A pile of anti-forgery cookies

Opening the Chrome console on one of our web apps I noticed this: A huge amount of anti-forgery cookies with similar names, all valid for the same domain. These will be sent over the wire for every single request to that domain, as seen here: Extra payload that won't be…

Rewrite rules in ASP.NET core middleware

If you, like me, came from the ASP.NET MVC world when you started with SPAs and Angular, you have probably at some point created a "one controller, one view MCV application", hosting the starting point of your Angular application. We could question how sensible that is, but either way,…

Hooking up ASP.NET Core 1.0 RC1 web api with Auth0 bearer tokens

Even though you don't see security and bleeding edge release candidates in the same sentence every day, you need to secure your API's. I have been using Auth0 as my identity provider for a recent project, and they have AMAZING documentation that include everything you need, including complete code examples…