{"id":15410746,"url":"https://github.com/damienbod/aspnetcoreexperiments","last_synced_at":"2025-08-20T16:33:04.896Z","repository":{"id":37991893,"uuid":"378582498","full_name":"damienbod/AspNetCoreExperiments","owner":"damienbod","description":"ASP.NET Core Blazor BFF with Microsoft Entra ID and Razor page","archived":false,"fork":false,"pushed_at":"2024-11-15T14:26:14.000Z","size":1971,"stargazers_count":50,"open_issues_count":3,"forks_count":7,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-12-10T02:21:25.372Z","etag":null,"topics":["aad","antiforgery","aspnetcore","authn","azuread","bff","blazor","csp","oidc","openid-connect","razor","samesite","samesite-cookies"],"latest_commit_sha":null,"homepage":"https://damienbod.com/2021/06/28/sign-in-using-multiple-clients-or-tenants-in-asp-net-core-and-azure-ad/","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/damienbod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-20T07:14:30.000Z","updated_at":"2024-11-15T14:26:18.000Z","dependencies_parsed_at":"2023-01-16T15:45:22.278Z","dependency_job_id":"34961090-f19f-4e1a-b50c-c1e5a0b65752","html_url":"https://github.com/damienbod/AspNetCoreExperiments","commit_stats":{"total_commits":165,"total_committers":1,"mean_commits":165.0,"dds":0.0,"last_synced_commit":"e0d60b4902ca098bc769da737d61856aa9af674e"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreExperiments","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreExperiments/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreExperiments/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreExperiments/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/damienbod","download_url":"https://codeload.github.com/damienbod/AspNetCoreExperiments/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230438191,"owners_count":18225871,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aad","antiforgery","aspnetcore","authn","azuread","bff","blazor","csp","oidc","openid-connect","razor","samesite","samesite-cookies"],"created_at":"2024-10-01T16:46:09.943Z","updated_at":"2025-08-20T16:33:04.885Z","avatar_url":"https://github.com/damienbod.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ASP.NET Core \r\n\r\n[![.NET](https://github.com/damienbod/AspNetCore6Experiments/workflows/.NET/badge.svg)](https://github.com/damienbod/AspNetCore6Experiments/actions?query=workflow%3A.NET)\r\n\r\n## Blazor .NET 9 BFF WASM \u0026 server(BlazorHosted.Server to start)\r\n\r\nUsing the Backend for frontend pattern to secure application using Microsoft Entra ID\r\n\r\n[Improving application security in Blazor using HTTP headers](https://damienbod.com/2021/08/23/improving-application-security-in-blazor-using-http-headers-part-2/)\r\n\r\n## ASP.NET Core 9 Razor (AspNetCoreRazor)\r\n\r\nRazor page application secured using Microsoft Entra ID\r\n\r\n[Improving application security in an ASP.NET Core Razor Page using HTTP headers](https://damienbod.com/2021/08/16/improving-application-security-in-asp-net-core-razor-pages-using-http-headers-part-1/)\r\n\r\n## ASP.NET Core 9 Razor multiple tenants (AspNetCoreRazorMultiClients)\r\n\r\n[Sign-in using multiple clients or tenants in ASP.NET Core and Microsoft Entra ID](https://damienbod.com/2021/06/28/sign-in-using-multiple-clients-or-tenants-in-asp-net-core-and-azure-ad/)\r\n\r\n## Blazor .NET 9 BFF WASM \u0026 server(BlazorHosted.Server to start) \u0026 API secured with JWT\r\n\r\n[Implement a secure API and a Blazor app in the same ASP.NET Core project with Microsoft Entra ID authentication](https://damienbod.com/2021/10/04/implement-a-secure-api-and-a-blazor-app-in-the-same-asp-net-core-project-with-azure-ad-authentication/)\r\n\r\n## History \r\n\r\n- 2025-05-07 Updated packages,\r\n- 2024-11-15 .NET 9\r\n- 2024-10-19 Updated packages, improved security headers\r\n- 2024-10-03 Updated packages, security headers\r\n- 2024-01-14 Updated .NET 8, Blazor uses CSP nonce\r\n- 2023-11-03 Updated packages, fixed security headers, removed XSS block\r\n- 2023-06-24 Updated packages, fixed CSP\r\n- 2023-03-11 Updated .NET 7, updates security headers, Update Microsoft.Identity.web\r\n- 2022-06-12 Updated nullables, implicit usings, bootstrap 5, packages\r\n- 2022-06-10 Updated nuget packages and BFF project\r\n- 2022-02-11 Updated nuget packages and namespaces\r\n- 2022-01-16 Updated nuget packages, code clean up\r\n- 2022-01-05 Updated nuget packages\r\n- 2021-11-21 Updated packages, improved Blazor CSP, removed inline style\r\n- 2021-11-08 Updated .NET 6 release\r\n- 2021-10-29 Updated packages\r\n- 2021-10-02 Updated packages\r\n- 2021-09-17 Updated .NET 6 packages added mixed auth Blazor \u0026 API example\r\n- 2021-09-15 Updated .NET 6\r\n- 2021-08-13 Added security headers\r\n- 2021-08-09 Updated nuget packages\r\n\r\n## Links\r\n\r\nhttps://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes\r\n\r\nhttps://github.com/AzureAD/microsoft-identity-web/wiki/customization#openidconnectoptions\r\n\r\nhttps://github.com/AzureAD/microsoft-identity-web\r\n\r\nhttps://docs.microsoft.com/en-us/aspnet/core/security/authentication\r\n\r\n## Security header links\r\n\r\nhttps://securityheaders.com/\r\n\r\nhttps://csp-evaluator.withgoogle.com/\r\n\r\nhttps://www.snigel.com/blog/a-simple-guide-to-coop-coep-corp-and-cors/\r\n\r\nhttps://www.youtube.com/watch?v=J6BZ9IQELNA\r\n\r\nhttps://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders\r\n\r\nhttps://github.com/dotnet/aspnetcore/issues/34428\r\n\r\nhttps://w3c.github.io/webappsec-trusted-types/dist/spec/\r\n\r\nhttps://web.dev/trusted-types/\r\n\r\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)\r\n\r\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\r\n\r\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies\r\n\r\nhttps://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit\r\n\r\nhttps://scotthelme.co.uk/coop-and-coep/\r\n\r\nhttps://github.com/OWASP/ASVS\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcoreexperiments","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamienbod%2Faspnetcoreexperiments","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcoreexperiments/lists"}