ASP.NET Core

Blazor .NET 10 BFF WASM & server(BlazorHosted.Server to start)

Using the Backend for frontend pattern to secure application using Microsoft Entra ID

Improving application security in Blazor using HTTP headers

ASP.NET Core 10 Razor (AspNetCoreRazor)

Razor page application secured using Microsoft Entra ID

Improving application security in an ASP.NET Core Razor Page using HTTP headers

ASP.NET Core 10 Razor multiple tenants (AspNetCoreRazorMultiClients)

Sign-in using multiple clients or tenants in ASP.NET Core and Microsoft Entra ID

Blazor .NET 10 BFF WASM & server(BlazorHosted.Server to start) & API secured with JWT

Implement a secure API and a Blazor app in the same ASP.NET Core project with Microsoft Entra ID authentication

History

• 2026-01-13 .NET 10
• 2025-05-07 Updated packages,
• 2024-11-15 .NET 9
• 2024-10-19 Updated packages, improved security headers
• 2024-10-03 Updated packages, security headers
• 2024-01-14 Updated .NET 8, Blazor uses CSP nonce
• 2023-11-03 Updated packages, fixed security headers, removed XSS block
• 2023-06-24 Updated packages, fixed CSP
• 2023-03-11 Updated .NET 7, updates security headers, Update Microsoft.Identity.web
• 2022-06-12 Updated nullables, implicit usings, bootstrap 5, packages
• 2022-06-10 Updated nuget packages and BFF project
• 2022-02-11 Updated nuget packages and namespaces
• 2022-01-16 Updated nuget packages, code clean up
• 2022-01-05 Updated nuget packages
• 2021-11-21 Updated packages, improved Blazor CSP, removed inline style
• 2021-11-08 Updated .NET 6 release
• 2021-10-29 Updated packages
• 2021-10-02 Updated packages
• 2021-09-17 Updated .NET 6 packages added mixed auth Blazor & API example
• 2021-09-15 Updated .NET 6
• 2021-08-13 Added security headers
• 2021-08-09 Updated nuget packages

Links

https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes

https://github.com/AzureAD/microsoft-identity-web/wiki/customization#openidconnectoptions

https://github.com/AzureAD/microsoft-identity-web

https://docs.microsoft.com/en-us/aspnet/core/security/authentication

Security header links

https://securityheaders.com/

https://csp-evaluator.withgoogle.com/

https://www.snigel.com/blog/a-simple-guide-to-coop-coep-corp-and-cors/

https://www.youtube.com/watch?v=J6BZ9IQELNA

https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders

dotnet/aspnetcore#34428

https://w3c.github.io/webappsec-trusted-types/dist/spec/

https://web.dev/trusted-types/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k/edit

https://scotthelme.co.uk/coop-and-coep/

https://github.com/OWASP/ASVS