Recently, I was struggling with the SSO authentication. At first I did pick up JSON Web Token which of course is a legitimate option, however, I was forced to share the secret key between different parties, as I decided to use HMAC. Not so long ago I decided to switch to the RSA instead and I’d like to present you both solutions using ASP.NET Core.
Posts in "Security"
One-time secured API requests
Nowadays, the HTTP APIs act as gateways for petabytes of data and some chunk of it might actually require enhanced access rules. For example, you could create a link that allows the user to download the file only once, and within such link you would find a token.
I was in a need of creating such solution for my open source project Warden – a specialized, one-time link that can be used fetch the configuration object from the API.
It turned out to be fairly straightforward to implement the most basic version of such behavior.
Free SSL by Let’s Encrypt – IIS setup
I’ve heard about this group/movement which provides a free access to the SSL/TLS certificates and have decided to check it out since I want the Warden project to be secured, especially the Web Panel where some sensitive data might be stored. Actually, I still can’t believe that it was so easy to do, basically just a single click (no kidding).
Allow me present you the Let’s Encrypt and explain how easy it is, to make it work with IIS.