Andrew Lock | .NET Escapades

Andrew Lock
Security

  1. Creating a validator to check for common passwords in ASP.NET Core Identity

    In my last post, I showed how you can create a custom validator for ASP.NET Core. In this post, I introduce a package that lets you validate that a password is not one of the most common passwords users choose. You can find the package on GitHub and on…
    on ASP.NET Core ASP.NET Core Identity Security .NET Core 2.0 Preview 2 - Comments

  2. Creating custom password validators for ASP.NET Core Identity

    ASP.NET Core Identity is a membership system that lets you add user accounts to your ASP.NET Core applications. It provides the low-level services for creating users, verifying passwords and signing users in to your application, as well as additional features such as two-factor authentication (2FA) and account lockout…
    on ASP.NET Core Security ASP.NET Core Identity .NET Core 2.0 Preview 2 - Comments

  3. Automatically validating anti-forgery tokens in ASP.NET Core with the AutoValidateAntiforgeryTokenAttribute

    This quick post is a response to a question about anti-forgery tokens I saw on twitter: I want to apply ValidateAntiForgeryToken to every action on all HttpPost requests in #AspNetCore MVC. Any easy way to do this? #dotnetcore— Tugberk Ugurlu (@tourismgeek) 10 June 2017 Anti-forgery tokens are a security…
    on ASP.NET Core Security CSRF - Comments

  4. Preventing mass assignment or over posting in ASP.NET Core

    Mass assignment, also known as over-posting, is an attack used on websites that involve some sort of model-binding to a request. It is used to set values on the server that a developer did not expect to be set. This is a well known attack now, and has been discussed…
    on ASP.NET Core Security - Comments

  5. Resource-based authorisation in ASP.NET Core

    In this next post on authorisation in ASP.NET Core, we look at how you can secure resources based on properties of that resource itself. In a previous post, we saw how you could create a policy that protects a resource based on properties of the user trying to access…
    on ASP.NET Core Auth Security - Comments

  6. Modifying the UI based on user authorisation in ASP.NET Core

    This post is the next in the series on authentication and authorisation in ASP.NET Core. It shows how to modify the UI you present based on the authorisation level of the current user. This allows you to hide links to pages the user is not authorised to access, for…
    on ASP.NET Core Security Auth Front End - Comments