How We Built a Secure Invoice Generator with .NET 8 and Razor Pages
rytis

rytis @kbyte_it_services

About: We deliver end-to-end IT solutions designed to support the changing needs of modern businesses. Our services include network infrastructure design, software development, managed IT services.

Location:
Peterborough, Cambridgeshire, UK
Joined:
Jun 19, 2025

How We Built a Secure Invoice Generator with .NET 8 and Razor Pages

Publish Date: Jun 19
0 0

In this article, I’ll walk you through how we developed a secure, lightweight invoicing system using .NET 8, Razor Pages, and MySQL. Our goal was to keep the stack simple while ensuring data security, PDF generation, and clean usability — all tailored for SMEs.

🧱 The Stack

  • .NET 8 (Razor Pages)
  • MySQL as the data store
  • Dapper for lightweight data access
  • QuestPDF for PDF invoice generation
  • Microsoft Entra ID for authentication (via OpenID Connect)

We aimed for a balance between maintainability and scalability, while also conforming to security best practices.

🔐 Authentication & Authorisation

We integrated Microsoft Entra ID for secure sign-in using OpenID Connect, which allowed us to centrally manage user access. This made it easier to enforce conditional access and multi-factor authentication for internal users managing invoices.

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"));
Enter fullscreen mode Exit fullscreen mode


`

Using Entra also gave us a single sign-on (SSO) experience across internal tools.

🧾 Generating PDFs from Razor Pages

We used QuestPDF, an open-source NuGet package that allows programmatic layout of PDFs. The key benefit is full control over structure and styling, using C# directly.

Example of an invoice rendering block:

csharp
component.Content(c =>
{
c.Header().Text("Invoice #12345").FontSize(20);
c.Paragraph().Text("Billed To: John Doe");
c.Line();
// More sections here
});

The PDF is generated on the fly and downloaded directly from a secured page. No file system writing needed.

🔐 Secure Design Considerations

  • Anti-forgery tokens for form submissions
  • Role-based access control on sensitive pages
  • Audit logging on invoice edits
  • TLS-only endpoints
  • Server-side validation on all input models

We also avoided JavaScript-heavy solutions to keep the attack surface minimal.

🧠 Lessons Learned

  • Razor Pages are surprisingly efficient for CRUD-heavy interfaces
  • Integrating PDF generation is smoother when done purely in C#
  • Security becomes simpler when you leverage Entra ID and isolate your admin portal

👨‍💻 Need Help with Secure Web Tools?

If you’re a small to mid-sized business looking for reliable IT Support in the UK, our team at KByte provides tailored solutions — including secure web application development, infrastructure support, and more.

Feel free to drop a comment if you’re building something similar, or have questions about integrating authentication, PDF tooling, or data access in Razor Pages.

Comments 0 total

    Add comment