Look, if you’re reading this in 2026, let’s drop the pretense. You didn’t choose WS-Federation for a shiny new greenfield project. You inherited it. You likely just took ownership of a legacy ...

When building modern APIs or web applications, security must be a priority—not an afterthought. Even if your backend does not directly expose a UI, it still interacts with browsers, mobile apps, and ...

On October 14, 2025, Microsoft released a security update addressing CVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, ...

Give users only what they need—nothing more. If only admins should manage users, make sure your code enforces it. Use TLS 1.2+ for HTTPS connections. Encrypt sensitive data with AES-256. Never ...

Swashbuckle 维护不力：Swashbuckle 项目不再由社区所有者积极维护，存在许多问题未得到解决，并且未发布兼容 .NET 8 的正式版本。 转向 Microsoft.AspNetCore.OpenApi：ASP.NET Core 团队将增强 Microsoft.AspNetCore.OpenApi 的功能，以取代 Swashbuckle 并实现 OpenAPI 文档生成。 已有替代 ...

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. However, “minimal” doesn’t mean minimal security. Minimal APIs ...

Take advantage of authentication and authorization, API keys, rate limiting, CORS, API versioning, and other recommended practices to build secure and robust APIs in ASP.NET Core. Because our APIs ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Spencer Judge discusses the architectural ...

This template can be used to create a Blazor WASM application hosted in an ASP.NET Core Web app using Microsoft Entra ID and Microsoft.Identity.Web to authenticate using the BFF security architecture.