authentication  

Kevin Rich

Software Development Nerd

All Categories: asp.net(13) development(4) science fiction(4) off-topic(4) authentication(4) film(4) aws(3) test-driven-development(3) dependency-injection(3) debugging(3) people(2) webapi(2) autofac(2) jwt(2) moq(2) entity-framework(2) serialiazation(2) serializers(2) tdd(2) analytics(2) mvc5(2) cdk(2) don't hassle the hanselhoff(2) linq(2) javascript(2) commandline(1) xunit(1) lambda(1) identityserver(1) auth0(1) oidc(1) console(1) manyconsole(1) arguments(1) dotnet-core-2.0(1) activedirectory(1) authenticationscheme(1) authorization(1) data lake(1) data warehouse(1) interview questions(1) https rewrite(1) speakerlife(1) failures(1) automoq(1) autofixture(1) shouldly(1) fluent assertions(1) boilerplate(1) dotnet core 3.0(1) dotnet core 2.2(1) .net mvc(1) dotnet mvc(1) mvc core(1) libman(1) bootstrap-datepicker(1) datepicker(1) cdnjs(1) csharp(1) cdk v2(1) mvvm(1) testing(1) sql(1) azure(1) nosql(1) performance(1) json(1) xml(1) jest(1) kendo(1) querystring(1) smtp(1) enumerated-implementation(1) publish(1) budget(1) mediatypeformatter(1) jsonserializationexception(1) filters(1) automapper(1) resharper(1) swashbuckle(1) delegating handler(1) swagger(1) typescript(1) home

Configuring ASP.NET Core 2.0 Authentication

Global Authentication Filters for Projects for both OpenID Connect Users and JWT Bearer Token Daemons

Problem Statement

I'm building a ASP.NET Core 2.0 Web Application with MVC. I want the following:

  • MVC Controllers
    • Secured with Azure ActiveDirectory Authentication
    • Authentication Challenges should redirect user to the login page
  • WebApi controllers
    • Secured by JWT Bearer . . .

Read More

Posted in: activedirectoryasp.netauthenticationauthenticationschemeauthorizationazuredotnet-core-2.0jwt

August 18, 2017

Choosing Your Identity (Server)

A Willamette Valley Software Engineers Presentation

I was fortunate enough to catch a two day deep-dive of Identity Servers and .NET Core presented by Brock Allen at DEVIntersection last fall and have been playing with it here and there for the last six months. I'm finding myself becoming more and more obsessed with ensuring projects are locked down from folks at badguy.com. While there . . .

Read More

Posted in: asp.netauth0authenticationdevelopmentidentityserverjwtoidc

June 01, 2017

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler
 {
 protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) . . .

Read More

Posted in: authenticationdelegating handlermvc5swaggerswashbuckle

December 05, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter

Update

Please for the love of all that is holy, don't do this. There are many great solutions out there now. I recommend Azure AD (cheap), Auth0(freeish), or Identity Server(open sou). This was a pretty terrible implementation that was meant as a stopgap.

Scenario

I have an API that I wish to lock down via an . . .

Read More

Posted in: asp.netauthenticationfiltersmvc5webapi

July 19, 2016

Archive

All Categories: asp.net(13) development(4) science fiction(4) off-topic(4) authentication(4) film(4) aws(3) test-driven-development(3) dependency-injection(3) debugging(3) people(2) webapi(2) autofac(2) jwt(2) moq(2) entity-framework(2) serialiazation(2) serializers(2) tdd(2) analytics(2) mvc5(2) cdk(2) don't hassle the hanselhoff(2) linq(2) javascript(2) commandline(1) xunit(1) lambda(1) identityserver(1) auth0(1) oidc(1) console(1) manyconsole(1) arguments(1) dotnet-core-2.0(1) activedirectory(1) authenticationscheme(1) authorization(1) data lake(1) data warehouse(1) interview questions(1) https rewrite(1) speakerlife(1) failures(1) automoq(1) autofixture(1) shouldly(1) fluent assertions(1) boilerplate(1) dotnet core 3.0(1) dotnet core 2.2(1) .net mvc(1) dotnet mvc(1) mvc core(1) libman(1) bootstrap-datepicker(1) datepicker(1) cdnjs(1) csharp(1) cdk v2(1) mvvm(1) testing(1) sql(1) azure(1) nosql(1) performance(1) json(1) xml(1) jest(1) kendo(1) querystring(1) smtp(1) enumerated-implementation(1) publish(1) budget(1) mediatypeformatter(1) jsonserializationexception(1) filters(1) automapper(1) resharper(1) swashbuckle(1) delegating handler(1) swagger(1) typescript(1) home

Cover image credit: http://whoiskevinrich.com

You can also find Kevin Rich on Twitter, GitHub, LinkedIn and Stackoverflow. Get in touch by Email.

© 2024 Kevin Rich

This update link alerts you to new Silvrback admin blog posts. A green bubble beside the link indicates a new post. Click the link to the admin blog and the bubble disappears.

Got It!