AspNetCoreExperiments
ASP.NET Core Blazor BFF with Microsoft Entra ID and Razor page
Install / Use
/learn @damienbod/AspNetCoreExperimentsREADME
ASP.NET Core
Blazor .NET 10 BFF WASM & server(BlazorHosted.Server to start)
Using the Backend for frontend pattern to secure application using Microsoft Entra ID
Improving application security in Blazor using HTTP headers
ASP.NET Core 10 Razor (AspNetCoreRazor)
Razor page application secured using Microsoft Entra ID
Improving application security in an ASP.NET Core Razor Page using HTTP headers
ASP.NET Core 10 Razor multiple tenants (AspNetCoreRazorMultiClients)
Sign-in using multiple clients or tenants in ASP.NET Core and Microsoft Entra ID
Blazor .NET 10 BFF WASM & server(BlazorHosted.Server to start) & API secured with JWT
History
- 2026-03-15 Updated packages
- 2026-01-13 .NET 10
- 2025-05-07 Updated packages,
- 2024-11-15 .NET 9
- 2024-10-19 Updated packages, improved security headers
- 2024-10-03 Updated packages, security headers
- 2024-01-14 Updated .NET 8, Blazor uses CSP nonce
- 2023-11-03 Updated packages, fixed security headers, removed XSS block
- 2023-06-24 Updated packages, fixed CSP
- 2023-03-11 Updated .NET 7, updates security headers, Update Microsoft.Identity.web
- 2022-06-12 Updated nullables, implicit usings, bootstrap 5, packages
- 2022-06-10 Updated nuget packages and BFF project
- 2022-02-11 Updated nuget packages and namespaces
- 2022-01-16 Updated nuget packages, code clean up
- 2022-01-05 Updated nuget packages
- 2021-11-21 Updated packages, improved Blazor CSP, removed inline style
- 2021-11-08 Updated .NET 6 release
- 2021-10-29 Updated packages
- 2021-10-02 Updated packages
- 2021-09-17 Updated .NET 6 packages added mixed auth Blazor & API example
- 2021-09-15 Updated .NET 6
- 2021-08-13 Added security headers
- 2021-08-09 Updated nuget packages
Links
https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes
https://github.com/AzureAD/microsoft-identity-web/wiki/customization#openidconnectoptions
https://github.com/AzureAD/microsoft-identity-web
https://docs.microsoft.com/en-us/aspnet/core/security/authentication
Security header links
https://securityheaders.com/
https://csp-evaluator.withgoogle.com/
https://www.snigel.com/blog/a-simple-guide-to-coop-coep-corp-and-cors/
https://www.youtube.com/watch?v=J6BZ9IQELNA
https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders
https://github.com/dotnet/aspnetcore/issues/34428
https://w3c.github.io/webappsec-trusted-types/dist/spec/
https://web.dev/trusted-types/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit
https://scotthelme.co.uk/coop-and-coep/
https://github.com/OWASP/ASVS
