In today’s web applications, security is a top priority. One of the common attacks that web developers need to guard against is Cross-Site Request Forgery (CSRF). ASP.NET Core provides built-in support to protect against such attacks using Anti-Forgery tokens.

Let’s explore what CSRF is, look at the default settings in ASP.NET Core, and how to implement Anti-Forgery in MVC, Razor Pages, and Minimal APIs. We will also cover handling Anti-Forgery tokens when using XHR or fetch requests originating from JavaScript and considerations for load-balanced scenarios.

A busy week here at Duende! After yesteday’s release of Duende BFF Security Framework V3, we’re happy to announce the release of Duende IdentityServer 7.2.0, which includes enhancements, bug fixes, and new features. This post will discuss some of the most notable changes and how you might want to use them in your current deployments.

Good news! We are happy to share a new major version of the Duende Backend-for-Frontend (BFF) Security Framework V3 with you.

When building applications with SPA frameworks like React, Angular, VueJs or Blazor, Backend-For-Frontend (BFF) makes it easier and more secure to integrate and manage OAuth/OpenID Connect interactions.

In this post, let’s explore what’s new in Duende BFF v3.