Tag

asp.net

C#, Web

ASP.NET Identity for your custom user and roles models

I’ve been seeing a lot of requests by developers in the past months who seem to be struggling with adding their custom user authentication model into their application; they want to be able to integrate it into the ASP.NET pipeline to play nice with the Authentication middleware (i.e. AuthorizeAttribute). ASP.NET Identity Core has been rewritten to leverage the use of interfaces (abstraction!) so you can easily develop a system that caters to your needs. In this post, I want to show you how to leverage that by using ASP.NET Identity in an ASP.NET Core 2.0 application. Setup The first thing is to add the ASP.NET Identity package to your project. In Visual Studio 2017, you can right click on the Dependencies…

Read more
Angular, C#, Web

Secure your Angular/ASP.NET Core application with Anti-forgery token

Security has always been at the forefront of Web Applications. There are so many security concerns one has to think of when developing web applications. Today, I want to share with you guys how to secure a Single Page Application (SPA) from Cross-site request forgery (CSRF or XSRF) using Angular 4. If you’re still using Angular 2 this works as well but I recommend upgrading to 4. It’s easy and they made the code faster and smaller (maybe a topic for another day ;-]) By default, the Angular core HTTP library will look for a token in the cookie with the name XSRF-TOKEN and add it to the request. Thanks to the CookieXSRFStrategy provided by Angular, Angular does that part for you. However,…

Read more