Tales from the travelling tech founder
Sit down, it's just you, me and a cup of tea…
Sooner or later your public facing ASP.NET Identity form will be targeted by illicit actors and you will start getting sign-ups from john.doe1231@gmail.com but they never click the email verification link or use the service. My best guess this is either to warm up spam sending email addresses with legitimate email traffic or to disqualify … Continue reading Adding a self-hosted captcha alternative to ASP.NET Identity
I think it's often take for granted that the default ASP.NET project template gives you Authentication, User Management, SSO and Two Factor Support out-of-the-box with minimal extra setup. One thing that always bothered me was that compared to other software starter kits the built-in UI looked like ... well ... a developer made it. There … Continue reading A more beautiful based ASP.NET Identity UI based on TailwindCSS and Preline
I've been using Clerk on the frontend for a few applications and recently came across the need to authenticate on the server side too. This guide will show you the necessary steps to configure Clerk and ASP.NET to enable authenticating your Clerk users. Update Oct 2023: Removed open_id scope as it is not accepted anymore … Continue reading Using Clerk as an OAuth Provider for ASP.NET Core
I've started using an automatic translation service called Weglot on SecureMailMerge (which by the way offers advanced mail merge functionality for Outlook 365, if you're interested). The site runs on NextJS and is statically generated wherever possible. Weglot on the other hand acts as a proxy, so you create your subdomain language, e.g. de.securemailmerge.com and … Continue reading NextJS Router compatible Weglot Language Switcher
"How do you replace the search in the TailwindUI documentation template (called syntax)" or "Can I add TypeSense as Search for a Tailwind UI site?", you might ask? TailwindUI uses Algolia's DocSearch on their template offering (e.g. the documentation template). DocSearch is a great easy-to-use solution, but it's only available for public facing websites and … Continue reading How to quickly setup typesense as a drop-in replacement for Algolia DocSearch on TailwindUI templates
There are multiple ways to host static websites from Azure Storage Blobs to a custom domain serving HTTPS: Using Azure CDN: https://docs.microsoft.com/en-us/azure/storage/blobs/static-website-content-delivery-network Using Cloudflare: https://support.cloudflare.com/hc/en-us/articles/360021902391-Enabling-Cloudflare-SSL-on-Azure-Storage-Static-Web-Hosting-Applications But if you want a bit more flexibility at less than 5USD/month cost consider using Caddy 2 (the HTTPS-by-default webserver written in Go) one a VM to serve your website. … Continue reading Using Caddy 2 on an Azure VM to host static content from blob storage
The current Add-In platform for the Office family (Outlook Web, Office365 Web and Offline clients) are essentially websites loaded into an iFrame with some Office JavaScript libraries to provide interoperability to the host platform. The neat thing is this works across all client types (including iOS and Android) and uses general web technologies, e.g. React. … Continue reading ASP.NET Identity Cookies in Office 365 / Outlook Add-Ins and the SameSite security setting
OneDrive is marketed as one product when in reality there are 3 very different offerings. Unfortunately the main business product lacks the security features of the personal product. Nevertheless the marketing and documentation does not state this sufficiently. This needs to be taken into account when performing a risk analysis of your file storage. I … Continue reading OneDrive PSA: the day it forgot about history
In our previous article Azure Resource Manager Templates – Securing your Parameters with KeyVault we have used KeyVault to safely store production secrets. In large teams you may have multiple people deploying resources but don't want to give them access to the actual secrets inside the vault. You can achieve this by creating a custom role that … Continue reading Azure Key Vault – Add Custom Role for Deployment Access Only
You should never keep any confidential configuration information in an application configuration file. This include injecting sensitive information via web transformation files. Adding sensitive values via the AppService settings is not ideal either. In all these cases you may leak sensitive information. For example via your source control. Or anyone with access to your subscription … Continue reading Azure KeyVault – Authenticating with Certificates and Reading Secrets
Tales from the travelling tech founder 
You must be logged in to post a comment.