* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* .NET 6 CORS /6
* Move the creation of the QR code to a js file.
In-line JavaScript is insecure and breaks script-src 'unsafe-inline' in Content Security Policy.
Note: I think the part about locating the Scripts section in EnableAuthenticator.cshtml should probably go after bit I've added about creating the js file (qr.js), and before updating the scripts section. I haven't moved it as I wasn't sure how the "moniker" directives worked and didn't want to break anything. (my first ever documentation proposal)
* Apply suggestions from code review
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update overview.md
Add isolation clarification driven by a customer misunderstanding who had used key vault to isolate individual keys in the same vault, causing app crashes.
* Update aspnetcore/security/data-protection/configuration/overview.md
Co-authored-by: Hao Kung <HaoK@users.noreply.github.com>
* Apply Pitch fork guys suggestions (#23071)
* Update overview.md
* Update aspnetcore/security/data-protection/configuration/overview.md
* Update aspnetcore/security/data-protection/configuration/overview.md
* Update aspnetcore/security/data-protection/configuration/overview.md
* Update aspnetcore/security/data-protection/configuration/overview.md
Co-authored-by: Hao Kung <HaoK@users.noreply.github.com>
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update mixed up words
`context.Success` and `context.Fail` are void functions
* Update aspnetcore/security/authorization/secure-data.md
* Update aspnetcore/security/authorization/secure-data.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Highlight the correct line of code
Highlight call to `AddRoles<IdentityRole>()` instead of `AddEntityFrameworkStores<ApplicationDbContext>()` in the **Add Role services to Identity** section
* Highlight the correct lines of code
Correctly highlight calls to `AddRoles<IdentityRole>()` in the **Add Role services to Identity** sections
* Add info on security risk of redistribution of dev cert
* Adding stronger language
* Update aspnetcore/security/enforcing-ssl.md
* Apply suggestions from code review
Added "> " to warning section. fixing what I broke.
Co-authored-by: Wade Pickett <wpickett@microsoft.com>
Changes were in that @blowdart requested in review, so I will go ahead and Squash and Merge. - Wade
* Revisions
* pushing for a preview build
* Pushing for a preview build
* fixed snippet?
* render test
* final changes
* snippets
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c/sample/Startup.cs
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update aspnetcore/security/authentication/azure-ad-b2c.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* show VS for managing user secrets /a
* show VS for managing user secrets /a
* show VS for managing user secrets /a
* Update aspnetcore/security/app-secrets.md
Co-authored-by: Wade Pickett <wpickett@microsoft.com>
Co-authored-by: Wade Pickett <wpickett@microsoft.com>
* Cert trust info for more linux distros
* Update aspnetcore/security/enforcing-ssl.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
* Update to include PassThroughAuthorizationHandler
Adding a description of why mixing a handler and policy in the same class removes the need for DI registration.
Fixes https://github.com/dotnet/AspNetCore.Docs/issues/18695
* Update aspnetcore/security/authorization/policies.md
Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
Max Lefebvre
Dina Berry
marquisdan
Rick Anderson
Luke Latham
Ted
Wade Pickett
GitHubPang
LaughingJohn
Kent Sharkey
Alif
Chris Ross
IgorP
Martin Costello
Barry Dorrans
Alexander Georgiadis
Ashot Muradian
damienbod
Matt Thalman
Cam Soper
Remco Eissing
adamijak
Ray
reponemec