Archive for  May 2015

Home / May 2015
11 Posts

Being able to decrypt the OWIN AuthenticationTicket can be very useful. In the cases where the cookie/tickets are shared across applications, this is especially true.

Interestingly, if you’re using OWIN for both cookie-based authentication and access tokens, the Ticket is stored in both mediums.

With that in mind, the easiest method to decrypt a ticket to access claims, etc is to simply stand up a protected Resource server with a single Api endpoint to display the contents of the ticket. Going this route, the decryption is automatically handled by OWIN with very little code. The endpoint can be accessed by a user’s browser (decrypting the cookie) or by a server passing in a Bearer token.

More Link

With my previous endeavors using OWIN Middleware for an SSO Authentication system, I used DotNetOpenAuth as the client to make the OAuth Authorization Code grant flow. However, after a bit of research, I’ve learned that hooking into the OWIN Middleware can completely eliminate the need to use DotNetOpenAuth.

Additionally, eliminating DotNetOpenAuth and its dependencies makes creating a Nuget reusable package for the applications that I intended to use with the SSO/OAuth2 mechanism much simpler.

More Link

Earlier today, I started looking at Angular 2.0 and the differences with Angular 1.x. The primary difference, aside from API changes, is that Angular 2.0 uses ECMAScript 6 (ES6 JavaScript).

ES6 is quite different from ES5. To be honest, I am still wrapping my head around the differences between ES6 and ES5. From a cursory perspective, many components/modules/elements that previously required JavaScript libraries are now native. Additionally, ES6 is more class driven than ES5 and supports observables.

More Link

Adding custom claims in .NET Identity, through OWIN, or otherwise is pretty straight forward.

But, what if we want to step outside of, or augment, the OAuth flow?

More Link

Earlier today, after a system outage, I was sent a W3C IIS Log to take a look at.

After staring at this log for a few minutes in Notepad2, my eyes started to glaze over. Basically, staring at system or IIS logs with a text editor is useless if there are tons of events or requests.

I knew there are plenty of parsing tools out there for log analysis, and I had used some before. Unfortunately, I had none of these tools installed on my laptop. Googling quick lead me to a Microsoft tool called ‘LogParser’ that I had never heard of before.

More Link

I’m still playing with Azure and getting a full fledged application working and hosted using the Azure services. As I showed yesterday, setting up a Web App is pretty easy.

The next step for me involves moving an Entity Framework Database using Migrations to Azure.

More Link

With all of the hoopla lately about Azure, I have been playing with it, and Application Insights, for the past few weeks.

One thing that I hadn’t really delved into is its .NET Web App hosting. As an MSDN subscriber, many of the cloud services are offered in some form of free capacities. This includes Web App and Azure SQL hosting.

More Link

After Ignite, and especially after viewing the the latest features of VS2015 RC, ASP.NET 5.0, and .NET Core 5.0, my interest in Node.js was finally piqued. Admittedly, I had mostly ignored Node.js up to this point. As a primarily Angular/JavaScript developer, the aspect of using JavaScript for server-side is becoming increasing appealing.

Let me preface this by stating that I’m a noob when it comes to node. This really is my first time diving into its feature set.

For a brief history, Node.js is a runtime environment that uses the Chrome V8 JavaScript engine to execute JavaScript on a server. This also provides web hosting and other niceties to run both console apps and web-hosting apps. Spinning up, for example, an API through Node becomes a pretty straight-forward and powerful capability.

More Link


Microsoft Ignite is coming to a close and it’s been a whirlwind week for me.

Overall, the material presented adhered to Microsoft’s agenda of touting Azure, its cloud, and IaaS/PaaS products. Infrastructure as a Service and Platform as a Service are interesting, in and of themselves, but I find that most aren’t ready to jump in with both feet.

More Link

Another day of the Microsoft Ignite conference has passed. I felt more productive this day than I had during the first day. But, there have been bumps along the way.

I attended various sessions with topics ranging from Identity/Security to simple Angular/SPA apps to Microsoft’s new Threat Analysis tools.

More Link