Secured using Cookies, and OpenID Connect Hybrid Flow. Cookies configured with Same site and use Anti-forgery protection. Security headers are also applied.
- Using Angular in an ASP.NET Core View with Webpack
- Secure ASP.NET Core MVC with Angular using IdentityServer4 OpenID Connect Hybrid Flow
- Anti-Forgery Validation with ASP.NET Core MVC and Angular
2022-01-28 Updated to .NET 6
2021-02-17 Updated packages
2020-12-08 Updated to .NET 5
2020-09-15 Updated IdentityServer4 to version 4.1.0, nuget, npm packages
2020-07-03 Updated IdentityServer4 to version 4.0.1, prompt=login bug fix
2020-06-27 Updated IdentityServer4 to version 4.0.0 and Angular to version 10.0.0
2020-06-23 Updated Nuget packages, Updating Angular packages
2020-03-03 Updated STS to support FIDO2
2020-02-25 Updated nuget packages, npm packages
2020-01-10 Updated nuget packages, same site fix
2019-12-21 Updated to .NET Core 3.1 Angular 8.2.14
2019-09-26 Updated to .NET Core 3.0 Angular 8.2.8
2019-09-14 Updated to .NET Core 3.0 preview 9, Angular 8.2.6
2019-08-27 Updated to .NET Core 3.0, Angular 8.2.3
2019-06-14 Updated to npm, nuget packages
2019-05-03 Updated to npm, nuget packages, in-process
2019-03-15 Updated to Angular 7.2.9, .NET Core 2.2
2018-09-17 Updated to Angular 6.1.7, latest .NET 2.1 packages, updated STS
2018-06-16 Updated to Angular 6.0.5
2018-06-16 Updated to ASP.NET Core 2.1
2017-09-22 Updated to ASP.NET Core 2.0, Angular 4.4.3
https://docs.microsoft.com/en-us/aspnet/core/security/anti-request-forgery
https://stackoverflow.com/questions/46040922/angular4-httpclient-csrf-does-not-send-x-xsrf-token