Img_0738_large

Kevin Rich

Configuring ASP.NET Core 2.0 Authentication

Global Authentication Filters for Projects for both OpenID Connect Users and JWT Bearer Token Daemons

Problem Statement

I'm building a ASP.NET Core 2.0 Web Application with MVC. I want the following:

  • MVC Controllers
    • Secured with Azure ActiveDirectory Authentication
    • Authentication Challenges should redirect user to the login page
  • WebApi controllers
    • Secured by JWT Bearer . . .

Read More

August 18, 2017

Choosing Your Identity (Server)

A Willamette Valley Software Engineers Presentation

I was fortunate enough to catch a two day deep-dive of Identity Servers and .NET Core presented by Brock Allen at DEVIntersection last fall and have been playing with it here and there for the last six months. I'm finding myself becoming more and more obsessed with ensuring projects are locked down from folks at badguy.com. While there . . .

Read More

June 01, 2017

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler
 {
 protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) . . .

Read More

December 05, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter

Update

Please for the love of all that is holy, don't do this. There are many great solutions out there now. I recommend Azure AD (cheap), Auth0(freeish), or Identity Server(open sou). This was a pretty terrible implementation that was meant as a stopgap.

Scenario

I have an API that I wish to lock down via an . . .

Read More

July 19, 2016

Archive

Cover image credit: http://whoiskevinrich.com