Stories Tagged with 'Security'


Using JwtBearer Authentication in an API-only ASP.NET Core Project

In my Pluralsight courses1 on ASP.NET Core, I show how to use JWT Tokens to secure your API. In building a new example for my upcoming Vue.js course, I decided to only use JWT (not cookies and JWT like many of my examples are).

But I kept getting redirects on failure to call an API made me realize that I wasn't sure how to make JWT the only provider. After some fiddling I figured it out. This blog post is mostly to remind me of how to do it.

Two AuthorizationSchemes in ASP.NET Core 2

Safe Cracking Balaclava Clad BurglarWhen ASP.NET Core 2 shipped the early previews, I knew one large change was going to be the Identity subsystem. The Identity for ASP.NET Core 1 worked ok, but the setup was very confusing with identical configuration is more than one place.

I’m happy to say that in ASP.NET Core 2 it’s much better. Implementing JWT Tokens for APIs was more confusing than I liked back when I wrote my Implementing an API in ASP.NET Core course for Pluralsight. I was hoping that it changed to simplify the way it works.

My MIX Talks' Source Code

Silverlight Logo

I've been severely remiss in failing to get my source code released for my two MIX talks early this month. I apologize (there is a good reasons, but I can't talk about it).

Your Cellphone Records are for Sale....

Url: http://005f27e.netsolhost.com/gpage.html

I had a chance encounter today with the fact that my cell phone records are up for sale to anyone with $110 burning a hole in their pocket. I have to say I am outraged. I can't believe that cell phone companies can sell a record of anyone I call. It makes me sick to my stomach just thinking about it.  Anyone else have experience where your cell phone records have been used?

Top 10 Web Application Security Problems

Url: http://prdownloads.sourceforge.net/owasp/OWASPT...

Beware of the PayPal Worm...

Url: http://securityresponse.symantec.com/avcenter/v...

Ink Blots as Passwords?

Url: http://research.microsoft.com/displayArticle.as...

I ran into this article about using Ink Blots to make passwords on Microsoft Research's site and it got me thinking about security and privacy. I think the only bastion of true privacy these days is in the mind. Social Security #'s, mothers maiden names, pet names...its all just demographic data that is in the wide open. So for the common user, trying to remember a strong password (numbers, letters and punctuation) is just too hard.

Did Microsoft's Security Push Work?

Url: http://www.wininformant.com/Articles/Index.cfm?...

Last February Bill Gates announced that he was halting development until every project could be reviewed for security and make sure every developer knew how to write secure code. In fact, a pretty great book came out of the process. So did it work?

Shawn
Shawn Wildermuth
Author, Teacher, and Coach




My Courses

Wilder Minds Training
Vue.js by Example (Now Available)
Bootstrap 4 by Example
Intro to Font Awesome 5 (Free Course)
Pluralsight
Less: Getting Started (Coupon Available)
Building a Web App with ASP.NET Core, MVC6, EF Core, Bootstrap and Angular (updated for 2.1)
Using Visual Studio Code for ASP.NET Core Projects
Implementing ASP.NET Web API
Web API Design

Application Name WilderBlog Environment Name Production
Application Ver v4.0.30319 Runtime Framework x86
App Path D:\home\site\wwwroot\ Runtime Version .NET Core 4.6.26919.02
Operating System Microsoft Windows 10.0.14393 Runtime Arch X86