Shawn Wildermuth

Author, Teacher, and Filmmaker
.NET Foundation Board Member

Stories

Tagged with Security


Using JwtBearer Authentication in an API-only ASP.NET Core Project

In my Pluralsight courses1 on ASP.NET Core, I show how to use JWT Tokens to secure your API. In building a new example for my upcoming Vue.js course, I decided to only use JWT (not cookies and JWT like many of my examples are).

But I kept getting redirects on failure to call an API made me realize that I wasn't sure how to make JWT the only provider. After some fiddling I figured it out. This blog post is mostly to remind me of how to do it.

After help from @khellang - I found the real culprit. See new section at the bottom.

Read...


Two AuthorizationSchemes in ASP.NET Core 2

Safe Cracking Balaclava Clad BurglarWhen ASP.NET Core 2 shipped the early previews, I knew one large change was going to be the Identity subsystem. The Identity for ASP.NET Core 1 worked ok, but the setup was very confusing with identical configuration is more than one place.

I’m happy to say that in ASP.NET Core 2 it’s much better. Implementing JWT Tokens for APIs was more confusing than I liked back when I wrote my Implementing an API in ASP.NET Core course for Pluralsight. I was hoping that it changed to simplify the way it works.

Now that I’m re-writing my ASP.NET Core End-to-End course for Pluralsight, I wanted to be able to both Cookies and JWT without having to split the projects. While this should work in ASP.NET Core 1, I couldn’t figure it out.

Read...


My MIX Talks' Source Code

Silverlight Logo

I've been severely remiss in failing to get my source code released for my two MIX talks early this month. I apologize (there is a good reasons, but I can't talk about it).

First is my examples for debugging different parts of the Silverlight stack:

Read...


Your Cellphone Records are for Sale....

Url: http://005f27e.netsolhost.com/gpage.html

I had a chance encounter today with the fact that my cell phone records are up for sale to anyone with $110 burning a hole in their pocket. I have to say I am outraged. I can't believe that cell phone companies can sell a record of anyone I call. It makes me sick to my stomach just thinking about it.  Anyone else have experience where your cell phone records have been used?

(UPDATE)

Read...


Top 10 Web Application Security Problems

Url: http://prdownloads.sourceforge.net/owasp/OWASPT...

Read...


Beware of the PayPal Worm...

Url: http://securityresponse.symantec.com/avcenter/v...

Read...


Ink Blots as Passwords?

Url: http://research.microsoft.com/displayArticle.as...

I ran into this article about using Ink Blots to make passwords on Microsoft Research's site and it got me thinking about security and privacy. I think the only bastion of true privacy these days is in the mind. Social Security #'s, mothers maiden names, pet names...its all just demographic data that is in the wide open. So for the common user, trying to remember a strong password (numbers, letters and punctuation) is just too hard.

Maybe Biometrics are the answer. Fingerprints can't be faked...or can they be? Maybe not by the casual user, but they can be faked. Anyone who got arrested for a petty infraction has their fingerprints in the 'system'.

Read...


Did Microsoft's Security Push Work?

Url: http://www.wininformant.com/Articles/Index.cfm?...

Last February Bill Gates announced that he was halting development until every project could be reviewed for security and make sure every developer knew how to write secure code. In fact, a pretty great book came out of the process. So did it work?

Announced in a new Aberdeen Group report, it seems as Windows has lost its crown as the most insecure operating system. Can you guess who took their place? Linux. Does this mean that Linux is an insecure mess? Does it mean that Windows is hack-proof? No to both questions.

Read...