Blog Posts for: Asp.net Core

Authenticate with OAuth 2.0 in ASP.NET Core 2.0

04 January 2018

Almost 2 years ago I wrote a blog post about using the generic OAuth provider in ASP.NET Core. A lot has changed since then, so I thought it might be a good time to revisit this. For this blog post, we will create a simple website which allows users to sign in with their GitHub credentials. I will also demonstrate how we can store the access token received from GitHub to make GitHub API calls using Octokit.

Using MariaDB with ASP.NET Core 2.0

12 December 2017

As part of my recent explorations I have looked into various ways of hosting an ASP.NET Core application. One path I explored was using MariaDB as an alternative to the SQL Server world which most .NET developers are used to. So what is MariaDB? From the Wikipedia article about it: MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL.

Creating Authorization Policies dynamically with ASP.NET Core

20 November 2017

ASP.NET Core contains a DefaultAuthorizationPolicyProvider class which resolves authorization policies at runtime. I was watching a recording of the Implementing Authorization for Applications and APIs talk from NDC Oslo by Dominick Baier and Brock Allen and saw a technique they demonstrated to resolve authorization policies dynamically at runtime. I did an internet search and could not find this documented anywhere, so in this blog post I will explain how to do this.

Forcing user to sign in with their Google Organization (G Suite) account

12 September 2017

Microsoft has a nice document explaining how to allow users to sign in to your application with their Google accounts. I was curious to see how one could go about forcing users to sign in with their organizational account. Why would you want to do this? Well, let say your company is using G Suite as its directory service. Only allowing users to sign in with their organizational (G Suite) email address means that you only have to procure users on the G Suite directory service.

Razor Pages tip: Define extra handlers for a Razor Page

10 September 2017

I have been tinkering with Razor Pages a little but, and had a requirement where I wanted to make an AJAX request to the server from a Razor Page. A Razor Page source file typically contains 2 handlers, namely OnGet and OnPost which handles GET and POST requests respectively: public class IndexModel : PageModel { public void OnGet() { // Process GET requests } public void OnPost() { // Process POST requests } } If the handler is an async method, you can also optionally use an Async suffix, for example:

Accessing the OIDC tokens in ASP.NET Core 2.0

01 August 2017

Earlier the year I wrote a blog post which described how to access the JWT Bearer token when using ASP.NET Core 2.0. Though that was specifically for when using the JWT middleware, you could also use that technique when using the OIDC middleware. In ASP.NET Core 1.1 So for example, in ASP.NET Core 1.x, if you wanted to access the tokens (id_token, access_token and refresh_token) from your application, you could set the SaveTokens property when registering the OIDC middleware:

Overriding the NameClaimType when using the ASP.NET Core OpenID Connect middleware

30 May 2017

When using the ASP.NET Core OpenID Connect middleware, after a user has signed in you can access the name of the user by using the User.Identity.Name property. What this does under the cover is to look for the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim type and then return that value. In the case of Auth0, we actually return a user’s name in the name claim of an id_token and this does not get automatically mapped to the http://schemas.

Access the JWT bearer token when using the JWT middleware in ASP.NET Core

26 May 2017

When using JSON Web Tokens (JWTs) as Bearer tokens in your ASP.NET Core Web API, it may sometimes be required to access the actual token which was passed to the API somewhere else in your API. For Remote Map for example I have the requirement to access the user’s full profile under certain conditions. I want to store some of the user’s personal information in the local database, and in order to obtain their information I have to call the /userinfo endpoint of the Auth0 Authentication API.

Introducing Remote Map: An end-to-end Auth0 sample for .NET developers

22 May 2017

It seems I have not had much success with announcing my intentions to start a new project and blog about it. Before long something more interesting comes along and I am off in another direction and working on a new pet project. Case in point: GeoToast Well, seems I don’t learn as I am trying this again. This time however I have better motivation to get this done (I think).

Determine a user's location from their IP Address in ASP.NET Core

18 May 2017

To determine a user’s location in a web browser you can use the HTML Geolocation API. There are however a couple of issues with this. First, the user will be prompted to give permission for you to determine their location. If they deny this request, then you will not be able to determine the location. Secondly, this is a JavaScript API, and therefore a client-side solution. But what if you want to determine a user’s location on the server?