Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
Recent: |
|
Past: |
|
In this writeup, I’ll demonstrate how to use Azure AD B2C to delegate identity and access management to Azure. One of the key difference is that we will not pre-register users in Azure AD using Azure AD domain name, like previous post, instead consumers of our applications can create users using any domain e.g. gmail.com. → Read More
In this and the next post I’ll demonstrate how to use Azure AD to delegate identity and access management to Azure, simplifying our application. → Read More
As developers we learn that giving meaningful names to methods produces clean, readable and maintainable code. However, that’s not all we should be concerned about when it comes to method signatures. There are two other aspects of a method signature that must be given consideration when writing code: a) parameters b) return value. → Read More
An enum is a special value type that lets you specify a group of named numeric constants. They can help make code more readable, as opposed to using int to represent constants or flags. → Read More
In a previous post, I showed how to use cookie authentication middleware to protect your web application. ASP.NET Core also provides a richer set of services, called Identity, to work with user authentication and management scenarios. For instance, in addition to authentication and password hashing, it provides features for registering new users, creating forgot & reset password tokens and their… → Read More
In the previous post, I deployed a Docker Swarm on VMs setup on my local PC, which is fine for testing. In this post I’ll deploy the same services on a Docker Swarm hosted in Azure using “Docker EE for Azureâ€. Let’s start. → Read More
First, we need a few Virtual Machines to make a cluster of machines to run Docker on. I am using Windows 10 and will use Hyper-V for this purpose. If you’re using another OS then skip the first part of the tutorial where I setup VMs. → Read More
API - has controller with CRUD operations for a movies database. It uses a class library Data, which contains repositories. Database is hosted in Azure and connection string stored in application settings (appsettings.json). → Read More
Now that you have a registry and key to upload your packages, let’s create and push a package. I am using here a simple .NET Core class library I wrote to work with CSV files, the source code can be found on GitHub. You can of course use any of your projects. → Read More
Azure provides a highly scalable, configurable and easy to use Platform-as-a-Service (PaaS) environment for our ASP.NET Core web applications. Azure Web App is one of the simplest ways to host web applications and the new Web App Container makes it really easy to host Docker containers. → Read More
In an earlier post I discussed how to prevent insecure object references by encrypting the internal references (e.g. table primary keys) using Data Protection API. To avoid duplication of code that encrypts/decrypts on every controller I used filters in that example. In this post I’ll use another complimentary technique: custom model binding. → Read More
OAuth 2 provides several flows or grant types for various use cases. I personally group them into two categories; flows that require user interaction with authorisation server and flows that don’t’. → Read More
Content Security Policy (CSP) is an additional level of security that could help prevent Cross Site Scripting (XSS) attacks. In these attacks malicious scripts are executed on user’s browser since browser doesn’t know whether the source of the script is trustworthy or not. → Read More
OWASP 2013 classifies Cross Site Request Forgery (CSRF) as one of the Top 10 risks and is present if attacker can force the victim's browser to send forged request to your web application and it considers it a legitimate request. → Read More
Exception handling middleware (as discussed here) will catch unhandled exceptions however if you want to display error pages for individual HTTP status codes then framework provides another middleware for this purpose. → Read More
How to prevent insecure direct object reference in ASP.NET Core. → Read More
When your controllers redirect to another location based on user input (e.g. via query string), it is important to ensure that the location is not malicious and prevent open redirect attacks. The simplest way to ensure this is by examining the URL provided by the user. → Read More
The new Data Protection API in .NET Core includes functionality to create hashes using PBKDF2algorithm. ASP.NET Core uses this behind the scenes in PasswordHasher class, which is used in ASP.NET Core Identity. → Read More
Create an empty project and update Startup to add services and middleware for MVC, including the filter for HTTPS. → Read More
To allow clients from a different origin to access your ASP.NET Core Web API, you’ll need to allow Cross-Origin Requests (CORS). Here same origin means clients who have identical schemes, hosts and ports. → Read More