Table of content
- Project: KeyGenRSA
- Project: ApiJWT
- Project: ApiCookieAuth
- Project: WebApi_EF_Identity
- Project: WebApi_EF_Identity_BearerNET8
- Project: ApiKeyAuth
- Project: Blazor WASM BFF - Auth0 - OpenIDConnect
- Project: Blazor WASM JWT - Auth0 - OpenIDConnect
- Other resources
- Password hashing
- Console application to generate private and public RSA pem files.
- Private key is used in the ApiJWT project to sign and validate JWT.
- Public key can be used to validate an ApiJWT token. It can be an RsaSecurityKey during authentication process passing the ApiJWT token.
- Hashing and Salting password with PBKDF2.
- Hashing and Salting passwords best practices πCode-Maze - PBKDF2| BCrypt/SCrypt |Argon2 | Bouncy Castle cryptography library
- WebAPI using JWT authentication, signing the token with the RSA private key.
- Create SigningCredentials with symmetric and asymmetric security key using RSA or X509Certificate.
- Implement a method for refreshing the token.
- Implement a method for invalidating the token.
- user-jwts πMS-Learn
- JWT Authentication π½οΈ33min | Raw Coding YouTube channel contains deep dive videos into authentication topic
- Signing JWT with RSA πProudMonkey
- New default Authentication Scheme in .NET 7 πauth0 | Setup JWT Bearer token πShawnWildermuth
- A simple WebAPI with a single html file. This is not a comprehensive example, just a checking the basics of cookie authentication.
- Black-list: Implemented a solution to invalidate or reject a cookie based on the session ID.
- Example of using ClaimsTransformation
- ASP.NET Core Cookie Authentication π½οΈ46min-RawCoding
- Cookie invalidation and Token revocation π½οΈ13min - Raw Coding
- Claims transformation for flexible Authorization πMilan | Video π½οΈ14min - Milan
- Take advantage of the Entity Framework Identity features, including UserManager and SignInManager.
- Two Factor Authentication with AuthenticatorApp or Email
- First: Register -> Confirm email
- Flow #1: Get TwoFactor auth setup for Email -> Enable Email-TwoFactor with the given code -> Logout -> Login with user+pass -> Login with Email-TwoFactor with the given code (you got it after email+pass login)
- Flow #2: Get TwoFactor auth setup for AuthenticatorApp by scanning the QR code -> Enable Authenticator-TwoFactor with a code -> Logout -> Login with user+pass -> Login with Authenticator-TwoFactor with a code
- Generating a short-lived token for signing in like Slack and Medium
- Recovery codes for 2FA can be generated. After logging in with your username and password, you can use one of these codes instead of the authenticator code.
- Two Factor Authentication with Web API and Angular using Google Authenticator πCode-Maze
- QR code generator πWebAPI
- Implementing custom token provider for short-lived token πAndrew Lock
NET.8 introduced a new authentication method called BearerToken with new Identity endpoints (register, login). Just a few lines of code, you can have user management endpoints using Entity Framework. However, it is not suitable for custom needs and is more appropriate for local demo purposes. You can learn from the code to write your custom logic. See the WebApi_EF_Identity project.
- Authentication made easy with Identity in .NET 8 π½10min - Milan
- New .NET 8 Authentication features π½20min - Anton/Raw Coding
- Should you use the .NET 8 Identity API endpoints? πAndrew Lock
- JWT vs Opaque Tokens πMedium
The following solutions have been implemented
- Use a custom middleware to check the API Key
- Add an authorization filter for all endpoints of the Controller
- Apply an authorization filter individually (controller and/or endpoint level) with an attribute
- Add an endpoint filter for minimal API
- Add a custom authentication handler and use the [Authorize] attribute
- API Key Authentication π½οΈ18m - Nick Chapsas
- Protect your API with API Keys πJosef Ottosson - Custom authentication handler with roles
- Creating a custom authentication scheme πJoonasW - BasicAuthentication
- An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application that has a Backend For Frontend (BFF) architecture.
- Damienβs template is used to create 3 projects: Client, Server and Shared and customized for Auth0.
- For more information
- An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application.
- For more information
- SimpleAuthentication π€Marco Minerva
- Overview of different App security topics π€DamienBod
- Certificate Authentication πDamienBod
- aspnet-contrib / AspNet.Security.OAuth.Providers π€
- Azure AD Authentication πFacileTechnolab
- Combining JWT and Cookie Authentication πRickStrahl
- What's New in .NET 7 for Authentication and Authorization πauth0
- Flexible authorization π½οΈ35m - Jason Taylor - NDC Oslo 2023
- Blazor Authentication and Authorization with Identity π½οΈPatrick God
- How to store a password πmeziantou
- Cryptography in .NET πmeziantou
- Cryptography Implementations in .NET πCode-Maze
- How does the default password hasher work πCode-Maze