damienbod / AspNetCoreExperiments

ASP.NET Core Blazor BFF with Microsoft Entra ID and Razor page

https://damienbod.com/2021/06/28/sign-in-using-multiple-clients-or-tenants-in-asp-net-core-and-azure-ad/

MIT License

50 stars 7 forks source link

aad antiforgery aspnetcore authn azuread bff blazor csp oidc openid-connect razor samesite samesite-cookies

readme

ASP.NET Core

Blazor .NET 8 BFF WASM & server(BlazorHosted.Server to start)

Using the Backend for frontend pattern to secure application using Microsoft Entra ID

Improving application security in Blazor using HTTP headers

ASP.NET Core 8 Razor (AspNetCoreRazor)

Razor page application secured using Microsoft Entra ID

Improving application security in an ASP.NET Core Razor Page using HTTP headers

ASP.NET Core 8 Razor multiple tenants (AspNetCoreRazorMultiClients)

Sign-in using multiple clients or tenants in ASP.NET Core and Microsoft Entra ID

Blazor .NET 8 BFF WASM & server(BlazorHosted.Server to start) & API secured with JWT

Implement a secure API and a Blazor app in the same ASP.NET Core project with Microsoft Entra ID authentication

History

2024-10-19 Updated packages, improved security headers
2024-10-03 Updated packages, security headers
2024-01-14 Updated .NET 8, Blazor uses CSP nonce
2023-11-03 Updated packages, fixed security headers, removed XSS block
2023-06-24 Updated packages, fixed CSP
2023-03-11 Updated .NET 7, updates security headers, Update Microsoft.Identity.web
2022-06-12 Updated nullables, implicit usings, bootstrap 5, packages
2022-06-10 Updated nuget packages and BFF project
2022-02-11 Updated nuget packages and namespaces
2022-01-16 Updated nuget packages, code clean up
2022-01-05 Updated nuget packages
2021-11-21 Updated packages, improved Blazor CSP, removed inline style
2021-11-08 Updated .NET 6 release
2021-10-29 Updated packages
2021-10-02 Updated packages
2021-09-17 Updated .NET 6 packages added mixed auth Blazor & API example
2021-09-15 Updated .NET 6
2021-08-13 Added security headers
2021-08-09 Updated nuget packages

Links

https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes

https://github.com/AzureAD/microsoft-identity-web/wiki/customization#openidconnectoptions

https://github.com/AzureAD/microsoft-identity-web

https://docs.microsoft.com/en-us/aspnet/core/security/authentication

Security header links

https://securityheaders.com/

https://csp-evaluator.withgoogle.com/

https://www.snigel.com/blog/a-simple-guide-to-coop-coep-corp-and-cors/

https://www.youtube.com/watch?v=J6BZ9IQELNA

https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders

https://github.com/dotnet/aspnetcore/issues/34428

https://w3c.github.io/webappsec-trusted-types/dist/spec/

https://web.dev/trusted-types/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit

https://scotthelme.co.uk/coop-and-coep/

https://github.com/OWASP/ASVS