Showing posts from July, 2021

ASP.NET Core 5.0: Create API with Swagger(OpenAPI) Specifications and Consuming it in Blazor Web Assembly Project using Connected Service

In this tutorial, we will see implementation of ASP.NET Core 5.0 API creation using Swagger/OpenAPI specifications. We will also see the mechanism of consuming the API using Managed Proxy class in Blazor WebAssembly client application with the help of Visual Studio Connected Services. ASP.NET Core 5.0, have come up with the support for OpenAPI specifications for APIs. This is a language-agnostic specification for describing REST APIs. This description helps client applications to understand the capabilities of REST APIs. Main advantage of the OpenAPI is to  Minimize the amount of work needed to connect the REST APIs in decoupled way and to  Reduce the time required to document the service. The OpenAPI makes sure that action methods from the APIs are exposed in developer friendly manner.  The Connected Service is used to generate HTTP API clients so that the API can be easily consumed (remember WCF Service Proxy classes). This makes it easy to access APIs using the managed client applic

ASP.NET Core: Securing the ASP.NET Core API using Azure AD and User Access Tokens

In the previous tutorial , we have seen the ASP.NET Core application authentication using Azure AD. In this tutorial we will implement the ASP.NET Core API Authentication using Azure AD and Access tokens. Most of you those who have worked on ASP.NET Core API security, must have used JSON Web Token (JWT) for authentication. If you are not aware about JWT then you can read this tutorial .  Generally, we use API to expose our application over publicly accessible endpoints to client application like browser based JavaScript e.g. Angular, React, then to mobile clients or even ASP.NET Core Web App, etc. In this case providing secure access to the API is recommended. If you choose to deploy the API on Microsoft Azure then, integrating Azure AD for API authentication will be the possible alternative. The figure 1 explains the approach of accessing and authenticating API using Azure AD Figure 1: The access of Secure API As explained in figure 1, the API and Client applications are registered a

ASP.NET Core: How to implement Azure Active Directory (AAD) Authentication in ASP.NET Core

In this tutorial, we will implement security for ASP.NET Core Application using Azure Active Directory (AAD).  Recently, when I was discussing with my students regarding ASP.NET Core security, one of students have asked me a question regarding an integration of Azure Active Directory (AAD) users with ASP.NET Core apps. After showing the implementation to my students, I thought to publish a simple tutorial on this. In this tutorial, I will cover some topics as prerequisites to understand the ASP.NET Core security using AAD. Microsoft Identity Platform Microsoft Identity Platform provides facility to design an application that provides an access of the application to users using their Microsoft Identities and Social Accounts. If you are deploying the application on Microsoft Azure then implementing security using this platform reduces an additional need of the code to manage custom users for the application. The application is directly accessed using  Work or school accounts, provisioned