- Securing an ASP.NET Core MVC application which uses a secure API
- Handling Access Tokens for private APIs in ASP.NET Core
- Adding HTTP Headers to improve Security in an ASP.NET MVC Core application
- ASP.NET Core OAuth Device Flow Client with IdentityServer4
- Securing an ASP.NET Core Razor Page App using OpenID Connect Code flow with PKCE
- Force ASP.NET Core OpenID Connect client to require MFA
- Send MFA signin requirement to OpenID Connect server using ASP.NET Core Identity and IdentityServer4
- Requiring MFA for Admin Pages in an ASP.NET Core Identity application
-
2020-01-03 Added ASP.NET Core Identity App with MFA force
-
2019-12-18 Added STS acr_values parameters logic
-
2019-12-14 Added Require MFA client
-
2019-12-13 Updated to .NET Core 3.1
-
2019-10-11 Added example of Code Flow with PKCE for ASP.NET Core Razor Page App
-
2019-10-06 Updated to .NET Core 3.0
-
2019-05-10 Improving token handling
-
2019-04-30 Switch to in-process, add token expired check, Updating nuget packages, updating npm packages
-
2019-02-24 Updating obsolete API call code, updating npm packages
-
2019-02-20 Updating STS, added the OAuth Device Flow
-
2018-11-11 Updating Nuget packages, added feauture-policy
-
2018-11-10 Updated to .NET Core 2.2
-
2018-08-03 Updated to .NET Core 2.1.2
-
2018-05-08 Updated to .NET Core 2.1 rc1
-
2018-05-07 Updated to .NET Core 2.1 preview 2, new Identity Views, 2FA Authenticator, IHttpClientFactory, bootstrap 4.1.0
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-2.2
https://leastprivilege.com/2019/02/08/try-device-flow-with-identityserver4/
https://tools.ietf.org/wg/oauth/draft-ietf-oauth-device-flow/
https://github.com/leastprivilege/AspNetCoreSecuritySamples/tree/aspnetcore21/DeviceFlow
https://hajekj.net/2017/03/06/forcing-reauthentication-with-azure-ad/