Security - Page 1 - Andrew Lock | .NET Escapades

ASP.NET Core in Action, Second Edition supports .NET 5.0. Buy the book in MEAP now, and get the chapters as they're written. You even get a free copy of the first edition of ASP.NET Core in Action!
An introduction to the Data Protection system in ASP.NET Core

In this post I provide a primer on the ASP.NET Core data-protection system: what it is, why do we need it, and how it works at a high level…

January 12, 2021 in ASP.NET Core Security
Adding host filtering to Kestrel in ASP.NET Core

In this post I describe how to add host filtering to an ASP.NET Core application, and show why not filtering could allow attackers to exploit your app…

June 16, 2020 in ASP.NET Core Hosting Security
Preventing mass assignment or over posting with Razor Pages in ASP.NET Core

Mass assignment or over-posting is something to bear in mind when building ASP.NET Core apps. In this post I discuss how to stay safe when using Razor Pages…

April 28, 2020 in ASP.NET Core Security Razor Pages
Adding simple email address obfuscation for your blog like Cloudflare Scrape Shield

In this post I show a simple way to obfuscate email addresses to make it harder for bots to scrape them from your site, similar to Cloudflare Scrape Shield.…

April 21, 2020 in Front End Security
Safely migrating passwords in ASP.NET Core Identity with a custom PasswordHasher

In this post I create a custom IPasswordHasher implementation that can be used in ASP.NET Core Identity to migrate from weak hashes like MD5 or SHA1.…

May 07, 2019 in ASP.NET Core ASP.NET Core 2.0 ASP.NET Core Identity Security
Secure secrets storage for ASP.NET Core with AWS Secrets Manager (Part 2)

In this post I show how to control which secrets are loaded from AWS Secrets Manager when your ASP.NET Core app start.…

December 06, 2018 in ASP.NET Core Security Configuration AWS

Andrew Lock | .Net Escapades

Stay up to the date with the latest posts!