Andrew Lock | .NET Escapades

Andrew Lock
Auth

  1. Implementing custom token providers for passwordless authentication in ASP.NET Core Identity

    This post was inspired by Scott Brady's recent post on implementing "passwordless authentication" using ASP.NET Core Identity.. In this post I show how to implement his "optimisation" suggestions to reduce the lifetime of "magic link" tokens. I start by providing some some background on the use case, but I…
    on ASP.NET Core ASP.NET Core Identity Auth Security - Comments

  2. Gotchas upgrading from IdentityServer 3 to IdentityServer 4

    This post covers a couple of gotchas I experienced upgrading an IdentityServer 3 implementation to IdentityServer 4. I've written about a previous issue I ran into with an OWIN app in this scenario - where JWTs could not be validated correctly after upgrading. In this post I'll discuss two other…
    on ASP.NET Core ASP.NET Core Identity IdentityServer Security Auth Issues - Comments

  3. Resource-based authorisation in ASP.NET Core

    In this next post on authorisation in ASP.NET Core, we look at how you can secure resources based on properties of that resource itself. In a previous post, we saw how you could create a policy that protects a resource based on properties of the user trying to access…
    on ASP.NET Core Auth Security - Comments

  4. Modifying the UI based on user authorisation in ASP.NET Core

    This post is the next in the series on authentication and authorisation in ASP.NET Core. It shows how to modify the UI you present based on the authorisation level of the current user. This allows you to hide links to pages the user is not authorised to access, for…
    on ASP.NET Core Security Auth Front End - Comments

  5. Custom authorisation policies and requirements in ASP.NET Core

    This post is the next in a series of posts on the authentication and authorisation infrastructure in ASP.NET Core . In the previous post we showed the basic framework for authorisation in ASP.NET Core i.e. restricting access to parts of your application depending on the current authenticated user.…
    on ASP.NET Core Auth Security - Comments

  6. Introduction to Authorisation in ASP.NET Core

    This is the next in series of posts about authentication and authorisation in ASP.NET Core. In the first post we introduced authentication in ASP.NET Core at a high level, introducing the concept of claims-based authentication. In the next two post, we looked in greater depth at the Cookie…
    on ASP.NET Core Security Auth - Comments