AspNetCoreMvcAngular

AspNetCoreMvcAngular copied to clipboard

ASP.NET Code MVC Client with Angular View and IdentityServer4

Secured using Cookies, and OpenID Connect Hybrid Flow. Cookies configured with Same site and use Anti-forgery protection. Security headers are also applied.

Blogs

• Using Angular in an ASP.NET Core View with Webpack
• Secure ASP.NET Core MVC with Angular using IdentityServer4 OpenID Connect Hybrid Flow
• Anti-Forgery Validation with ASP.NET Core MVC and Angular

History

2022-01-28 Updated to .NET 6

2021-02-17 Updated packages

2020-12-08 Updated to .NET 5

2020-09-15 Updated IdentityServer4 to version 4.1.0, nuget, npm packages

2020-07-03 Updated IdentityServer4 to version 4.0.1, prompt=login bug fix

2020-06-27 Updated IdentityServer4 to version 4.0.0 and Angular to version 10.0.0

2020-06-23 Updated Nuget packages, Updating Angular packages

2020-03-03 Updated STS to support FIDO2

2020-02-25 Updated nuget packages, npm packages

2020-01-10 Updated nuget packages, same site fix

2019-12-21 Updated to .NET Core 3.1 Angular 8.2.14

2019-09-26 Updated to .NET Core 3.0 Angular 8.2.8

2019-09-14 Updated to .NET Core 3.0 preview 9, Angular 8.2.6

2019-08-27 Updated to .NET Core 3.0, Angular 8.2.3

2019-06-14 Updated to npm, nuget packages

2019-05-03 Updated to npm, nuget packages, in-process

2019-03-15 Updated to Angular 7.2.9, .NET Core 2.2

2018-09-17 Updated to Angular 6.1.7, latest .NET 2.1 packages, updated STS

2018-06-16 Updated to Angular 6.0.5

2018-06-16 Updated to ASP.NET Core 2.1

2017-09-22 Updated to ASP.NET Core 2.0, Angular 4.4.3

Links

https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery

https://stackoverflow.com/questions/46040922/angular4-httpclient-csrf-does-not-send-x-xsrf-token

https://en.wikipedia.org/wiki/Cross-site_request_forgery