Parameter count mismatch between X-Forwarded-For and X-Forwarded-Proto

by Anders Austad

These are my fieldnotes from experimenting with the ForwardedHeaders middleware on ASP.NET Core 1.1 and 2.0 - sparked by having a production log full of Parameter count mismatch between X-Forwarded-For and X-Forwarded-Proto warnings. I've set up a github repo and a simple Postman example here. Background The…

A pile of anti-forgery cookies

by Anders Austad

Opening the Chrome console on one of our web apps I noticed this: A huge amount of anti-forgery cookies with similar names, all valid for the same domain. These will be sent over the wire for every single request to that domain, as seen here: Extra payload that won't be…

Rewrite rules in ASP.NET core middleware

by Hans Arne Vartdal

If you, like me, came from the ASP.NET MVC world when you started with SPAs and Angular, you have probably at some point created a "one controller, one view MCV application", hosting the starting point of your Angular application. We could question how sensible that is, but either way,…

Hooking up ASP.NET Core 1.0 RC1 web api with Auth0 bearer tokens

by Hans Arne Vartdal

Even though you don't see security and bleeding edge release candidates in the same sentence every day, you need to secure your API's. I have been using Auth0 as my identity provider for a recent project, and they have AMAZING documentation that include everything you need, including complete code examples…