identityserver

No trespassing sign

Using a middleware to build a permission-based identity in ASP.NET Core

This post is the first in a series about Authorization in ASP.NET Core. I’ll guide you through a series of approaches you can use to implement authorization in your ASP.NET Core APIs, focusing on advanced/real-world scenarios. Here’s a sneak peek for what I plan to show you: Where to store and resolve authorization-like data How to protect your API endpoints using permission-based authorization using the built-in types in the framework Reduce duplication and make things smarter by implementing a custom Authentication Handler....

Barbed wire on a green background

Encapsulating getting access tokens from IdentityServer with a typed HttpClient and MessageHandler

Update 18. Dec 2021: The repo on GitHub has been updated to .NET 6. I also “containerized” all the apps so it’s easier to run them. Make sure to check it out! httpclient-token-identityserver Recently, I had to interact with an external API which is protected by JWT Bearer Tokens. For this, I had to get an access_token first and then set it to each request. But, this can get quite tedious very soon even if you just do it a few times....