Wesley Cabus

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

How to test your #IdentityServer?

In this post, we demonstrate how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security

duende.link/a4rs979

It’s very good in writing functions or focused algorithms which it has seen before. The minute you start combining algorithms or thread out of the AI-known path, it begins to just paste stuff together. And sometimes, it gets lucky and gets it partially correct.

What are Best Practices of Web Application Security in 2025?

This post focuses on key security and authentication flows using OAuth 2.0 and OpenID Connect, flows to avoid, security measures to implement, and IETF Best Current Practices.

duende.link/iyqe3fk #security #dotnet

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Fresh post on external providers in #aspnetcore

We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.

duende.link/q24tubs #security #identity #dotnet

two cars are driving down a road with a sunset in the background and the words kidmograph at the bottom ALT: two cars are driving down a road with a sunset in the background and the words kidmograph at the bottom

Just call it synthwave design.

Coming to an ASP.NET Core HTTPS development certificate near you soon...

New release: IdentityServer 7.3.0 Release Candidate 1 · DuendeSoftware · Discussion #256 Great news today! The Duende IdentityServer 7.3.0 Release Candidate 1 has been published on NuGet! Release notes Upgrade guide IdentityServer 7.3 is a significant release that includes: FAPI 2.0 pr...

Check out the freshly deployed IdentityServer 7.3.0 Release Candidate 1. It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more!

duende.link/is73rc1 #dotnet #security

The agenda for #CloudBrew is ready! Why not join us in December?

Early Bird tickets are now also available! 👉 www.cloudbrew.be #dotnet #azure

How I got involved in the Backend for Frontend (BFF) spec? @philippederyck.bsky.social built a demo to show how insecure single-page applications can be!

Full interview: youtu.be/urS9wstmN2U
More on Backend for Frontend: duende.link/bff

#dotnet #security #bff #oauth2

The #dotnet 8.0.17 upgrade fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.

Great! Or not 🤔
This patch may affect your #aspnetcore app. 😱

Check our blog post for background and fix: duende.link/0mgnet8

VisugXL 2025 : Call for Speakers VisugXL 2025 is the annual 1-day, free conference of Visug, bringing together students, developers, architects, and technology enthusiasts for a day o...

Got a killer dev talk? Bring it to the stage at VisugXL 2025! 🎤
We’re talking .NET, Azure, OSS, real-world code — the good stuff.
📅 Nov 28 – Leuven, Belgium
Hit us with your best shot 👉 sessionize.com/visugxl-2025
#VisugXL2025 #CallForSpeakers #dotnet #Azure #DevRockstars

Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused.

In this post, let's clarify what a "client" means in application security.

duende.link/m8tyde4 #dotnet #security #identity

a man with a mustache is sitting on a swing in a park Alt: a man with a mustache is sitting on a swing in a park, then at his kitchen table, and then he's standing in a driveway, waiting...

Me while I'm waiting for my Keychron keyboard order status to switch to "shipped".

Speedtest results showing 1280 Mbps download and 929 Mbps upload speeds.

WiFi 7 🏎️💨!

Picture showing a bottle of Lervig “Off the rack Kentucky Bourbon 2022” beer, poured into a glass

Cheers to the weekend 🍻

Looking at you, @support.blizzard.com and the regression bugs in Diablo IV

Sometimes, I see errors or bugs that are so obviously trivial to fix (or even worse, regression bugs), that make me think two things:
1. Is everyone really just using AI to code these days or did the average developer become soo lax?
2. Give me an hour and I’ll fix it for you. Sheesh.

Awww yiss!

Boxed PC parts, showing an AMD Ryzen 9800X3D, MSI GeForce RTX 5080, Asrock X870E Taichi motherboard, AIO watercooling and a power supply

Tonight, it is time to assemble a new gaming rig 🥳 #gaming #desktop

Did you see #dotnet run app.cs was announced at #MSBuild for .NET 10? We've been trying it out to test the #IdentityServer login flow, and it's quite nice!

In this post we'll see how to test first-party logins work properly, entirely through .NET code.

duende.link/qhr2shs

In ASP.NET Core, you may need to include extra information like user actions or custom parameters in user authentication. This post explains how to use the AuthenticationProperties class for this purpose.

duende.link/i3g4trw #dotnet #security #aspnetcore

What are key moments in the OAuth and OpenID Connect timeline?

In this article, we look back at the past 15 years to explore how the IETF and OpenID Foundation have set standards that shaped OAuth and OpenID Connect today.

duende.link/q39aegk #dotnet #security #ietf #oidc

Visit @duendesoftware.com at @techorama.bsky.social ! Come say hi, talk about IdentityServer, BFF and OpenIdConnect, and you can win a Lego set! #techorama #techoramabe

If you’re at #NDCOslo, come and ask us your authentication and authorisation questions!

Seems like I have a season worth of catching up to do

Gonna give Raycast a go, that looks slick 👌

Oh yeah, I used nvm on Windows as well!

Alright folks, any tips or must-have software for a (mostly) .NET developer who just received a MacBook as a work laptop coming from Windows?

I already have my JetBrains tools, oh my zsh and homebrew installed.