Table of content
- Project: KeyGenRSA
- Project: ApiJWT
- Project: ApiCookieAuth
- Project: WebApi_EF_Identity
- Project: ApiKeyAuth
- Project: Blazor WASM BFF - Auth0 - OpenIDConnect
- Project: Blazor WASM JWT - Auth0 - OpenIDConnect
- Other resources
- Password hashing
- Console application to generate private and public RSA pem files.
- Private key is used in the ApiJWT project to sign and validate JWT.
- Public key can be used to validate an ApiJWT token. It can be an RsaSecurityKey during authentication process passing the ApiJWT token.
- Hashing and Salting password with PBKDF2.
- Hashing and Salting passwords best practices πCode-Maze - PBKDF2| BCrypt/SCrypt |Argon2 | Bouncy Castle cryptography library
- WebAPI using JWT authentication, signing the token with the RSA private key.
- Create SigningCredentials with symmetric and asymmetric security key using RSA or X509Certificate.
- Implement a method for refreshing the token.
- Implement a method for invalidating the token.
- JWT Authentication π½οΈ33min | Raw Coding YouTube channel contains deep dive videos into authentication topic
- Cookie invalidation and Token revocation π½οΈ13min - Raw Coding
- Signing JWT with RSA πProudMonkey
- What's new in .NET 7 for Authentication πauth0 | Setup JWT Bearer token πShawnWildermuth | user-jwts π
- Claims transformation for flexible Authorization πMilan | Video π½οΈ14min - Milan
- Implements a cookie authentication.
- Call the ApiJWT service to obtain a token and store it in the AuthenticationProperties for future use.
- Implement a method for adding sessions to the black list.
- ASP.NET Core Cookie Authentication π½οΈ46min-RawCoding
- Take advantage of the Entity Framework Identity features, including UserManager and SignInManager.
- Two Factor Authentication with AuthenticatorApp or Email
- Flow: Register -> Confirm email -> Get TwoFactor auth setup -> Enable TwoFactor -> Logout -> Login -> Login with TwoFactor
- Generating a short-lived token for signing in like Slack and Medium
- Recovery codes for 2FA can be generated. After logging in with your username and password, you can use one of these codes instead of the authenticator code.
- Two Factor Authentication with Web API and Angular using Google Authenticator πCode-Maze
- QR code generator πWebAPI
- Implementing custom token provider for short-lived token πAndrew Lock
The following solutions have been implemented
- Use a custom middleware to check the API Key
- Add an authorization filter for all endpoints of the Controller
- Apply an authorization filter individually (controller and/or endpoint level) with an attribute
- Add an endpoint filter for minimal API
- Add a custom authentication handler and use the [Authorize] attribute
- API Key Authentication π½οΈ18m - Nick Chapsas
- Protect your API with API Keys πJosef Ottosson - Custom authentication handler with roles
- Creating a custom authentication scheme πJoonasW - BasicAuthentication
- An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application that has a Backend For Frontend (BFF) architecture.
- Damienβs template is used to create 3 projects: Client, Server and Shared and customized for Auth0.
- For more information
- An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application.
- For more information
- SimpleAuthentication π€Marco Minerva
- Overview of different App security topics π€DamienBod
- Certificate Authentication πDamienBod
- aspnet-contrib / AspNet.Security.OAuth.Providers π€
- Azure AD Authentication πFacileTechnolab
- Combining JWT and Cookie Authentication πRickStrahl
- What's New in .NET 7 for Authentication and Authorization πauth0
- Flexible authorization π½οΈ35m - Jason Taylor - NDC Oslo 2023
- How to store a password πmeziantou
- Cryptography in .NET πmeziantou
- Cryptography Implementations in .NET πCode-Maze
- How does the default password hasher work πCode-Maze