel was great at its job but in some cases proved to be very basic. It's …[read more]


.NET Core authentication and authorisation using Auth0

I'm a big proponent of delegated authentication. It's no surprise that [Broken Authentication](https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication" target="_blank) is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C …[read more]


Deploy your ASP.NET Core app to Azure Service Fabric

[Service Fabric](https://docs.microsoft.com/en-us/azure/" target="_blank) is Azure's highly scalable, multi-node, always-on solution that's designed to make deployment and running of distributed micro-services (and not only) a breeze. It provides a lot of features and functionality out of the box, allowing you to focus on the business value of your solution instead of the architectural and design decisions that could delay your path to production/market. There's great, impartial set of articles on micro-services published by Microsoft, along many, so if you want a crash course introduction, then I would urge you to have …[read more]