@duendesoftware.com.bsky.social
Duende Software. Makers of Duende IdentityServer and the BFF security framework. https://duendesoftware.com https://youtube.com/@duendesoftware
What's In the Duende Software Toolkit? π€
π‘ Beyond #IdentityServer, discover solutions like the BFF Security Framework, Access Token Management, and IdentityModel. Plus, Duende Templates, a demo server, and extensive documentation. #dotnet #security
duende.link/2b87kja
Next video from our Identity & Access Control workshop: OpenID Connect
We cover tokens, scopes, the #aspnetcore OpenID Connect handler, the userinfo endpoint, token management, refresh tokens, and more.
www.youtube.com/watch?v=c41R...
#identityserver #aspnetcore #oauth2 #openidconnect #dotnet
A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore
duende.link/318qkjl #dotnet #security
How to test your #IdentityServer?
In this post, we demonstrate how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
External identity providers in #aspnetcore
In this post, we cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
What are Best Practices of Web Application Security in 2025?
This post focuses on key security and authentication flows using OAuth 2.0 and OpenID Connect, flows to avoid, security measures to implement, and IETF Best Current Practices.
duende.link/iyqe3fk #security #dotnet
Building with #Blazor? π·ββοΈ
The BFF Security Framework offers built-in support to unify authentication state management across various rendering modes (Server, WASM, Auto) to secure API access from your app.
docs.duendesoftware.com/bff/fundamen...
#dotnet #security
Next video from our Identity & Access Control workshop: OpenID Connect
We cover tokens, scopes, the #aspnetcore OpenID Connect handler, the userinfo endpoint, token management, refresh tokens, and more.
youtube.com/watch?v=c41R...
#identityserver #aspnetcore #oauth2 #openidconnect #dotnet
So, you're building a frontend app and dealing with APIs? And OAuth 2.0 is just a massive headache to get secured on the frontend. What if you could just delete that OAuth library from your frontend?
Interview with @philippederyck.bsky.social: youtu.be/urS9wstmN2U
#dotnet #security #bff #oauth2
What's In the Duende Software Toolkit? π€
π‘ Beyond #IdentityServer, discover solutions like the BFF Security Framework, Access Token Management, and IdentityModel. Plus, Duende Templates, a demo server, and extensive documentation. #dotnet #security
duende.link/2b87kja
A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore
duende.link/318qkjl #dotnet #security
Fresh post on external providers in #aspnetcore
We cover initial setup, the connection between external and cookie authentication, and discusses why alternatives might be better for production apps.
duende.link/q24tubs #security #identity #dotnet
How to test your #IdentityServer?
In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
Need frontend-specific logic? π€¨
Implement Local APIs directly within your BFF host using #aspnetcore. π‘
Secure them effortlessly with automatic anti-CSRF checks. π
Here's how: docs.duendesoftware.com/bff/fundamen... #dotnet #security
How I got involved in the Backend for Frontend (BFF) spec? @philippederyck.bsky.social built a demo to show how insecure single-page applications can be!
Full interview: youtu.be/urS9wstmN2U
More on Backend for Frontend: duende.link/bff
#dotnet #security #bff #oauth2
How to test your #IdentityServer?
In this post, we'll show how to setup and run automated tests with your favorite test framework. #mstest #xunit #nunit #dotnet #security
duende.link/a4rs979
User authentication involves user interfaces during the login process, a secure back channel to exchange tokens, and more.
Roland Guijt's new video covers OAuth 2.0's Authorization Code Flow in #aspnetcore youtu.be/AQjlxb3z9v0
#identityserver #dotnet #security
Think you're safe online? OAuth 2.0 in the browser could let attackers steal your access tokens and use them for as long as they are valid, acting on the user's behalf π±
Interview with @philippederyck.bsky.social: youtu.be/urS9wstmN2U
#dotnet #security #bff #oauth2
The easiest approach is to serve your SPA/#Blazor assets directly from the BFF host. π¨βπ³
This guarantees same-origin requests, automatically handles cookies, and avoids CORS headaches.
Check out the `dotnet new bffremoteapi` template! #dotnet #security
docs.duendesoftware.com/bff/architec...
A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore
duende.link/318qkjl #dotnet #security
The #dotnet 8.0.17 patch fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.
Great! Or not π€
This update may affect your #aspnetcore app. π±
Check our blog post for background and fix: duende.link/0mgnet8
What's In the Duende Software Toolkit? π€
π‘ Beyond #IdentityServer, discover solutions like the BFF Security Framework, Access Token Management, and IdentityModel. Plus, Duende Templates, a demo server, and extensive documentation. #dotnet #security
duende.link/2b87kja
Duende is committed to open source and values contributors. We are now sponsoring Astro and Starlight, the static site generator that powers our docs.
More details about Astro and why we are sponsoring on our blog: duende.link/astr055 #dotnet #astro #identity
Monitoring IdentityServer License Usage with #aspnetcore Health Checks π
π€ How to create custom health checks
π Registering them
π‘ Example health checks for IdentityServer
Find out in this blog post! duende.link/hi7fw5q #dotnet #identity
Add an extra layer of security to critical user actions! π‘οΈ
Learn how to implement Step Up challenges in your #aspnetcore apps with Duende #IdentityServer to enhance user verification and re-confirm identity for some activities.
duende.link/qthej2r
#dotnet #security #oidc
Terms like "client" in OpenID Connect and OAuth 2.0 are clear for security folks, but non-technical people are sometimes confused.
In this post, let's clarify what a "client" means in application security.
duende.link/m8tyde4 #dotnet #security #identity
So, you're building a frontend app and dealing with APIs? And OAuth 2.0 is just a massive headache to get secured on the frontend. What if you could just delete that OAuth library from your frontend?
Interview with @philippederyck.bsky.social: youtu.be/urS9wstmN2U
#dotnet #security #bff #oauth2
Supercharge your proxy needs! π¦Έ
Integrate with #YARP for advanced routing, load balancing, etc., while getting BFF's automatic token management and CSRF protection for proxied APIs.
Here's how to add it to your Backend for Frontend: docs.duendesoftware.com/bff/fundamen... #dotnet #security
A Step Up challenge ensures critical actions are verified through additional scrutiny. You can handle this in client apps, but how do you communicate a step-up is needed from the API side? Let's see how to implement this in #aspnetcore
duende.link/318qkjl #dotnet #security
The #dotnet 8.0.17 patch fixed validation of forwarded headers and proxy server configuration in load balanced scenarios.
Great! Or not π€
This update may affect your #aspnetcore app. π±
Check our blog post for background and fix: duende.link/0mgnet8
