Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/damienbod/aspnetcoreexperiments

ASP.NET Core Blazor BFF with Microsoft Entra ID and Razor page
https://github.com/damienbod/aspnetcoreexperiments

aad antiforgery aspnetcore authn azuread bff blazor csp oidc openid-connect razor samesite samesite-cookies

Last synced: about 1 month ago
JSON representation

ASP.NET Core Blazor BFF with Microsoft Entra ID and Razor page

Host: GitHub
URL: https://github.com/damienbod/aspnetcoreexperiments
Owner: damienbod
License: mit
Created: 2021-06-20T07:14:30.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-11-15T14:26:14.000Z (2 months ago)
Last Synced: 2024-12-10T02:21:25.372Z (about 1 month ago)
Topics: aad, antiforgery, aspnetcore, authn, azuread, bff, blazor, csp, oidc, openid-connect, razor, samesite, samesite-cookies
Language: CSS
Homepage: https://damienbod.com/2021/06/28/sign-in-using-multiple-clients-or-tenants-in-asp-net-core-and-azure-ad/
Size: 1.88 MB
Stars: 50
Watchers: 8
Forks: 7
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ASP.NET Core

[![.NET](https://github.com/damienbod/AspNetCore6Experiments/workflows/.NET/badge.svg)](https://github.com/damienbod/AspNetCore6Experiments/actions?query=workflow%3A.NET)

## Blazor .NET 9 BFF WASM & server(BlazorHosted.Server to start)

Using the Backend for frontend pattern to secure application using Microsoft Entra ID

[Improving application security in Blazor using HTTP headers](https://damienbod.com/2021/08/23/improving-application-security-in-blazor-using-http-headers-part-2/)

## ASP.NET Core 9 Razor (AspNetCoreRazor)

Razor page application secured using Microsoft Entra ID

[Improving application security in an ASP.NET Core Razor Page using HTTP headers](https://damienbod.com/2021/08/16/improving-application-security-in-asp-net-core-razor-pages-using-http-headers-part-1/)

## ASP.NET Core 9 Razor multiple tenants (AspNetCoreRazorMultiClients)

[Sign-in using multiple clients or tenants in ASP.NET Core and Microsoft Entra ID](https://damienbod.com/2021/06/28/sign-in-using-multiple-clients-or-tenants-in-asp-net-core-and-azure-ad/)

## Blazor .NET 9 BFF WASM & server(BlazorHosted.Server to start) & API secured with JWT

[Implement a secure API and a Blazor app in the same ASP.NET Core project with Microsoft Entra ID authentication](https://damienbod.com/2021/10/04/implement-a-secure-api-and-a-blazor-app-in-the-same-asp-net-core-project-with-azure-ad-authentication/)

## History

- 2024-11-15 .NET 9
- 2024-10-19 Updated packages, improved security headers
- 2024-10-03 Updated packages, security headers
- 2024-01-14 Updated .NET 8, Blazor uses CSP nonce
- 2023-11-03 Updated packages, fixed security headers, removed XSS block
- 2023-06-24 Updated packages, fixed CSP
- 2023-03-11 Updated .NET 7, updates security headers, Update Microsoft.Identity.web
- 2022-06-12 Updated nullables, implicit usings, bootstrap 5, packages
- 2022-06-10 Updated nuget packages and BFF project
- 2022-02-11 Updated nuget packages and namespaces
- 2022-01-16 Updated nuget packages, code clean up
- 2022-01-05 Updated nuget packages
- 2021-11-21 Updated packages, improved Blazor CSP, removed inline style
- 2021-11-08 Updated .NET 6 release
- 2021-10-29 Updated packages
- 2021-10-02 Updated packages
- 2021-09-17 Updated .NET 6 packages added mixed auth Blazor & API example
- 2021-09-15 Updated .NET 6
- 2021-08-13 Added security headers
- 2021-08-09 Updated nuget packages

## Links

https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes

https://github.com/AzureAD/microsoft-identity-web/wiki/customization#openidconnectoptions

https://github.com/AzureAD/microsoft-identity-web

https://docs.microsoft.com/en-us/aspnet/core/security/authentication

## Security header links

https://securityheaders.com/

https://csp-evaluator.withgoogle.com/

https://www.snigel.com/blog/a-simple-guide-to-coop-coep-corp-and-cors/

https://www.youtube.com/watch?v=J6BZ9IQELNA

https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders

https://github.com/dotnet/aspnetcore/issues/34428

https://w3c.github.io/webappsec-trusted-types/dist/spec/

https://web.dev/trusted-types/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit

https://scotthelme.co.uk/coop-and-coep/

https://github.com/OWASP/ASVS