.NET

• 

  .NET · January 22, 2026

  Duende IdentityServer 7: A Complete Setup Guide for ASP.NET Core

  Duende IdentityServer is the leading OpenID Connect and OAuth 2 server for .NET. In this tutorial, I'll walk you through setting up Duende IdentityServer

  Read more →
• 

  .NET · August 20, 2025

  BFF in ASP.NET Core #7 - Introducing the Duende BFF Library

  In the previous blog posts in this series, we built our own Backend-for-Frontend (BFF) implementation in ASP.NET Core from scratch. Now, you might be

  Read more →
• 

  .NET · August 14, 2025

  BFF in ASP.NET Core #6 - Securing our BFF with CORS

  In this post, we take the next step in securing our Backend-for-Frontend (BFF) by adding robust Cross-Origin Resource Sharing (CORS) protection. CORS is

  Read more →
• 

  .NET · August 6, 2025

  BFF in ASP.NET Core #5 - Automatic Token Renewal

  Nobody wants to sign in every hour. Yet that's exactly what happens when access tokens expire in applications without proper token management. The good

  Read more →
• 

  .NET · July 30, 2025

  BFF in ASP.NET Core #4 - Implementing a BFF from scratch

  In this blog post, we'll implement a minimal yet complete Backend-for-Frontend (BFF) in ASP.NET Core. By starting with a simple foundation and adding

  Read more →
• 

  .NET · July 23, 2025

  BFF in ASP.NET Core #3 - The BFF Pattern Explained

  The BFF pattern eliminates many SPA security risks, but it introduces a new critical component: the session cookie. This cookie becomes the key to your

  Read more →
• 

  .NET · July 17, 2025

  BFF in ASP.NET Core #2 - The BFF Pattern Explained

  How do you secure a Single-Page Application without storing tokens in the browser? The answer lies in the Backend-for-Frontend (BFF) pattern. This

  Read more →
• 

  .NET · July 9, 2025

  Implementing BFF Pattern in ASP.NET Core for SPAs

  This multi-part blog series will show you how to implement secure authentication for Single-Page Applications using the Backend-for-Frontend (BFF) pattern

  Read more →
• 

  .NET · May 13, 2025

  How to Use KurrentDB for Event Sourcing in C# on Azure

  In this blog post, you will learn how to deploy a test instance of KurrentDB to Azure and access it from a console application in .NET.

  Read more →
• 

  .NET · April 10, 2025

  Configuring ASP.NET Core Forwarded Headers Middleware

  In my previous blog post, I explained what the Forwarded Headers Middleware does and why it matters. In this post, I will show you how to add it to your

  Read more →
• 

  .NET · January 22, 2025

  Exploring the Forwarded Headers Middleware in ASP.NET Core

  Proxies are vital for load balancing and security, but they obscure the actual client IP, scheme, and domain, causing broken links, inaccurate logging

  Read more →
• 

  .NET · December 30, 2024

  AdditionalAuthorizationParameters in ASP.NET Core 9

  A practical look at AdditionalAuthorizationParameters in ASP.NET Core 9. How it simplifies customizing OAuth/OIDC authorization requests and how it works with PAR.

  Read more →
• 

  .NET · December 16, 2024

  IdentityServer In Docker Containers – Handle Logout (Part 4)

  In this final post in this series, we’ll now resolve logout challenges you might run into with IdentityServer, ensure proper sign-out redirects, and

  Read more →
• 

  .NET · December 8, 2024

  IdentityServer in Docker Containers: HTTPS and SameSite (Part 3)

  In this third part of the series, we tackle login issues in IdentityServer caused by cookie restrictions in HTTP and show how to resolve them by

  Read more →
• 

  .NET · November 25, 2024

  IdentityServer in Docker Containers: Networking (Part 2)

  This is part 2 of a blog series on containerizing a Duende IdentityServer and a client application. In this post, we resolve communication challenges that

  Read more →
• 

  .NET · November 22, 2024

  IdentityServer in Docker Containers - Part 1

  Getting Duende IdentityServer and a client application up and running in separate containers can be challenging. This blog post will provide a

  Read more →
• 

  .NET · November 4, 2024

  Pushed Authorization Requests (PAR) in ASP.NET Core 9

  ASP.NET Core 9 introduces support for Pushed Authorization Requests (PAR) in its OpenIdConnect authentication handler. But what exactly is PAR, and why

  Read more →
• 

  .NET · July 4, 2024

  Discovering .NET codebases using code coverage and NCrunch

  Exploring and discovering unfamiliar codebases is always a challenge. In this blog post, I will introduce a novel way to explore a new codebase by looking

  Read more →
• 

  .NET · March 12, 2024

  Introducing the Data Protection API Key Ring Debugger

  When you’re working with the Data Protection API in ASP.NET, you quickly notice how powerful and simple this service is. At the same time, you have little

  Read more →
• 

  .NET · February 22, 2024

  Persisting the ASP.NET Core Data Protection Key Ring in Azure Key Vault

  The ASP.NET Core Data Protection API (DPAPI) is an essential service in ASP.NET Core that is often overlooked. This post will give an overview of what it

  Read more →
• 

  .NET · January 22, 2024

  Improving ASP.NET Core Security By Putting Your Cookies On A Diet

  In this blog post, we’ll explore a practical way to enhance the security of your ASP.NET Core applications by reducing the size of authentication cookies

  Read more →
• 

  .NET · December 13, 2023

  Demystifying OpenID Connect's State and Nonce Parameters in ASP.NET Core

  In the world of web application security, OpenID Connect plays a key role in streamlining authentication processes. But what makes it really tick? In this

  Read more →
• 

  .NET · November 22, 2023

  Exploring what is inside the ASP.NET Core cookies

  ASP.NET Core generates various types of cookies, such as authentication, antiforgery, and session cookies. In this blog post, we’ll take a closer look at

  Read more →
• 

  .NET · October 9, 2023

  Debugging cookie problems in ASP.NET Core

  Having answered over 1000 questions on Stack Overflow, I’ve found that cookie-related issues are a frequent challenge for developers using ASP.NET Core

  Read more →
• 

  .NET · August 29, 2023

  BearerToken: The new Authentication handler in ASP.NET Core 8

  Microsoft introduced the new BearerToken authentication handler in ASP.NET Core 8 as part of an initiative to streamline and modernize authentication

  Read more →
• 

  .NET · June 2, 2023

  Debugging JwtBearer Claim Problems in ASP.NET Core

  A common problem when protecting your ASP.NET Core APIs is that expected claims are not found in the user object. In this blog post, I will give you some

  Read more →
• 

  .NET · March 28, 2023

  Debugging OpenID Connect Claim Problems in ASP.NET Core

  Missing claims in the ClaimsPrincipal user object is a frequent problem when using OpenID Connect authentication in ASP.NET Core. In this blog post, we'll

  Read more →
• 

  .NET · February 21, 2023

  Troubleshooting JwtBearer authentication issues in ASP.NET Core

  One of the most frequent questions I encounter on Stack Overflow is how to troubleshoot JwtBearer authentication issues in ASP.NET Core. In this post

  Read more →
• 

  .NET · February 2, 2023

  IdentityServer - IdentityResource vs. ApiResource vs. ApiScope

  Understanding the differences between IdentityResource, ApiResource, and ApiScope in Duende IdentityServer is a common question among developers, often

  Read more →
• 

  .NET · February 4, 2022

  ASP.NET Core 6 - JwtBearer library: what’s new?

  As a developer and trainer, it is hard to keep up with all the changes in all the libraries. In this blog post, I will summarize the recent key changes

  Read more →
• 

  .NET · August 1, 2017

  TNValidate is now open source

  Our internal validation library TNValidate is now available as a project on GitHub. We released this as open source because we wanted to let others take

  Read more →