Table of content

• Project: KeyGenRSA
• Project: ApiJWT
• Project: ApiCookieAuth
• Project: WebApi_EF_Identity
• Project: WebApi_EF_Identity_BearerNET8
• Project: ApiKeyAuth
• Project: Blazor WASM BFF - Auth0 - OpenIDConnect
• Project: Blazor WASM JWT - Auth0 - OpenIDConnect
• Other resources
• Password hashing

• Console application to generate private and public RSA pem files.
• Private key is used in the ApiJWT project to sign and validate JWT.
• Public key can be used to validate an ApiJWT token. It can be an RsaSecurityKey during authentication process passing the ApiJWT token.
• Hashing and Salting password with PBKDF2.

• Hashing and Salting passwords best practices 📓Code-Maze - PBKDF2| BCrypt/SCrypt |Argon2 | Bouncy Castle cryptography library

• WebAPI using JWT authentication, signing the token with the RSA private key.
• Create SigningCredentials with symmetric and asymmetric security key using RSA or X509Certificate.
• Implement a method for refreshing the token.
• Implement a method for invalidating the token.

• user-jwts 📚MS-Learn
• JWT Authentication 📽️33min | Raw Coding YouTube channel contains deep dive videos into authentication topic
• Signing JWT with RSA 📓ProudMonkey
• New default Authentication Scheme in .NET 7 📓auth0 | Setup JWT Bearer token 📓ShawnWildermuth

• A simple WebAPI with a single html file. This is not a comprehensive example, just a checking the basics of cookie authentication.
• Black-list: Implemented a solution to invalidate or reject a cookie based on the session ID.
• Example of using ClaimsTransformation

• ASP.NET Core Cookie Authentication 📽️46min-RawCoding
• Cookie invalidation and Token revocation 📽️13min - Raw Coding
• Claims transformation for flexible Authorization 📓Milan | Video 📽️14min - Milan

• Take advantage of the Entity Framework Identity features, including UserManager and SignInManager.
• Two Factor Authentication with AuthenticatorApp or Email
  • First: Register -> Confirm email
  • Flow #1: Get TwoFactor auth setup for Email -> Enable Email-TwoFactor with the given code -> Logout -> Login with user+pass -> Login with Email-TwoFactor with the given code (you got it after email+pass login)
  • Flow #2: Get TwoFactor auth setup for AuthenticatorApp by scanning the QR code -> Enable Authenticator-TwoFactor with a code -> Logout -> Login with user+pass -> Login with Authenticator-TwoFactor with a code
• Generating a short-lived token for signing in like Slack and Medium
• Recovery codes for 2FA can be generated. After logging in with your username and password, you can use one of these codes instead of the authenticator code.

• Two Factor Authentication with Web API and Angular using Google Authenticator 📓Code-Maze
• QR code generator 📓WebAPI
• Implementing custom token provider for short-lived token 📓Andrew Lock

NET.8 introduced a new authentication method called BearerToken with new Identity endpoints (register, login). Just a few lines of code, you can have user management endpoints using Entity Framework. However, it is not suitable for custom needs and is more appropriate for local demo purposes. You can learn from the code to write your custom logic. See the WebApi_EF_Identity project.

• Authentication made easy with Identity in .NET 8 📽10min - Milan
• New .NET 8 Authentication features 📽20min - Anton/Raw Coding
• Should you use the .NET 8 Identity API endpoints? 📓Andrew Lock
• JWT vs Opaque Tokens 📓Medium

The following solutions have been implemented

1. Use a custom middleware to check the API Key
2. Add an authorization filter for all endpoints of the Controller
3. Apply an authorization filter individually (controller and/or endpoint level) with an attribute
4. Add an endpoint filter for minimal API
5. Add a custom authentication handler and use the [Authorize] attribute

• API Key Authentication 📽️18m - Nick Chapsas
• Protect your API with API Keys 📓Josef Ottosson - Custom authentication handler with roles
• Creating a custom authentication scheme 📓JoonasW - BasicAuthentication

• An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application that has a Backend For Frontend (BFF) architecture.
• Damien’s template is used to create 3 projects: Client, Server and Shared and customized for Auth0.
• For more information

• An example of using Auth0 with OpenIDConnect in a Blazor WebAssembly application.
• For more information

• SimpleAuthentication 👤Marco Minerva
• Overview of different App security topics 👤DamienBod
• Certificate Authentication 📓DamienBod
• aspnet-contrib / AspNet.Security.OAuth.Providers 👤
• Azure AD Authentication 📓FacileTechnolab
• Combining JWT and Cookie Authentication 📓RickStrahl
• What's New in .NET 7 for Authentication and Authorization 📓auth0
• Flexible authorization 📽️35m - Jason Taylor - NDC Oslo 2023
• Blazor Authentication and Authorization with Identity 📽️Patrick God

• How to store a password 📓meziantou
• Cryptography in .NET 📓meziantou
• Cryptography Implementations in .NET 📓Code-Maze
• How does the default password hasher work 📓Code-Maze