@brockallen.bsky.social
Programming is hard. Security is harder.
Brace yourself, w̶i̶n̶t̶e̶r̶ #dotnet 10 is coming! ⛄️
Let's look at the new capabilities and features we are excited about for the upcoming .NET release in November. Expect passkeys, #opentelemetry additions,TLS for *.localhost, and more.
duende.link/qet4wp9 #aspnetcore
Secure your native applications, like mobile and desktop applications, using #IdentityServer 🔐
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #dotnet
Claims and scopes describe user information in OpenID Connect.
Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for.
duende.link/97aeqlj 👀
#dotnet #aspnetcore
We're happy to start sponsoring the Spectre.Console project!
It is a #dotnet library that makes it easier to create beautiful console applications by giving you access to standard components you may find in a CLI experience.
Go check it out! duende.link/sp3ctr3
Adding .NET 10 Passkey Support to Duende IdentityServer
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
Secure your native applications, like mobile and desktop applications, using #IdentityServer 🔐
In this video, we cover why in-app login pages are outdated, the role of the browser, the Duende OidcClient library, secure token storage, and more!
youtu.be/7_OzM1c-STk #dotnet
The server's origin is used to generate passkey credentials, making them resistant to phishing. A credential signed for one app can't be used elsewhere.
What about subdomains? Or multiple domains? In this post, we'll explore some options.
duende.link/igeq87f #dotnet #security #passkeys #webauthn
Passwordless authentication is gaining momentum. The upcoming release of #dotnet 10 comes with built-in passkey support!
In this post, we look at the new #Blazor project template and how it adds secure authentication using passkeys.
duende.link/37egw9f
#identity #passkey #webauthn #aspnetcore
Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials.
Part 1 of our 4-part blog series covers password and authentication evolution. Longread ahead! 👀
duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore
Roland's video series continues! Let's see how to protect SPAs with OpenID Connect created with libraries like #Angular and #React or plain javascript.
We'll see why you want to use a BFF & how this pattern makes secure API access less cumbersome youtu.be/pSTMCyQH_E4
#dotnet #identity #aspnetcore
I'm hiring! Looking for an #aspnetcore dev, ideally with identity/oidc experience. Role is support, tech presales, advisory, docs, ...
East coast US ideally for timezone overlap in the team
Small team and company, big ambition. Reach out if you're interested! duendesoftware.com/careers/cust...
In this video, let's see how to protect SPAs with OpenID Connect created with libraries like #Angular and #React or plain javascript.
We'll see why you want to use a BFF & how this pattern makes secure API access less cumbersome youtu.be/pSTMCyQH_E4
#dotnet #identity #aspnetcore
What are Best Practices of Web Application Security in 2025?
This post focuses on key security and authentication flows using OAuth 2.0 and OpenID Connect, flows to avoid, security measures to implement, and IETF Best Current Practices.
duende.link/iyqe3fk #security #dotnet
Watch the recording of our #IdentityServer 7.3 launch!
duendesoftware.com/webinars/due...
Joe DeCock covers new templates, and looks at setting up your environment for the FAPI 2.0 security profile and conformance tests.
#dotnet #security #identity
Meet Duende #IdentityServer v7.3! This new release includes:
👉 Enhanced security & future proofing with FAPI 2.0 support
👉 Quick start templates to accelerate development.
👉 And more....
Release blog here ➡️ duende.link/is73b0b
#dotnet #security #identity
External identity providers in #aspnetcore
In this post, we cover initial setup (with Google), the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
Meet Duende #IdentityServer v7.3! This new release includes:
👉 Enhanced security & future proofing with FAPI 2.0 support
👉 Quick start templates to accelerate development.
👉 And more....
Release blog here ➡️ duende.link/is73b0b
#dotnet #security #identity
Next video from our Identity & Access Control workshop: OpenID Connect
We cover tokens, scopes, the #aspnetcore OpenID Connect handler, the userinfo endpoint, token management, refresh tokens, and more.
youtube.com/watch?v=c41R...
#identityserver #aspnetcore #oauth2 #openidconnect #dotnet
Fresh post on external providers in #aspnetcore
We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
How to test your #IdentityServer?
In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs.
More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity
Add an extra layer of security to critical user actions! 🛡️
Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities.
duende.link/qthej2r
#dotnet #security #oidc
I hope it’s secure! 😬
30.06.2025 03:28 — 👍 0 🔁 0 💬 1 📌 0How I got involved in the Backend for Frontend (BFF) spec? @philippederyck.bsky.social built a demo to show how insecure single-page applications can be!
Full interview: youtu.be/urS9wstmN2U
More on Backend for Frontend: duende.link/bff
#dotnet #security #bff #oauth2
Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused.
In this post, let's clarify what a "client" means in application security.
duende.link/m8tyde4 #dotnet #security #identity
Duende BFF Security Framework v4 Preview 1 is out! 🎉
This first preview of BFF v4 comes with support for hosting multiple frontends, easier wireup and configuration, OpenTelemetry, and more.
Changelog and feedback: github.com/orgs/DuendeS...
#security #dotnet #aspnetcore #oidc #react
Did you see #dotnet run app.cs was announced at #MSBuild for .NET 10? We've been trying it out to test the #IdentityServer login flow, and it's quite nice!
In this post we'll see how to test first-party logins work properly, entirely through .NET code.
duende.link/qhr2shs
We have a livestream coming! 📺
Token Management: Applying the Duende Backend for Frontend (BFF) Security Framework
🗓️ June 4, 2025
⏱️ 10 EST / 16:00 CEST / 14:00 UTC
🗣️ Speaker: Erwin van der Valk
Register here: duende.link/wj42025 #dotnet #security #bff
In the previous .NET Rocks! episode, Erwin van der Valk talks about the Backend for Frontend (BFF) pattern and how it can be used to secure browser-based applications.
Tune in at duende.link/1950dnr 🎧 #dotnet #bff #security #aspnetcore
Doesn’t that show that all the prior ones that were positive were worthless?
23.05.2025 22:59 — 👍 0 🔁 0 💬 1 📌 0
