JWT authentication with ASP.NET Core

In a previous post, I've written about using cookie authentication for an ASP.NET Core web site. Authenticating user by using a cookie is common for a web site. However, for an API, it's more common to use a token for authentication. Json Web Token (JWT) is a way to create and validate a token. In this post, we'll see how to use JWT with ASP.NET Core to authenticate the users. While the client can be any… [read more]

Validating user with cookie authentication in ASP.NET Core 2

In a previous post, I wrote about the cookie authentication in ASP.NET Core 2. The cookie authentication does 2 things: Write a cookie with encrypted data when the user logs in Read the cookie, decrypt it, and set the request identity (Request.User.Identity) When it read the cookie and set the identity, it doesn't check the user actually exists. For instance, John logs in on browser A, then, he deletes… [read more]

Enable BitLocker AES-XTX 256 encryption algorithm

The latest version of Windows 10 (1511) has introduced a new encryption algorithm AES-XTX. This version of AES is specific to encrypt hard drives. By default, Windows 10 1511 uses AES-XTX 128 to encrypt your hard drives. If you want to protect sensitive data, you may prefer using AES-XTX 256 algorithm. Let's see how to enable this algorithm. Open the Local Group Policy Editor Select Computer Configuration… [read more]

Adding a free SSL certificate to a website hosted on nginx using Let's Encrypt

In the previous post, I showed how to publish an ASP.NET Core website to Linux. In this post, I'll show you how to secure your website using a free SSL certificate provided by Let's Encrypt. Get a free SSL certificate using Let's encrypt certbot is the tool provided by let's encrypt to generate a certificate. First, you need to install it: sudo add-apt-repository ppa:certbot/certbot sudo apt-get update… [read more]