Disabling parts of ASP.NET Core Identity

Re-blogged from Damien’s site.

Software Engineering

This article shows how to disable parts of ASP.NET Core Identity in a Web Application. In the ASP.NET Core Identity, the Identiy UI is deployed as part of the NuGet package. So per default everything is enabled and you have to opt-out, unlike the older versions which was opt-in. If you are not careful, this could cause security holes in your application. It is important that you disable the parts of Identity which you do not use!

To demonstrate this, the register process will be disabled. Sometimes, the users are imported or defined using an existing application/process, and the application should not be allowed to register users, so it needs to be deactivated. Per default, it is added and needs to be removed. The default Register Razor Page can be reached at the following URL:

“App base URL”/Account/Register

To turn this off, you need to scaffolding the Razor Page into…

View original post 96 more words

GDPR in .Net Core: .Net Core Security Part VII

We know that GDPR is officially part of a law in Europe from 25th May 2018. There are some awesome enhancements shipped with .Net Core 2.1, one of them is support for GDPR. Let us see what are the things added for GDPR in .Net Core 2.1 What is GDPR? The General Data Protection Regulation (GDPR) (Regulation … Continue reading GDPR in .Net Core: .Net Core Security Part VII

CORS in .Net Core: .Net Core Security Part VI

You can find all .Net core posts here. In these series of posts, we will see how to secure your .Net Core applications. In this post, we will see what is CORS and how to enable CORS in your .Net Core application. What is CORS? Before going for the basic question “What is CORS?”, Let us take a scenario related to … Continue reading CORS in .Net Core: .Net Core Security Part VI

Global Authorization Filter in .Net Core: .Net Core Security Part – V

You can find all of my  .Net core posts here. In these series of posts, we will see how to secure your .Net Core applications. In this post, we will see how to add the Authorize globally in your .Net Core application. Let us assume we need to add Authorize filter globally which means we are no more require to … Continue reading Global Authorization Filter in .Net Core: .Net Core Security Part – V

Azure Vault key security pattern: Cloud design patterns part I

You can find my all .Net core posts here. By this post, I am starting the series of post on Cloud design patterns. These patterns are mostly generic and can be used with any cloud provider but in this series, I will mainly focus on the Azure. Let us first see some of the basic information … Continue reading Azure Vault key security pattern: Cloud design patterns part I

Web API Security with IdentityServer4: IdentityServer4 with .Net Core Part III

Note – You can find the source code of my sample application here. You can find all .Net core posts here. In my previous post on IdentityServer4, I explained how to set up an Auth server and also created a client. You can find the post here. I would request you to go through this previous post before … Continue reading Web API Security with IdentityServer4: IdentityServer4 with .Net Core Part III