Img_0738_large

Kevin Rich

Choosing Your Identity (Server)

A Willamette Valley Software Engineers Presentation

I was fortunate enough to catch a two day deep-dive of Identity Servers and .NET Core presented by Brock Allen at DEVIntersection last fall and have been playing with it here and there for the last six months. I'm finding myself becoming more and more obsessed with ensuring projects are locked down from folks at badguy.com. While there . . .

Read More

June 01, 2017

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (IsSwagger(request) . . .

Read More

December 05, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter

Scenario

I have an API that I wish to lock down via an API key the user will embed in the request header. We will accomplish this using the WebApi.AuthenticationFilter NuGet package to create a custom AuthenticationFilterAttribute which will check the incoming request header for an "api-key" key and related value.

Project . . .

Read More

July 19, 2016

Archive

Cover image credit: http://whoiskevinrich.com