.NET Core Performance Testing using Apache JMeter – Part 3

Introduction In the previous post on this topic, we’ve setup a simple JMeter performance test which is making HTTP Calls to a .NET Core API Endpoint. The test we performed, was making calls to an unauthorized API Endpoint. Today, we will see how to make HTTP calls to an endpoint which is protected by JWT … Read more

Performance Testing using Apache JMeter – Part 2

Introduction In previous post about performance testing, we learned the basics of performance testing and JMeter tool. We learned that “performance testing tests how an application or resource performs under a given load“. We also learned about performance matrices (we can measure performance in terms of): We learned that we can generate load in terms … Read more

Token Based Security: Angular Applications – Part 3

Introduction In previous post of this series, we configured our Angular application as a client of IdnentityServer and completed the login/logout process. However even though user was logged-in, the REST API calls were still not authorized: In this post, we will authorize HTTP calls by passing bearer token as an Authorization Header. Now, if you … Read more

Token Based Security: Angular Applications – Part 2

Introduction In previous post, on the topic of Token Based Security, we created an API endpoint and protect it (using Authorize attribute) with IdentityServer. Then we setup a simple Angular application with an AuthService to use oidc-client library. We also created few angular components and at the end of previous post, we created two buttons … Read more

Token Based Security: Angular Applications

Introduction I have written few posts on token based security, its importance, OAUTH, OIDC and IdentityServer. You can check previous post if you are new to these topics. Today, I will write about how to secure angular application with these technologies. We will see how to wire Angular application with IdentityServer. Angular application is a … Read more

Token Based Security: Setting Up IdentityServer UI- Part 6

Introduction We have been discussing different parts of various Authentication/Authorization requirement scenarios. We also covered some theory and saw some demo code regarding OAUTH, OIDC, Identity Server etc. In previous post, we learned how to configure IdentityServer, AllowedScope of a client application and how to make a PasswordTokenRequest for the scopes to UserInfo Endpoint. Currently … Read more

TokenBased Security, OAUTH, OIDC, IdentityServer – Part 5

Introduction In previous post of this series, we saw different flows to get the token from IdentityServer and then pass those token as Authorization Headers in our HTTP Calls and client application was able to get the data as expected. Today, we will continue our journey and learn more about users and claims. So, if you are new … Read more

TokenBased Security, OAUTH, OIDC, IdentityServer – Part 4

Introduction In previous post of this series, we setup IdentityServer with some test users and clients configurations. We then used postman tool to get the access token with couple of different flows. In this post, we will move forward and add a resource API to our solution. This will be simple .NET Core WebAPI application. … Read more

Token Based Security, OAuth , OIDC and IdentityServer4 – Part 3

Client Credentials and Resource Owner Password Flow Introduction In the previous post in this series, we discussed token based security, OAuth and OIDC. We also configured IdentityServer4 with some configurations. In this post, we will continue configuring IdentityServer4 and will also learn some of the client/server communication following OIDC flows. If you are new to … Read more

Token Based Security, OAuth 2.0, OIDC and IdentityServer4 – Part 2

Introduction In previous post, we learned that OAuth is an authorization framework specially built for HTTP APIs. It allows a user to securely delegate scoped API Access to an application. By scoped access means, that user define exactly what parts of an API, they want application to be allowed to use. This application can then … Read more