@leastprivilege.com.bsky.social
Advisor at Duende Software - @duendesoftware.com
How to test your #IdentityServer?
In this post, we demonstrate how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
Next video from our Identity & Access Control workshop: OpenID Connect
We cover tokens, scopes, the #aspnetcore OpenID Connect handler, the userinfo endpoint, token management, refresh tokens, and more.
youtube.com/watch?v=c41R...
#identityserver #aspnetcore #oauth2 #openidconnect #dotnet
Building with #Blazor? π·ββοΈ
The BFF Security Framework offers built-in support to unify authentication state management across various rendering modes (Server, WASM, Auto) to secure API access from your app.
docs.duendesoftware.com/bff/fundamen...
#dotnet #security
I heard your schwing is toight like a toiger
31.07.2025 06:03 β π 0 π 0 π¬ 0 π 0
Fresh post on external providers in #aspnetcore
We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
How to test your #IdentityServer?
In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
How to test your #IdentityServer?
In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
Think you're safe online? OAuth 2.0 in the browser could let attackers steal your access tokens and use them for as long as they are valid, acting on the user's behalf π±
Interview with @philippederyck.bsky.social: youtu.be/urS9wstmN2U
#dotnet #security #bff #oauth2
What's In the Duende Software Toolkit? π€
π‘ Beyond #IdentityServer, discover solutions like the BFF Security Framework, Access Token Management, and IdentityModel. Plus, Duende Templates, a demo server, and extensive documentation. #dotnet #security
duende.link/2b87kja
Copilot is pointing out that a post is future-dated and then randomly picking a date from 2 years ago.
Tried GitHub Copilot code review, and it doesnβt understand the concept of future-dating blog posts. Worse, it suggests a random-ass date. This stuff sucks.
15.07.2025 15:09 β π 2 π 1 π¬ 1 π 0
Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs.
More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity
Supercharge your proxy needs! π¦Έ
Integrate with #YARP for advanced routing, load balancing, etc., while getting BFF's automatic token management and CSRF protection for proxied APIs.
Here's how to add it to your Backend for Frontend: docs.duendesoftware.com/bff/fundamen... #dotnet #security
Take the chance to attend my full three day workshop on ASP.NET Core Authentication/Authorization, OpenID Connect, OAuth 2.0 and Duende IdentityServer.
I'm hosting it online in August and an in person in Stockholm in September.
Early bird pricing until the end of July!
Will you be there?
A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore
duende.link/318qkjl #dotnet #security
Interesting question by @damian.social - What are you using for user management in #aspnetcore? #dotnet
github.com/orgs/DuendeS...
IdentityServer 7.3.0 Release Candidate 1 is out! It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more!
duende.link/is73rc1 #dotnet #security
Check out the freshly deployed IdentityServer 7.3.0 Release Candidate 1. It brings FAPI 2.0 profile certification, JWT response from the introspection endpoint, diagnostics data, OpenTelemetry updates, and more!
duende.link/is73rc1 #dotnet #security
To quote @hadihariri.com βfor number of visitors smaller than 1β
03.07.2025 18:57 β π 1 π 0 π¬ 0 π 0Blazor is the Visual SourceSafe of the web. "Hey other visitor let me know when I can have a websocket OK?"
03.07.2025 12:43 β π 1 π 1 π¬ 1 π 0
Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs.
More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity
Add an extra layer of security to critical user actions! π‘οΈ
Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities.
duende.link/qthej2r
#dotnet #security #oidc
Remote APIs? Let the BFF handle it! π€
Your frontend calls the BFF using its session cookie. The BFF securely swaps this for an access token and proxies the call - the browser never sees the access token! π
Learn more: docs.duendesoftware.com/bff/fundamen... #dotnet #security
Stop CSRF cold! π
Duende's BFF requires a simple custom header on authenticated API requests. This standard check and SameSite cookies provide strong protection against Cross-Site Request Forgery.
Learn how: docs.duendesoftware.com/bff/fundamen... #dotnet #security
It's been a ton of work getting here but today I'm excited to announce the official commercial launch of AutoMapper and MediatR! More details here: www.jimmybogard.com/automapper-a... WHEW
02.07.2025 15:01 β π 58 π 26 π¬ 13 π 2Take the chance to attend my full three day workshop on ASP.NET Core Authentication/Authorization, OpenID Connect, OAuth 2.0 and Duende IdentityServer.
I'm hosting it in August and an in person version in Stockholm in September.
Early bird pricing until end of July!
Will you be there?
Secure user sessions with robust cookies! πͺ
The Backend for Frontend (BFF) framework uses the #aspnetcore handler for HttpOnly, Secure, SameSite cookies, with strong session protection. Server-side sessions offer even more control.
docs.duendesoftware.com/bff/fundamen... #dotnet #security
IdentityServer4 has multiple security vulnerabilities, bugs, and outdated documentation, and it doesn't support newer .NET versions.
We're offering a free 30-minute Upgrade Assessment call to help plan your upgrade to Duende IdentityServer. #dotnet
duendesoftware.com/upgrade-iden...
Awesome!!
24.06.2025 12:26 β π 6 π 1 π¬ 0 π 0
The #dotnet 8.0.17 upgrade fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.
Great! Or not π€
This patch may affect your #aspnetcore app. π±
Check our blog post for background and fix: duende.link/0mgnet8
