7 Application security in .NET Aspire

 

This chapter covers

  • The fundamentals of application security
  • Overview of Single Sign-On
  • Implementing OpenID Connect Authentication in .NET Aspire
  • Using OAuth Authorization in .NET Aspire
  • Securing the Aspire dashboard

We briefly covered application security in Chapter 2 by adding a Keycloak container to a .NET Aspire instance. In this chapter, we will delve deeper into the application security concepts. We will do so by doing something interesting – building our own identity provider and hosting it in .NET Aspire.

If you publish a web application and make it publicly accessible, you will want to make sure only authorized users can access it, unless, of course, your application is just a trivial website.

Applications orchestrated by .NET Aspire are no exception. Because .NET Aspire is a platform for building complex distributed applications, chances are that you aren’t using it to build trivial websites. Therefore, knowing how to secure your orchestrated application is a must.

Of course, if you use an external authentication provider, like Google or Okta, you won’t have to do anything special in your Aspire setup. There will be a fixed endpoint outside of your system that you will need to connect and you will just need to apply the appropriate configuration in the appropriate place.

7.1 A brief introduction to Single Sign-on

7.1.1 Solution setup

7.2 Using service discovery in Single Sign-on

7.3 Enforcing UI authentication

7.4 Enforcing API authentication

7.5 Passing a JWT To API

7.6 Configuring identity provider

7.7 Securing the .NET Aspire dashboard

7.8 Summary