Category

ASP.NET Core

ASP.NET Core

ASP.NET Core – KestrelServer using wrong development SSL certificate

I recently was playing around with the localhost SSL certificate that is used with Kestrel when developing locally. After cleaning my certificate using dotnet dev-certs https –clean and then retrusting it through dotnet dev-certs https –trust, my browser kept telling me my certificate was expired. Adding more log to my application, it was telling me it was using a certificate with thumbnail X that I couldn’t find in my User Certificate Store. Low and behold, this happens, when you have a certificate (with the same name as your projet) lingering in the folder %APPDATA%\ASP.NET\Https. The certificates here is used in a container scenario. Thanks to this GitHub issue that pointed me in the right direction. Hope this little post can…

Read more
ASP.NET Core, C#, WebApi

Securing ASP.NET Core WebApi with an API Key

I read the article from Aram Tchekrekjian, which he goes in great length about techniques to secure a Web API, that is, using a Middleware and using an attribute that uses the IAsyncActionFilter. I would like to add another technique to this list using also an attribute, but one that uses the IAsyncAuthorizationFilter instead. This filter is called earlier in the chain of filters and can stop early a bad request using an invalid API Key. To learn more about filters, check out the documentation. I will use the starter ASP.NET Core 3 API template that comes with dotnet. You can create it through Visual Studio or using the command line dotnet new webapi <ProjectName>. In my scenario, I will use a combination…

Read more