Andrew Lock | .NET Escapades

Andrew Lock
Security

  1. Implementing custom token providers for passwordless authentication in ASP.NET Core Identity

    This post was inspired by Scott Brady's recent post on implementing "passwordless authentication" using ASP.NET Core Identity.. In this post I show how to implement his "optimisation" suggestions to reduce the lifetime of "magic link" tokens. I start by providing some some background on the use case, but I…
    on ASP.NET Core ASP.NET Core Identity Auth Security - Comments

  2. Gotchas upgrading from IdentityServer 3 to IdentityServer 4

    This post covers a couple of gotchas I experienced upgrading an IdentityServer 3 implementation to IdentityServer 4. I've written about a previous issue I ran into with an OWIN app in this scenario - where JWTs could not be validated correctly after upgrading. In this post I'll discuss two other…
    on ASP.NET Core ASP.NET Core Identity IdentityServer Security Auth Issues - Comments

  3. Migrating passwords in ASP.NET Core Identity with a custom PasswordHasher

    In my last post I provided an overview of the ASP.NET Core Identity PasswordHasher<> implementation, and how it enables backwards compatibility between password hashing algorithms. In this post, I'll create a custom implementation of IPasswordHasher<> that we can use to support other password formats. We'll…
    on ASP.NET Core ASP.NET Core 2.0 ASP.NET Core Identity Security - Comments

  4. Exploring the ASP.NET Core Identity PasswordHasher

    In this post I'll look at some of the source code that makes up the ASP.NET Core Identity framework. In particular, I'm going to look at the PasswordHasher<T> implementation, and how it handles hashing user passwords for verification and storage. You'll also see how it handles…
    on ASP.NET Core ASP.NET Core Identity Security Source Code Dive - Comments

  5. Creating and trusting a self-signed certificate on Linux for use in Kestrel and ASP.NET Core

    These days, running your apps over HTTPS is pretty much required. so you need an SSL certificate to encrypt the connection between your app and a user's browser. I was recently trying to create a self-signed certificate for use in a Linux development environment, to serve requests with ASP.NET…
    on ASP.NET Core ASP.NET Core 2.0 Security - Comments

  6. Creating a validator to check for common passwords in ASP.NET Core Identity

    In my last post, I showed how you can create a custom validator for ASP.NET Core. In this post, I introduce a package that lets you validate that a password is not one of the most common passwords users choose. You can find the package on GitHub and on…
    on ASP.NET Core ASP.NET Core Identity Security .NET Core 2.0 Preview 2 - Comments