Disabling parts of ASP.NET Core Identity

Re-blogged from Damien’s site.

Software Engineering

This article shows how to disable parts of ASP.NET Core Identity in a Web Application. In the ASP.NET Core Identity, the Identiy UI is deployed as part of the NuGet package. So per default everything is enabled and you have to opt-out, unlike the older versions which was opt-in. If you are not careful, this could cause security holes in your application. It is important that you disable the parts of Identity which you do not use!

To demonstrate this, the register process will be disabled. Sometimes, the users are imported or defined using an existing application/process, and the application should not be allowed to register users, so it needs to be deactivated. Per default, it is added and needs to be removed. The default Register Razor Page can be reached at the following URL:

“App base URL”/Account/Register

To turn this off, you need to scaffolding the Razor Page into…

View original post 96 more words

GDPR in .Net Core: .Net Core Security Part VII

We know that GDPR is officially part of a law in Europe from 25th May 2018. There are some awesome enhancements shipped with .Net Core 2.1, one of them is support for GDPR. Let us see what are the things added for GDPR in .Net Core 2.1 What is GDPR? The General Data Protection Regulation (GDPR) (Regulation … Continue reading GDPR in .Net Core: .Net Core Security Part VII

CORS in .Net Core: .Net Core Security Part VI

You can find all .Net core posts here. In these series of posts, we will see how to secure your .Net Core applications. In this post, we will see what is CORS and how to enable CORS in your .Net Core application. What is CORS? Before going for the basic question “What is CORS?”, Let us take a scenario related to … Continue reading CORS in .Net Core: .Net Core Security Part VI

Global Authorization Filter in .Net Core: .Net Core Security Part – V

You can find all of my  .Net core posts here. In these series of posts, we will see how to secure your .Net Core applications. In this post, we will see how to add the Authorize globally in your .Net Core application. Let us assume we need to add Authorize filter globally which means we are no more require to … Continue reading Global Authorization Filter in .Net Core: .Net Core Security Part – V

Azure Vault key security pattern: Cloud design patterns part I

You can find my all .Net core posts here. By this post, I am starting the series of post on Cloud design patterns. These patterns are mostly generic and can be used with any cloud provider but in this series, I will mainly focus on the Azure. Let us first see some of the basic information … Continue reading Azure Vault key security pattern: Cloud design patterns part I

Web API Security with IdentityServer4: IdentityServer4 with .Net Core Part III

Note – You can find the source code of my sample application here. You can find all .Net core posts here. In my previous post on IdentityServer4, I explained how to set up an Auth server and also created a client. You can find the post here. I would request you to go through this previous post before … Continue reading Web API Security with IdentityServer4: IdentityServer4 with .Net Core Part III

Step by step setup for the Auth server and the client: IdentityServer4 with .Net Core Part II

Note – You can find the source code of my sample application here. (Note that the code may contain extra code, concentrate on Auth Server and client for now) You can find all .Net core posts here. In my previous post on IdentityServer4, I explained the basics of IdentityServer4 which you can find here. In this post, we … Continue reading Step by step setup for the Auth server and the client: IdentityServer4 with .Net Core Part II

IdentityServer4 in simple words: IdentityServer4 with .Net Core Part I

You can find all .Net core posts here. Once I explored and wrote about Authentication in .Net Core using Identity here, many people have asked me to explore and write on IdentityServer4. So I am starting a series of posts in which I will mainly concentrate on IdentityServer4 In this first post, we will see some … Continue reading IdentityServer4 in simple words: IdentityServer4 with .Net Core Part I

Secure .Net Core applications from the Open Redirect attacks: .Net Core security Part IV

You can find my all .Net core posts here. In these series of posts, we will see how to secure your .Net Core applications. In this post, we will see how to secure your .Net Core application from the Open Redirect attack. What is Open Redirection attack? Open Redirection attack is a URL Redirection. An Open Redirection attack is a kind … Continue reading Secure .Net Core applications from the Open Redirect attacks: .Net Core security Part IV