Duende Blog

At Duende Software, we value open-source software and the contributors who dedicate their time and passion to providing solutions for the development community. Many of our engineering team contribute to .NET’s open source software (OSS) ecosystem, with over 50+ million downloads and counting of packages directly authored by our team members.

As a community, sharing reusable functionality helps the community succeed. Still, it comes at a cost to maintainers that can make it unsustainable, whether in time spent, financial costs, or other burdens.

We want to help those maintainers ease the burden of developing OSS software and managing a growing community because when they succeed, we all succeed in delivering solutions. This is why, next to directly contributing to .NET projects, we also want to sponsor and promote Open Source projects actively. Each quarter, the Duende team nominates and votes on projects they wish to support.

We’re happy to announce the first recipient of such sponsorship: Shouldly.

At Duende Software, we are using Shouldly in the test suites of all our products, including IdentityServer and the Backend For Frontend (BFF) Security Framework - we're big fans! Let's look at how you can get started with Shouldly.

When building web applications, single-page framework applications have become one of the dominant forms of user experience creation. Developers have many choices, including React, Angular, Vue, and many more. While plenty of frameworks exist, only a few options exist for securing these applications.

At Duende, we recommend that developers adopt the Backend for Frontend (BFF) pattern to maintain a high-security posture and protect their users and data from malicious attacks.

In this post, we’ll look at the basic architecture of a BFF solution, the responsibilities of each component, and how it all fits together.

In today's web applications, security is a top priority. One of the common attacks that web developers need to guard against is Cross-Site Request Forgery (CSRF). ASP.NET Core provides built-in support to protect against such attacks using Anti-Forgery tokens.

Let's explore what CSRF is, look at the default settings in ASP.NET Core, and how to implement Anti-Forgery in MVC, Razor Pages, and Minimal APIs. We will also cover handling Anti-Forgery tokens when using XHR or fetch requests originating from JavaScript and considerations for load-balanced scenarios.

A busy week here at Duende! After yesteday's release of Duende BFF Security Framework V3, we're happy to announce the release of Duende IdentityServer 7.2.0, which includes enhancements, bug fixes, and new features. This post will discuss some of the most notable changes and how you might want to use them in your current deployments.

Good news! We are happy to share a new major version of the Duende Backend-for-Frontend (BFF) Security Framework V3 with you.

When building applications with SPA frameworks like React, Angular, VueJs or Blazor, Backend-For-Frontend (BFF) makes it easier and more secure to integrate and manage OAuth/OpenID Connect interactions.

In this post, let's explore what's new in Duende BFF v3.

An essential part of securing ASP.NET Core applications while maintaining the capabilities to scale out to meet user demand is Data Protection.

In this post, we’ll discuss data protection, how to implement it, how to configure data protection options, and some choices you may want to consider when building your applications. We'll also explain how this relates to our Duende IdentityServer product offering.

Today, we're happy to bring you the first Release Candidate for the next version of the Duende Backend-for-Frontend (BFF) Security Framework V3.

BFF (Backend-For-Frontend) solves security and development challenges for client-side developers using SPA frameworks like React, Angular, VueJs or Blazor by providing a dedicated backend to manage OAuth/OIDC interactions while enforcing a "no tokens in the browser" policy.

In this blog post, we’ll look at some new functionality and cover some aspects you should be aware of when upgrading.

Happy New Year! Duende IdentityServer 7.1 is a new release we’re excited to share with you. In this article, we will discuss some exciting enhancements and breaking changes that software developers should be aware of when upgrading from previous versions.