Containerize an ASP.NET Core BFF and Angular frontend using Aspire Using Damien Bowden's secure ASP.NET Core and Angular BFF template as a starting point, this post shows how to integrate Aspire to improve local development and prepare the application for containeriz...

✍️ Blogged: Containerize an ASP.NET Core BFF and Angular frontend using Aspire

#dotNET #Angular #Aspire

🔗 timdeschryver.dev/blog/contain...

Configuring contextual options with Microsoft.Extensions.Options.Contextual In this post I take a brief look at the Microsoft.Extensions.Options.Contextual package to understand what it's for, how to use it, and whether to use it or not

Blogged: Configuring contextual options with Microsoft.Extensions.Options.Contextual

andrewlock.net/configuring-...

In this post I take a brief look at the Microsoft.Extensions.Options.Contextual package to understand what it's for, how to use it, and discuss whether to use it or not

#dotnet

One of the most popular JavaScript packages on earth Axios has been compromised The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever

This is a big deal. Already seeing evidence of this by way of OpenClaw installations.

opensourcemalware.co...

www.stepsecurity.io/...

No we do this differently

Invite Guest users in a Entra ID Multi-tenant setup by @damienbod.com damienbod.com/2026/03/09/i... #aspnetcore

Invite Guest users in a Entra ID Multi-tenant setup This post looks at implementing a guest user invite in a cross tenant setup. This is useful when creating partner tenants using an Entra ID MAU license for all partner guests and members. This make…

Blogged: Invite Guest users in a Entra ID Multi-tenant setup

damienbod.com/2026/03/09/i...

#graph #entra #mau #identity #iam #entraid #oauth #openidconnect #oidc #security

Updated: OpenIddict examples using BFF with Angular and Vue.js

github.com/damienbod/bf...

github.com/damienbod/bf...

Support for passkeys.

#aspnetcore #dotnet #angular #vuejs #bff #openiddict #openidconnect #oidc #passkeys

Recording metrics in-process using MeterListener: System.Diagnostics.Metrics APIs - Part 4 In this post I show how you can use MeterListener to listen to Instrument measurements, how to trigger Observable measurements, and how to aggregate values.

Blogged: Recording metrics in-process using MeterListener

andrewlock.net/recording-me...

In this post I show how you can use MeterListener to listen to Instrument measurements, how to trigger Observable measurements, and how to aggregate values

#dotnet #observability

Updated: OpenIddict with Angular and Blazor WASM BFF OpenID Connect Code Flow with PKCE clients and ASP.NET Core APIs

github.com/damienbod/As...

#openiddict #passkeys #openid #oauth #grpc #angular #net10 #dotnet

Add application security to the swiyu generic management verifier APIs using OAuth by @damienbod.com damienbod.com/2026/02/16/a... #aspnetcore

2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults The number of DDoS attacks more than doubled in 2025. The network layer is under particular threat as hyper-volumetric attacks grew 700%.

In case you missed it: the number of DDoS attacks more than doubled in 2025. The network layer is under particular threat as hyper-volumetric attacks grew 700%. blog.cloudflare.com/ddos-threat-...

Add application security to the swiyu generic management verifier APIs using OAuth The article looks at implementing security using OAuth for the swiyu Public Beta Trust Infrastructure generic containers. The container provides endpoint for OpenID verification and the management …

Blogged: Add application security to the swiyu generic management verifier APIs using OAuth

damienbod.com/2026/02/16/a...

#aspnetcore #oauth #swiyu #swiss #openid #yarp #aspire #container #api #iam #security #dotnet

Isolate the swiyu Public Beta management APIs using YARP This post looks at hardening the security for the swiyu public beta infrastructure. The generic containers provide both management APIs and wallet APIs which support the OpenID for Verifiable Prese…

Blogged: Secure the swiyu container using a YARP proxy

damienbod.com/2026/02/09/i...

#swiyu #yarp #aspire #aspnetcore #dotnet #identity #network #oauth #openidconnect #oidc

Creating and consuming metrics with System.Diagnostics.Metrics APIs In this post I provide an introduction to the System.Diagnostics.Metrics API, and show how to create a custom metric and read it with dotnet-coutners

Blogged: Creating and consuming metrics with System.Diagnostics.Metrics APIs

andrewlock.net/creating-and...

In this post I provide an introduction to the System.Diagnostics.Metrics API, show how to create a custom metric, and show how to read it with dotnet-counters

#dotnet

Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR This post looks at implement client assertions in an ASP.NET Core application OpenID Connect client using OAuth Demonstrating Proof of Possession (DPoP) and OAuth Pushed Authorization Requests (PAR…

Blogged: Use client assertions in ASP.NET Core using OpenID Connect, OAuth DPoP and OAuth PAR

damienbod.com/2026/02/02/u...

#dotnet #aspnetcode #oidc #oauth #par #dpop #identity #duende #aspire #oss #iam #swiyu

February DOTNET Zurich @isolutions, Thu, Feb 5, 2026, 6:00 PM | Meetup **5th February - DotNet Zurich @ Isolutions** *Join us in person at Isolutions!!* This event will happen at Isolutions, The Circle. **Agenda:** * 17:45 Reception open &

Awesome .NET, Swiss Identity event in Zurich on Thursday 5th February

We have a super lineup, great topics and great speakers. It would be great to see you there. All are welcome.

www.meetup.com/dotnet-zuric...

#dotnet #swiss #zurich #iam #identity #iam #mcp #oss #community

GitHub - damienbod/OAuthClientAssertionsPerInstance: Experimental alternative flow for OAuth First-Party Applications Experimental alternative flow for OAuth First-Party Applications - damienbod/OAuthClientAssertionsPerInstance

Updated to .NET 10

Alternative flow for OAuth 2.0 First-Party Applications

github.com/damienbod/OA...

#identity #oauth #oauth2 #native #dotnet #aspnetcore #iam #dpop #duende

Force step up authentication in web applications The post shows how to implement a step up authorization using the OAuth 2.0 Step Up Authentication Challenge Protocol RFC 9470. The application uses ASP.NET Core to implement the API, the web appli…

Blogged: Force step up authentication in web applications

damienbod.com/2026/01/26/f...

#aspnetcore #dotnet #blazor #aspire #identity #oauth #oidc #duende #iam #swiyu #eid

Implementing Level of Identification (LoI) with ASP .NET Core Identity and Duende by @damienbod.com damienbod.com/2026/01/18/i... #aspnetcore

Implementing Level of Identification (LoI) with ASP.NET Core Identity and Duende This article explores how to implement Level of Identification (LOI) in an ASP.NET Core application. The solution uses Duende IdentityServer as the OpenID Connect provider and ASP.NET Core Identity…

Blogged: Implementing Level of Identification (LoI) with ASP.NET Core Identity and Duende

damienbod.com/2026/01/18/i...

#aspnetcore #oauth #openid #dotnet #oidc #iam #swiyu #aspire #oss #identity #eid #swiss #bit #gov #loi #loa #blazor #duende

Set the amr claim when using passkeys authentication in ASP .NET Core by @damienbod.com damienbod.com/2026/01/05/s... #aspnetcore

Encrypting Properties with System.Text.Json and a TypeInfoResolver Modifier (Part 1) - Steve Gordon - Code with Steve In this post we start creating a TypeInfoResolver modifier in System.Text.Json to encrypt and decrypt JSON properties during serialisation.

Blogged: Encrypting Properties with System.Text.Json and a TypeInfoResolver Modifier (Part 1).

In this post we start creating a TypeInfoResolver modifier in System.Text.Json to encrypt and decrypt JSON properties during serialisation.

#dotnet #json

www.stevejgordon.co.uk/encrypting-p...

Implementing Level of Authentication (LoA) with ASP.NET Core Identity and Duende This post shows how to implement an application which requires a user to authenticate using passkeys. The identity provider returns three claims to prove the authentication level (loa), the identit…

Blogged: Implementing Level of Authentication (LoA) with ASP.NET Core Identity and Duende

damienbod.com/2026/01/12/i...

#aspnetcore #dotnet #identity #duende #authentication #loa #passkeys #iam #acr #amr

February DOTNET Zurich @isolutions, Thu, Feb 5, 2026, 6:00 PM | Meetup **5th February - DotNet Zurich @ Isolutions** *Join us in person at Isolutions!!* This event will happen at Isolutions, The Circle. **Agenda:** * 17:45 Reception open &

Cool live event on the 5th Feb 2026, .NET User Group Zürich

Talks:

- How to securely implement MCP with OAuth in .NET
- Swiss Identity in .NET: A Practical Guide to EIAM, aGov, SwissID, Entra ID—and Social Logins

@ isolutions offices: The Circle 388058 Zürich

www.meetup.com/dotnet-zuric...

February DOTNET Zurich @isolutions, Thu, Feb 5, 2026, 6:00 PM | Meetup **5th February - DotNet Zurich @ Isolutions** *Join us in person at Isolutions!!* This event will happen at Isolutions, The Circle. **Agenda:** * 17:45 Reception open &

Cool live event on the 5th Feb 2026, .NET User Group Zürich

Talks:

- How to securely implement MCP with OAuth in .NET
- Swiss Identity in .NET: A Practical Guide to EIAM, aGov, SwissID, Entra ID—and Social Logins

@ isolutions offices: The Circle 388058 Zürich

www.meetup.com/dotnet-zuric...

Set the amr claim when using passkeys authentication in ASP.NET Core The post shows how to set the correct amr value when authenticating using ASP.NET Core Identity and passkeys in .NET 10. When authenticating using OpenID Connect and passkeys authentication, the Op…

Blogged: Set the amr claim when using passkeys authentication in ASP.NET Core

damienbod.com/2026/01/05/s...

#oauth #openid #openidconnect #iam #security #aspnetcore #dotnet #passkeys #fido2 #mfa

Blogged: [HOWTO] Implement Audit Logging in a .NET Core application using Entity Framework Core and Audit.NET

#dotnet #dotnetcore #efcore #auditdotnet #auditing #auditlog #audittrail #traceability

https://damienbod.com/2025/12/20/digital-authentication-and-identity-validation/

Blogged: Digital Authentication and Identity validation

damienbod.com/2025/12/20/d...

#oidc #identity #iam #swiyu #eid #oauth #dpop #openid #security #ecollecting #authentication #loa #loi #vc #oauth2 #swiss #ch #cybersecurity

ASP.NET Core roadmap for .NET 11 · Issue #64787 · dotnet/aspnetcore ASP.NET Core planning for .NET 11 is now in progress! This roadmap is currently just a placeholder. We'll update the roadmap with specific planned features as planning progresses. This issue repres...

#ASPNETCore roadmap for .NET 11 | by Dan Roth

buff.ly/Ohn54FG

#dotnet #webdev #blazor #dotnet11 #apis

The new owasp top ten, the list of items

Big news in #AppSec: the #OWASP Top 10 2025 is now available! I'm part of the project team and ALL OF US want every dev, security engineer, and leader to read it (please).

https://twp.ai/E6ClNO

1/5