Category Archives: ASP.NET

Home / ASP.NET
122 Posts

Don’t blame the Framework

posted on April 20, 2015 by in ASP.NET

Recently, I was reviewing some old code to see why it was performing poorly. The code in question was Database specific and was using an Entity Framework 4.4. Of course, many people wanted to immediately blame it all on Entity Framework.

Personally, I’m not so quick to condemn a framework. Frameworks usually do what you tell them to do, but only as well as you instruct them. From my experience, most of the time when a framework behaves badly, it’s not the framework’s fault. It’s usually due to poor utilization and understanding of the framework.

More Link

Url Hashtags and Redirecting

posted on April 16, 2015 by in ASP.NET, Web

Here’s something I learned about Url hashtags a while back that seemed worth sharing.

As you may know, hashtags are never sent to the server. There is, by regular browser redirection, no way to get hashtag information to the server.

For a client-side script based web application that uses hashtags, obviously, this presents a challenge. Even if all you want is a redirect url on login, it can’t utilize the hashtag.

One work-around that I found that works well is to redirect to a page that has a hidden HTML input which you can stuff the hash (url encoded) into and then post that as a named/value pair to the server.

More Link

OWIN Revisited

posted on April 14, 2015 by in ASP.NET, OWIN, Security, Web

After my previous post regarding Secure Token Services / SSO, I have been diving deeper into OWIN to understand its capabilities further.

As I mentioned, the STS system I devised is still using FormsAuthentcation. As a consequence, the relying applications are also dependent on FormsAuth. Upon further inspection, I found that this is redundant. It turns out that OWIN was doing more than I initially divined. Additionally, from all that I have read, it appears that Microsoft’s vision is to completely supplant, and retire, FormsAuth. This, obviously, could be a point of contention if one ties their authentication system into FormsAuth.

More Link

Technology Choices

posted on April 11, 2015 by in ASP.NET, Web

Earlier this week, an article about technology choices was floating around the office: Choose Boring Technology

The premise of the article focused on technology choices and explained why sticking to tried and true technologies has merit. In my own experience, and in the same week, I find this article to be very relevant and had my own correlating experience.

More Link

Secure Token Services

posted on April 9, 2015 by in ASP.NET, OWIN, Security, Web

For the past week, I’ve been working on creating a Single SignOn (SSO) system with ASP.NET. One joke around the office is that SSO could also stand for Seldom SignOn. Essentially, we want to make securing applications as painless for the user as possible. Along the way, being able to generate secure tokens through a Secure Token Service (STS) seemed advantageous as well.

Interestingly, it still comes back to cookies. Tokenizaiton is only useful for securing API’s. That is to say, attaching an Authorization Header to an API call is straight forward, but it’s not feasible to attach one to a user’s initiated browsing.

More Link

User Session Timeout

posted on April 2, 2015 by in angular, ASP.NET, JavaScript, jsfiddle, Web

When I’m online with my banking site, or Pandora, I occasionally get those nice dialogs asking if I’m still around after being idle for a while. Sometimes, I think it’s a nuisance, but it can be a helpful security measure. It can also be beneficial in SPA-type applications.

With SPA’s, the user can perform so many actions in the browser that never make requests of the server. As a result, if we’re using a cookie-based security mechanism that has a short expiration time, they could be effectively logged out and not even know it.

This is a problem.

More Link

Simple menu with ui-router states

posted on March 28, 2015 by in angular, ASP.NET, JavaScript, jsfiddle, Web

Previously in my discussion of how I like to use the ui-router and states for basic layout functionality, I touched on the basic tenants of what I see as prominent in many SPA applications. In this discussion, I’d like to dig a little deeper and illustrate a simplified implementation of a menu navigation system.

In developing a menu navigation system, I initially consider how flexible I need the navigation to be. If users can change states with hopeless abandon, then define your states and use ui-sref and nothing more. If we need more functionality, we need a more robust solution.

More Link

Apache Cordova first impressions

posted on March 25, 2015 by in ASP.NET, JavaScript, Mobile, Web

Today I spent a few hours playing around with Apache Cordova. If you don’t know what that is, it’s basically a set of API’s that let you deploy Web Apps (JavaScript) to a mobile device and then have access to that device’s hardware.

If you’re already writing SPA-type apps, Apache Cordova can be a quick way to deploy your Web App to a mobile device and have it behave just like a native app.

More Link

Detecting API auth failures in JavaScript

posted on March 24, 2015 by in angular, ASP.NET, JavaScript, Security, Web

In .NET when I’m dealing with WebAPI controllers, I like to secure them.  Typically, this is done with an [Authorize] attribute on the controller or the controller’s actions.

One problem that arises with .NET, though, is that a user’s auth token/cookie could be expired because they are inactive for a set amount of time.  Imagine that you’ve written a shiny new SPA-type web app and is SOA driven.  When the user resumes accessing your site, all of the API end-points will fail until the user logs back in.

More Link

Angular project structure and conventions

posted on March 22, 2015 by in angular, ASP.NET, JavaScript, Web

I’m not one to clutch strongly to ideals, or entrench myself in unrelenting philosophies, but I am a creature of habit.  Most of my web applications over the past year have been Angular based and I have certain proclivities to particular structures in my applications.  My IDE of choice has been Visual Studio 2013, so I take advantage of it and .NET to serve up my base structure.

In dealing with VS2013/.NET, there are some base mechanisms of which I take advantage.  The ones I’d like to discuss are .NET bundling and Nuget.

More Link