Secure ASP.NET ViewState

During an appearance on the .NET Rocks podcast last week, a question was raised about securely sending information through ASP.NET ViewState.  I responded to the question by indicating that the typical security concern for web content is not to trust any content submitted from the web, including ViewState.  After that podcast was published, several of… Read more

Announcing the DotNetCompilerPlatform 1.0.2 release

Today I’m pleased to announce that the Microsoft.CodeDom.Providers.DotNetCompilerPlatform 1.0.2 package is released on NuGet. It enables ASP.NET to support the new language features and improves the compilation performance. To install this NuGet package, open NuGet Package Manager in visual studio, search Microsoft.CodeDom.Providers.DotNetCompilerPlatform and click Install/Update button. What’s new in the new release Update the dependency package Microsoft.Net.Compilers to… Read more

Introducing IdentityServer4 for authentication and access control in ASP.NET Core

This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer… Read more

Announcing the ASP.NET Core September 2016 Patch Release

Today we are making available a patch release to the ASP.NET Core 1.0 release.  This patch contains some updates to MVC, Routing, AntiForgery, Entity Framework Core, and the Kestrel server.  Release notes and links to the issues that are addressed for these packages are available on GitHub.  There are updated ASP.NET Core templates available as… Read more

Notes from the ASP.NET Community Standup – September 6, 2016

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week…. Read more

Notes from the ASP.NET Community Standup – August 30, 2016

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week…. Read more

Announcing the ongoing Bug Bounty for .NET Core and ASP.NET Core

It’s with a great deal of pleasure that I can announce an on-going bug bounty for .NET Core and ASP.NET Core, our cross platform runtime and web stack. During the RC1 and RC2 bounty periods we received quite a few interesting, intriguing and even puzzling bugs which we’ve addressed. The RC 1 bounty included one… Read more

Notes from the ASP.NET Community Standup- August 16th

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week…. Read more

Notes from the ASP.NET Community Standup – August 9, 2016

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week…. Read more

Notes from the ASP.NET Community Standup – July 26, 2016

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week…. Read more