Navigating GCP IAP Local and Deployed Development with .NET and React

Navigating GCP IAP: Local and Deployed Development with .NET and React

Zach Gardner .NET, API Development, Articles, Google Cloud Platform, React Leave a Comment

Iโ€™m currently working on several cloud-native projects hosted on Google Cloud Platform (GCP) that use .NET for the API and React for the UI. These projects rely on GCPโ€™s Identity-Aware Proxy (IAP) to handle authentication, which occurs before any requests reach the Application Load Balancer or the application itself.

While GCPโ€™s IAP offers robust security benefits, configuring a .NET and React application to work seamlessly with itโ€”both locally during development and when deployed to a Cloud Run instance as a Docker containerโ€”proved to be more challenging than I expected. The available documentation and resources for this setup are sparse and often fragmented, making it difficult to piece together a clear solution.

This blog post is my way of sharing the lessons Iโ€™ve learned along the way. By outlining the steps and solutions that worked for me, I hope to save others from the trial and error I experienced and provide a clearer path for integrating GCP IAP with .NET and React applications.

Navigating the Maze of Authentication Options for Solo Devs and Small Teams (header)

Navigating the Maze of Authentication Options: A Solo Developer’s Guide

Andy Link Articles, Programming, Security Leave a Comment

In web development, choosing the right authentication strategy is a pivotal decision, especially for solo developers or small teams working with limited resources. After extensive research, I’ve adopted a hybrid approach that combines the security and ease of 3rd party services like Google and Microsoft with the control of an in-house solution.

This hybrid approach addresses my core concerns: cost, control, and user convenience while keeping the in-house method at the forefront. As we explore this topic, Iโ€™ll share the considerations and insights that shaped my strategy, aiming to guide you toward the authentication system that best fits your projectโ€™s unique demands.

Application Security Whitepaper

White Paper: Security Best Practices in Application Development

Keyhole Software Articles, Consulting, Keyhole Creations, Security Leave a Comment

This white paper provides key takeaways for application stewards and software leaders to improve application security, with examples of common application security liabilities and suggestions for remediation. Topics include:

An in-depth look into Security Culture and the importance of the people element in adopting a security-first outlook.
An explanation of common application practices we frequently see in the wild that can be inherently risky, with suggestions for best practices.
A security checklist to determine critical areas of higher risk to prioritize in your journey to a more secure application.
Anย explanation of the security Surface Area and how to minimize it starting from your source code.
Strategies to protect Authentication and Authorization and a comparison between Third-Party solutions and rolling your own auth.
A deep dive into built-in Application Security and an exploration of strategies that might help your business, including Network-Level Security, WAF, Payload Encryption, SSL, Cloud Configuration, and SIEM…

Spring Security 5 with OAuth2 Login

Quick Start: Spring Security 5 OAuth2 Login

Brandon Klimek Articles, Development Technologies & Tools, Security, Spring, Tutorial 1 Comment

Social logins using Oauth2 have become a industry standard. It has revolutionized the way sites share data and has allowed users to quickly access new applications without having to create a new set of credentials. This article gives an example of why OAuth2 was invented and provides a working example of a Spring Security 5 application integrated with Google.