Navigating GCP IAP Local and Deployed Development with .NET and React

Navigating GCP IAP: Local and Deployed Development with .NET and React

Zach Gardner .NET, API Development, Articles, Google Cloud Platform, React Leave a Comment

I’m currently working on several cloud-native projects hosted on Google Cloud Platform (GCP) that use .NET for the API and React for the UI. These projects rely on GCP’s Identity-Aware Proxy (IAP) to handle authentication, which occurs before any requests reach the Application Load Balancer or the application itself.

While GCP’s IAP offers robust security benefits, configuring a .NET and React application to work seamlessly with it—both locally during development and when deployed to a Cloud Run instance as a Docker container—proved to be more challenging than I expected. The available documentation and resources for this setup are sparse and often fragmented, making it difficult to piece together a clear solution.

This blog post is my way of sharing the lessons I’ve learned along the way. By outlining the steps and solutions that worked for me, I hope to save others from the trial and error I experienced and provide a clearer path for integrating GCP IAP with .NET and React applications.

Navigating the Maze of Authentication Options for Solo Devs and Small Teams (header)

Navigating the Maze of Authentication Options: A Solo Developer’s Guide

Andy Link Articles, Programming, Security Leave a Comment

In web development, choosing the right authentication strategy is a pivotal decision, especially for solo developers or small teams working with limited resources. After extensive research, I’ve adopted a hybrid approach that combines the security and ease of 3rd party services like Google and Microsoft with the control of an in-house solution.

This hybrid approach addresses my core concerns: cost, control, and user convenience while keeping the in-house method at the forefront. As we explore this topic, I’ll share the considerations and insights that shaped my strategy, aiming to guide you toward the authentication system that best fits your project’s unique demands.

Application Security Whitepaper

White Paper: Security Best Practices in Application Development

Keyhole Software Articles, Consulting, Keyhole Creations, Security Leave a Comment

This white paper provides key takeaways for application stewards and software leaders to improve application security, with examples of common application security liabilities and suggestions for remediation. Topics include:

An in-depth look into Security Culture and the importance of the people element in adopting a security-first outlook.
An explanation of common application practices we frequently see in the wild that can be inherently risky, with suggestions for best practices.
A security checklist to determine critical areas of higher risk to prioritize in your journey to a more secure application.
An explanation of the security Surface Area and how to minimize it starting from your source code.
Strategies to protect Authentication and Authorization and a comparison between Third-Party solutions and rolling your own auth.
A deep dive into built-in Application Security and an exploration of strategies that might help your business, including Network-Level Security, WAF, Payload Encryption, SSL, Cloud Configuration, and SIEM…

Application Security

Top Security Mistakes to Avoid in AppDev

Zach Gardner Architecture, Articles, Security Leave a Comment

Developing custom applications is one of the hardest professional endeavors, and making them secure is even harder. Malicious actors are constantly changing tactics and strategies, which, unfortunately, makes it impossible to completely eliminate any security threat.

There needs to be a balance between delivering features quickly to meet business objectives and mitigating security risks. Thankfully, these two goals are not mutually exclusive. This blog post dives into the top mistakes that can be made while developing custom applications.

These recommendations are different from what would commonly be seen in an OWASP list, and they should be used in addition to whatever security practices and procedures are already in place by an organization’s infosec department. These recommendations are also written from an application architect’s (rather than an enterprise infrastructure) perspective, so most of them aren’t covered by existing security checklists.

Solid: A New Web Standard Allowing People to Control Their Own Data

Rik Scarborough Articles, Development Technologies & Tools, Programming, Security Leave a Comment

This post contains a recap of my research into the subject and an exploration of Sir Tim’s so-called new Internet – a technology called Solid. We’ll start by exploring what Solid is, and then we’ll talk about its purposes and how to use it. It’s a pretty cool technology!

So, let’s dive in. What exactly has Sir Tim Berners-Lee created?