Wesley Cabus

Livestream: Are your access tokens really secure? Are your APIs vulnerable? Explore JWT pitfalls, learn to prevent exploits, and compare JWTs vs. opaque tokens in this expert-led session.

Security you can’t prove isn’t security, it’s hope.

Stop relying on manual checks. We’re showing you how to automate your security testing to ensure your API only accepts your trusted tokens.

🔗 March 3rd. Be there: duende.link/lsjwt26b

#OAuth2 #JWT #DotNet

If it goes *ZAP*, that would be the short circuit. Magic smoke as well == bad news.

Ever wondered what would happen if you mistake a USB-A port for a USB-C one, and try to insert the USB-C plug?

50/50 chance that you short-circuit your device, with another 50/50 chance that said device no longer wants to function afterwards. YMMV.

I got lucky 😅

Are you sure your access tokens are really secure? - Wesley Cabus - NDC Copenhagen 2025 YouTube video by NDC Conferences

*Are you sure your access tokens are really secure?* by @gotsharp.be is a really great talk that exposes common validation mistakes that let attackers use forged tokens and explains how to prevent them.
@ndcconferences.com

youtube.com/watch?v=Jc1D...

I took some time over the holidays to hack on an idea of a documentation for .NET solutions. There are so many things that can be done, but the first step is to make what already exists available:

NuDoc.NET creates cross-linked reference docs for any package on Nuget.org

nudoc.net/Docs/Sustain...

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Claims and scopes describe user information in OpenID Connect.

Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for.

duende.link/97aeqlj 👀

#dotnet

Shape the future of Duende products! Early Access!! Deep Collaboration!!! Better Security and Identity!!!!
Apply Now for Duende Product Insiders! duende.link/discord

#dotnet #security #identity

Secure frontend apps with the BFF Pattern Secure frontend apps with the Backend for Frontend (BFF) pattern. Simplify token management and boost security using Duende BFF v4, with multi-frontend support.

Why Now is an Excellent Time for Backend For Frontend

Learn more about Duende's BFFv4 here -> duendesoftware.com/blog/2025120...

#dotnet #security #identity #bff #react #angular #vue.js

Duende IdentityServer Using this tool, you can decode and validate JSON Web Tokens (JWTs) issued by IdentityServer or another token issuer.

We built our own JWT Decoder tool - jwt.me! 🧐

Quickly inspect and validate your JSON Web Tokens. It features automatic public key (JWK) retrieval, inline claim explanations, and presenter mode.

Read all about it: duende.link/387skhq

#dotnet

LAST CALL! 🚨 Launch livestream starts soon (Dec 2nd)!
Learn how Duende IdentityServer v7.4 secures enterprises implementing MCP with RFC 8414, and how to adopt .NET 10 LTS to deliver critical security features.

Register here ➡️ duendesoftware.com/webinars/due...

#dotnet #security #mcp

It’s VisugXL week! That’s all. That’s the post. 😎
Make sure to grab your tickets now (only a few seats left) 👉 www.visug.be/Events/102

Building a Federation Gateway with Duende IdentityServer: Strategies and Considerations for Identity Orchestration Learn the core benefits of building a federation gateway that brings together Entra ID, Okta, SAML, Auth0 though a centralized authentication provider like DUende IdentityServer.

Worked on a good longread: simplify your identity mess!

Learn how a Federation Gateway orchestrates all your IdPs (Entra ID, Google, SAML). Must-read architecture deep dive!

duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

It’s VisugXL week! 🎉
Thanks to our amazing partners, we we can keep this event completely FREE!
And guess what? There are still some seats left! Grab yours now! 👉 www.visug.be/Events/102

Visug The Visual Studio User Group

December 2nd is #VISUG time! 🎉
Join us at ChipSoft in Antwerp as we’re diving into distributed coordination (aka “chaos but make it elegant”) and Infrastructure as Code (aka “stop clicking around in portals like it’s 2009”).
Grab your FREE ticket 👉 www.visug.be/Events/105

Prevent Cross-Site Request Forgery Welcome to the Duende Software web security video series! In this video, Christian Wenz dives deep into Cross-Site Request Forgery (CSRF), a simple yet devastating attack that has plagued web…

In this video, Christian Wenz dives deep into Cross-Site Request Forgery (CSRF), a simple yet devastating attack that has plagued web applications for years.

Learn what CSRF is, how it works, and how to defend against it in #aspnetcore

youtu.be/WUJrKw05YfI

#dotnet

🎤 Meet one of our VISUG XL 2025 speakers: 𝐒𝐡𝐚𝐮𝐧 𝐋𝐚𝐰𝐫𝐞𝐧𝐜𝐞!

We’re excited to welcome 𝐒𝐡𝐚𝐮𝐧 this year at Visug XL, our yearly, free, community-driven .NET conference.

📅 November 28, 2025
📍 UCLL Leuven

👉 More information and tickets: www.visug.be/Events/102

#VisugXL #DotNet #Community #Conference

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Claims and scopes describe user information in OpenID Connect.

Let's see how Duende IdentityServer handles consent, different client types, required vs. optional scopes, and what happens when a client doesn't get everything it asked for.

duende.link/97aeqlj 👀

#dotnet #aspnetcore

Visug The Visual Studio User Group November 2025 marks the release of .NET 10 and C# 14. In this session, I will talk about what is new in the latest version of .NET and what the future will bring for the .NET platform in general.…

Pssst... We at VISUG know it's "Herfstvakantie" and how challenging it can be with the kids. 🤪 So, here's a escape for all the parents out there: this Thursday at Spoor 18 in Mechelen, we've got food, drinks and sessions! (Not looking for an escape? You're welcome as well 😉)
www.visug.be/Events/104

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Adding .NET 10 Passkey Support to Duende IdentityServer

👉 duende.link/berqe86

Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.

#security #aspnetcore #identity #webauthn

Our next livestream with Active Solution is coming up soon!

Custom Authentication in #aspdotnet Core

Go beyond the built-in authentication handlers in ASP.NET and learn about a RemoteAuthenticationHandler.

Register 👉 t.co/jgxpGooTE7

#dotnet #security #identity

🎤 Meet one of our VISUG XL 2025 speakers: 𝐀𝐧𝐣𝐮𝐥𝐢 𝐉𝐡𝐚𝐤𝐫𝐲!

We’re excited to welcome 𝐀𝐧𝐣𝐮𝐥𝐢 this year at Visug XL, our yearly, free, community-driven .NET conference.

📅 November 28, 2025
📍 UCLL Leuven

👉 More information and tickets: www.visug.be/Events/102

#VisugXL #DotNet #Community #Conference

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

The server's origin is used to generate passkey credentials, making them resistant to phishing. A credential signed for one app can't be used elsewhere.

What about subdomains? Or multiple domains? In this post, we'll explore some options.

duende.link/igeq87f #dotnet #security #passkeys #webauthn

We're happy to start sponsoring the Spectre.Console project!

It is a #dotnet library that makes it easier to create beautiful console applications by giving you access to standard components you may find in a CLI experience.

Go check it out! duende.link/sp3ctr3

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials.

Part 1 of our 4-part blog series covers password and authentication evolution. Longread ahead! 👀

duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore

Seems to be fixed now 🙂

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Discover a key update in #dotnet 10 that improves local development! 🔥

In this blog post, we explain how a new TLS certificate and unique local domains can solve cookie conflicts and better mimic production environments.

duende.link/arbgu89

#aspnetcore #security

Hey @jetbrains.com, I'm getting an "Error 403: Not Authorized" error when completing the JetBrains Developer Recognition Program form. I tried signing in first with my account, same result.

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Let's explore the world of OpenID Connect with a focus on claims, scopes, and how Duende IdentityServer facilitates authentication in #dotnet applications.

Learn how apps request necessary claim information! 👩🏼‍🏫

duende.link/j28b2bw #security #identity #aspnetcore

Duende Software - Identity and Access Management for .NET We help companies using .NET to build identity and access control solutions for modern applications.

Brace yourself, w̶i̶n̶t̶e̶r̶ #dotnet 10 is coming! ⛄️

Let's look at the new capabilities and features we are excited about for the upcoming .NET release in November. Expect passkeys, #opentelemetry additions,TLS for *.localhost, and more.

👀 duende.link/qet4wp9 #aspnetcore