posted on June 3, 2015 by long2know in ASP.NET, MVC, OWIN, Security
After creating a redistributal package for a custom OWIN AuthenticationHandler that handles logins to an internally hosted Oauth2/SSO provider, I found something a little annoying.
When OWIN detects a 401 response and the AuthenticationMode is “Active,” it doesn’t capture the URL hash from the request.
posted on May 28, 2015 by long2know in ASP.NET, OWIN, Security
Being able to decrypt the OWIN AuthenticationTicket can be very useful. In the cases where the cookie/tickets are shared across applications, this is especially true.
Interestingly, if you’re using OWIN for both cookie-based authentication and access tokens, the Ticket is stored in both mediums.
With that in mind, the easiest method to decrypt a ticket to access claims, etc is to simply stand up a protected Resource server with a single Api endpoint to display the contents of the ticket. Going this route, the decryption is automatically handled by OWIN with very little code. The endpoint can be accessed by a user’s browser (decrypting the cookie) or by a server passing in a Bearer token.
posted on May 27, 2015 by long2know in ASP.NET, OWIN, Security, Web
With my previous endeavors using OWIN Middleware for an SSO Authentication system, I used DotNetOpenAuth as the client to make the OAuth Authorization Code grant flow. However, after a bit of research, I’ve learned that hooking into the OWIN Middleware can completely eliminate the need to use DotNetOpenAuth.
Additionally, eliminating DotNetOpenAuth and its dependencies makes creating a Nuget reusable package for the applications that I intended to use with the SSO/OAuth2 mechanism much simpler.
posted on May 19, 2015 by long2know in ASP.NET, MVC, OWIN, Security
Adding custom claims in .NET Identity, through OWIN, or otherwise is pretty straight forward.
But, what if we want to step outside of, or augment, the OAuth flow?
posted on May 15, 2015 by long2know in ASP.NET, Azure, Database, Entity Framework, Microsoft
I’m still playing with Azure and getting a full fledged application working and hosted using the Azure services. As I showed yesterday, setting up a Web App is pretty easy.
The next step for me involves moving an Entity Framework Database using Migrations to Azure.
posted on May 14, 2015 by long2know in ASP.NET, Azure, Microsoft
With all of the hoopla lately about Azure, I have been playing with it, and Application Insights, for the past few weeks.
One thing that I hadn’t really delved into is its .NET Web App hosting. As an MSDN subscriber, many of the cloud services are offered in some form of free capacities. This includes Web App and Azure SQL hosting.
posted on April 30, 2015 by long2know in ASP.NET, Azure, Testing
I’ve been watching the #build2015 conference online for the past couple of days. Microsoft has some nice, compelling product announcements.
One that caught my attention was Application Insights. So, I decided to give it a shot with an existing MVC + WebApi web application.
posted on April 29, 2015 by long2know in ASP.NET, Database
Recently, I had a conversation with another developer about the role of DBA’s in the development process. It was immediately clear that, philosophically, our viewpoints diverged.
The conversation digressed, and I found that this developer was completely against using ORMs to make queries. The term ‘ad-hoc queries’ was bandied about quite a bit. This other developer also went so far as to tell me that, in a code review in ‘hard-core’ dev shops, ad-hoc queries would get smacked down.
posted on April 27, 2015 by long2know in ASP.NET, Database, Entity Framework
In my previous post discussing profiling Entity Framework, I alluded to DbInterceptors as being able to provide lots of useful functionality. In this post I’ll expand on the DbInterceptor and show a few optimizations / manipulations that I like to perform on EF’s generated queries.
posted on April 24, 2015 by long2know in ASP.NET, Web
As I’m moving more code that I’ve written in the past to my blog, I remembered I posted this code a long while on CodePaste. It allows you to send an SMS text message via your Google Voice account.
It’s a simple bit of code that’s authenticating via your Google account and then getting the proper auth codes in order to send the text message.
