-
3 Common Problems with ClaimsIdentity and ClaimsPrincipal in ASP.NET Core
In .NET Core, the ClaimsIdentity class represents a user in your application. It helps describe who they are and helps manage the list of claims which describe what they can do. But if you use the wrong constructor on ClaimsIdentity or provide the subtly wrong information to that constructor, you might see some strange behavior. …
-
“Implementing Security in ASP.NET Core: Claims, Patterns, and Policies” – Slides & Code
I spoke at the New England Microsoft Developers (NEMD) user group last night and gave a talk about security in ASP.NET Core. (A lot of this content is also covered in my new Pluralsight class on ASP.NET Core architecture.) Slides Sample code Implementing Security in ASP.NET Core: Claims, Patterns, and PoliciesThere are two sides to…
-
ASP.NET Core & Azure Easy Auth with Multiple Authentication Providers (Including Development Mode)
I’ve been neck deep in Azure App Authentication (aka. Easy Auth) lately trying to get it to work with ASP.NET Core applications. I wrote a bunch of labs/walk-throughs last week to demonstrate how to make it work. Here are the posts in the Azure Easy Auth series: Lab 1, Lab 2, Lab 3, Lab 4,…
-
Walkthrough: Part 5, ASP.NET Core Claims-based Security using Azure App Authentication & the /.auth/me Service Endpoint
I’ve been working doing a lot more with Azure Web Apps lately and found that there are some basic things that it’s hard to find information on. So I decided to write some labs. This is the fifth post in a series. The overall goal of these labs is to teach you how to create…
-
Walkthrough: Part 4, Azure App Service Authentication with a Mix of Public and Protected ASP.NET Core MVC Pages
I’ve been working doing a lot more with Azure Web Apps lately and found that there are some basic things that it’s hard to find information on. So I decided to write some labs. This is the fourth post in a series. The overall goal of these labs is to teach you how to create…
-
Walkthrough: Part 3, Publish ASP.NET MVC Core Application to Azure Web App
I’ve been working doing a lot more with Azure Web Apps lately and found that there are some basic things that it’s hard to find information on. So I decided to write some labs. This is the third post in a series. The overall goal of these labs is to teach you how to create…
-
Walkthrough: Part 2, Configure App Service Authentication for Your Azure Web App
I’ve been working doing a lot more with Azure Web Apps lately and found that there are some basic things that it’s hard to find information on. So I decided to write some labs. This is the second post in a series. The overall goal of these labs is to teach you how to create…
-
Walkthrough: Part 1, Create an Azure Web App Definition in Azure
I’ve been working doing a lot more with Azure Web Apps lately and found that there are some basic things that it’s hard to find information on. So I decided to write some labs. This is the first one in a series. The overall goal of these labs is to teach you how to create…
-
VSLive Anaheim 2017: ASP.NET & ASP.NET Core Security
I spoke at VSLive Anaheim 2017 this week. As promised, here are my slides and code from the ASP.NET & ASP.NET Core Security talk. Role-Based Security Stinks: How to Implement Better Authorization in ASP.NET & WebAPI In .NET, if your user permissions are simple, you’re in luck. Access the IPrincipal for the current user, call…
-
Azure App Service Security with Microsoft Accounts, WebAPIs, and client apps (UWP)
TL;DR: Azure App Services simplifies your life by taking care of security for you. This works great when your app is a web browser app but if you need to access it from a client API app (for example, a Universal Windows Platform app), life can get frustrating and confusing in an instant. In this…