Skip to main content
Microsoft
ASP.NET Blog
ASP.NET Blog
  • Home
  • DevBlogs
    • Azure DevOps
    • Notification Hubs
    • Visual Studio
    • Visual Studio Code
    • Visual Studio for Mac
    • Azure Artifacts
    • Azure Boards
    • Azure Pipelines
    • Azure Repos
    • Azure Test Plans
    • DevOps
    • C++
    • Java
    • Java Blog in Chinese
    • JavaScript
    • PowerShell Community
    • PowerShell Team
    • Python
    • Q#
    • TypeScript
    • Visual Basic
    • Visual C#
    • Visual F#
    • .NET
    • ASP.NET
    • NuGet
    • Xamarin
    • #ifdef Windows
    • Apps for Windows
    • Azure Depth Platform
    • Azure Government
    • Azure SDKs
    • Bing Dev Center
    • Command Line
    • CSE Developer
    • Developer Support
    • DirectX Developer Blog
    • IoT Developer
    • Math In Office
    • Microsoft Edge Dev
    • Microsoft Azure
    • Office 365 Development
    • Old New Thing
    • PAX Media
    • Perf and Diagnostics
    • PIX on Windows
    • Startup Developers
    • Surface Duo
    • Sustainable Software
    • Windows Search Platform
    • Azure Cosmos DB
    • Azure Data Studio
    • Azure SQL
    • Azure Synapse Analytics
    • OData
    • Revolutions R
    • SQL Server Data Tools

ASP.NET Blog

An open source web framework for building modern web apps and services with .NET.

Security Archives | ASP.NET Blog

Secure ASP.NET ViewState
Secure ASP.NET ViewState
AvatarJeffrey FritzSeptember 23, 2016Sep 23, 201609/23/16
During an appearance on the .NET Rocks podcast last week, a question was raised about securely sending information through ASP.NET ViewState.  I responded to the question by indicating that the typical security concern for web content is not to trust any content submitted from the web, including ViewState.  After that podcast was published, ...

Comments are closed.0AspNet
Introducing IdentityServer4 for authentication and access control in ASP.NET Core
Introducing IdentityServer4 for authentication and access control in ASP.NET Core
AvatarJeffrey FritzSeptember 19, 2016Sep 19, 201609/19/16
This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation ...

1AspNetCore
Get Started with ASP.NET Core Authorization – Part 2 of 2
Get Started with ASP.NET Core Authorization – Part 2 of 2
AvatarJeffrey FritzMarch 23, 2016Mar 23, 201603/23/16
After learning about the new Authorization Policy model in ASP.NET Core, our intrepid reporter Seth Juarez wanted to learn about more complicated ASP.NET Authorization policies.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Last time, Barry showed us how to get started with the new ASP.NET Policy model.  ...

Comments are closed.0AspNetCore
Get Started with ASP.NET Core Authorization – Part 1 of 2
Get Started with ASP.NET Core Authorization – Part 1 of 2
AvatarJeffrey FritzMarch 15, 2016Mar 15, 201603/15/16
After learning about Authentication in ASP.NET Core, our intrepid reporter Seth Juarez wanted to dig deeper into the ASP.NET Authorization story.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Notes and links from their discussion follow. Authorization verifies that a user is permitted to access ...

Comments are closed.0AspNetCore
First Look: Authentication in ASP.NET Core
First Look: Authentication in ASP.NET Core
AvatarJeffrey FritzMarch 11, 2016Mar 11, 201603/11/16
With the coming changes in ASP.NET Core, our friend and intrepid reporter Seth Juarez sat down with ASP.NET Program Manager Pranav Rastogi to discuss the updates and improvements in the new ASP.NET Core authentication system: Here are some of the highlights of their discussion and some sample code to get you started: Pranav gave a quick ...

Comments are closed.0AspNetCore
Farewell, EnableViewStateMac!
Farewell, EnableViewStateMac!
AvatarlevibroderickSeptember 9, 2014Sep 9, 201409/9/14
The ASP.NET team is making an important announcement regarding the September 2014 security updates. All versions of the ASP.NET runtime 1.1 - 4.5.2 now forbid setting <%@ Page EnableViewStateMac="false" %> and <pages enableViewStateMac="false" />. If you have set EnableViewStateMac="false" anywhere in your application, your ...

Comments are closed.0ASP.NET
Changes to Google OAuth 2.0 and updates in Google middleware for 3.0.0 RC release
Changes to Google OAuth 2.0 and updates in Google middleware for 3.0.0 RC release
AvatarsuhasbjJuly 2, 2014Jul 2, 201407/2/14
This article explains the recent changes made to Google OpenID and OAuth 2.0 along with the corresponding updates to the 3.0.0 RC release of Google OAuth  middleware. Here we will first look at the experience of using Google OAuth middleware in an MVC application with the OWIN 2.1.0 release bits. We will then explain the current changes ...

Comments are closed.0ASP.NET
ASP.NET 4.5.2 and EnableViewStateMac
ASP.NET 4.5.2 and EnableViewStateMac
AvatarlevibroderickMay 7, 2014May 7, 201405/7/14
Please note: This post is now outdated. See http://blogs.msdn.com/b/webdev/archive/2014/09/09/farewell-enableviewstatemac.aspx for the most up-to-date information. A few months ago, we posted that we were making changes to the way EnableViewStateMac behaves in ASP.NET. I’ll forego the typical blog post ceremony and cut right to the ...

Comments are closed.0ASP.NET
ASP.NET December 2013 Security Updates
ASP.NET December 2013 Security Updates
AvatarlevibroderickDecember 10, 2013Dec 10, 201312/10/13
Today is Patch Tuesday, and the ASP.NET team would like to announce that we have two items included in this month’s release. The first is a bulletin affecting certain versions of SignalR; the second is an advisory affecting ASP.NET Web Forms (.aspx) applications. Each item is briefly outlined below. For more information, consult Security...

Comments are closed.0ASP.NET
Cryptographic Improvements in ASP.NET 4.5, pt. 3
Cryptographic Improvements in ASP.NET 4.5, pt. 3
AvatarlevibroderickOctober 24, 2012Oct 24, 201210/24/12
Thanks for joining us for the final day of our series on cryptography in ASP.NET 4.5! Up to now, the series has discussed how ASP.NET uses cryptography in general, including how the pipelines are implemented in both ASP.NET 4 and ASP.NET 4.5. We introduced APIs to give developers fuller control over the cryptographic pipeline and to drive ...

Comments are closed.0ASP.NET
  • Page 1
  • Page 2
  • Next page
Relevant Links

www.ASP.Net

ASP.NET Forums

Web Developer Checklist

.NET Community

We are hiring!

 

Related Blogs

Scott Hanselman's Blog

Jeff Fritz's Blog

NuGet Blog

Archive
  • February 2021
  • January 2021
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • September 2011
  • August 2011
  • June 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • November 2009
  • October 2009
  • September 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • Topics
  • ASP.NET
  • AspNetCore
  • Blazor
  • AspNet
  • Azure
  • .NET Core
  • Visual Studio
  • SignalR
  • CommunityStandup
  • Cloud
  • WCF
  • WebHooks
  • Featured
  • Orchard Core
  • WPF
  • Stay informed

    Login
    Code Block
    What's new
    • Surface Duo
    • Surface Laptop Go
    • Surface Pro X
    • Surface Go 2
    • Surface Book 3
    • Microsoft 365
    • Windows 10 apps
    • HoloLens 2
    Microsoft Store
    • Account profile
    • Download Center
    • Microsoft Store support
    • Returns
    • Order tracking
    • Virtual workshops and training
    • Microsoft Store Promise
    • Financing
    Education
    • Microsoft in education
    • Office for students
    • Office 365 for schools
    • Deals for students & parents
    • Microsoft Azure in education
    Enterprise
    • Azure
    • AppSource
    • Automotive
    • Government
    • Healthcare
    • Manufacturing
    • Financial services
    • Retail
    Developer
    • Microsoft Visual Studio
    • Windows Dev Center
    • Developer Center
    • Microsoft developer program
    • Channel 9
    • Microsoft 365 Dev Center
    • Microsoft 365 Developer Program
    • Microsoft Garage
    Company
    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Sitemap
    • Contact Microsoft
    • Privacy
    • Manage cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2021