To generate ws-federation metadata for your own STS use the following tool. Federation metadata generation tool on GitHub or you just download a copy of the source here from my site. The tool will not create a federation metdata file for a relying party (RP). To create a federation metadata file for a RP use the XML… Read More »
Below is a very basic and short example of how to read settings from a JSON configuration file in .Net Core.
The a HTTP module is used when you need to intercept and examine the incoming HTTP requests before or after the page life cycle. The HTTPModule provides events where you can plug into to examine or alter the request or response within the asp.net cycle. HTTPModule are the perfect place the apply security checks.
In the previous post I showed how to how to use the configSource to create multiple broken-out config files to ease maintenance. Below are more examples of where the configSection can be used.
The size of configuration files often creates the desire to split it into multiple smaller more manageable parts. To achieve this one can break the file into smaller more manageable parts by using configSource attribute.
When it comes to access control in asp.net we are all familiar with the access control elements found in the web.config. Below I will cover the best way to secure a website with the authorization element?
Custom error pages are used to hide technical information from end users. Often default error pages can leak technical information to potential attackers. In this post Ill show how to implement custom error pages for IIS and Asp.net to assist with hardening the security of a system.
In this post I will explain at high level the concept of policy based configuration and I will be providing a POC. Anyone that has ever worked with WCF in a proper scaled application with many many micro services must know about the pain of maintaining the configuration files, I am now not only referring to… Read More »