posted on April 24, 2015 by long2know in ASP.NET, Web
As I’m moving more code that I’ve written in the past to my blog, I remembered I posted this code a long while on CodePaste. It allows you to send an SMS text message via your Google Voice account.
It’s a simple bit of code that’s authenticating via your Google account and then getting the proper auth codes in order to send the text message.
posted on April 23, 2015 by long2know in ASP.NET, MVC, Web
I’ve used T4MVC within my MVC projects for a long, long time now. It’s one of those extremely useful utilities that probably gets forgotten.
At any rate, I’m not sure if I ever mentioned why I like T4MVC, but here are a few reasons.
posted on April 23, 2015 by long2know in ASP.NET, Database, Entity Framework, Web
Using Stored Procedures in the latest version of Entity Framework is pretty doable. You lose a lot in terms of flexibility, but sometimes there are trade-offs that one must make. This week I was playing around with converting an application that used a Repository pattern with EF, Lambdas, and IQueryables to StoredProcs for all CRUD operations.
Here are some interesting bits that I learned.
posted on April 16, 2015 by long2know in ASP.NET, Web
Here’s something I learned about Url hashtags a while back that seemed worth sharing.
As you may know, hashtags are never sent to the server. There is, by regular browser redirection, no way to get hashtag information to the server.
For a client-side script based web application that uses hashtags, obviously, this presents a challenge. Even if all you want is a redirect url on login, it can’t utilize the hashtag.
One work-around that I found that works well is to redirect to a page that has a hidden HTML input which you can stuff the hash (url encoded) into and then post that as a named/value pair to the server.
posted on April 14, 2015 by long2know in ASP.NET, OWIN, Security, Web
After my previous post regarding Secure Token Services / SSO, I have been diving deeper into OWIN to understand its capabilities further.
As I mentioned, the STS system I devised is still using FormsAuthentcation. As a consequence, the relying applications are also dependent on FormsAuth. Upon further inspection, I found that this is redundant. It turns out that OWIN was doing more than I initially divined. Additionally, from all that I have read, it appears that Microsoft’s vision is to completely supplant, and retire, FormsAuth. This, obviously, could be a point of contention if one ties their authentication system into FormsAuth.
posted on April 11, 2015 by long2know in ASP.NET, Web
Earlier this week, an article about technology choices was floating around the office: Choose Boring Technology
The premise of the article focused on technology choices and explained why sticking to tried and true technologies has merit. In my own experience, and in the same week, I find this article to be very relevant and had my own correlating experience.
posted on April 9, 2015 by long2know in ASP.NET, OWIN, Security, Web
For the past week, I’ve been working on creating a Single SignOn (SSO) system with ASP.NET. One joke around the office is that SSO could also stand for Seldom SignOn. Essentially, we want to make securing applications as painless for the user as possible. Along the way, being able to generate secure tokens through a Secure Token Service (STS) seemed advantageous as well.
Interestingly, it still comes back to cookies. Tokenizaiton is only useful for securing API’s. That is to say, attaching an Authorization Header to an API call is straight forward, but it’s not feasible to attach one to a user’s initiated browsing.
posted on April 2, 2015 by long2know in angular, ASP.NET, JavaScript, jsfiddle, Web
When I’m online with my banking site, or Pandora, I occasionally get those nice dialogs asking if I’m still around after being idle for a while. Sometimes, I think it’s a nuisance, but it can be a helpful security measure. It can also be beneficial in SPA-type applications.
With SPA’s, the user can perform so many actions in the browser that never make requests of the server. As a result, if we’re using a cookie-based security mechanism that has a short expiration time, they could be effectively logged out and not even know it.
This is a problem.
posted on March 30, 2015 by long2know in angular, codepen, JavaScript, jsfiddle, plunker, Web
If you’ll recall my previous post on building a simple menu navigation system with Angular, I alluded to advanced scenarios such as determining when, or if, a user can navigate away from the current state.
There are many ways to prevent a user from changing state, but providing reusable mechanisms/services to achieve a unified solution should be our goal.
posted on March 28, 2015 by long2know in angular, ASP.NET, JavaScript, jsfiddle, Web
Previously in my discussion of how I like to use the ui-router and states for basic layout functionality, I touched on the basic tenants of what I see as prominent in many SPA applications. In this discussion, I’d like to dig a little deeper and illustrate a simplified implementation of a menu navigation system.
In developing a menu navigation system, I initially consider how flexible I need the navigation to be. If users can change states with hopeless abandon, then define your states and use ui-sref and nothing more. If we need more functionality, we need a more robust solution.
