ASP.NET’s built in CSRF (Cross-site request forgery) is pretty straight forward. You add a token to your views via an HTML Helper, and then decorate your controller actions with a specific attribute to validate the token on POST. There are many times, seemingly randomly, where users have invalid tokens on their requests. MVC throws a 500 error with an HttpAntiForgeryException. For legitimate users, this is not an optimal experience.
Handling ASP.NET MVC HttpAntiForgeryExceptions
posted on August 5, 2016 by long2know in ASP.NET, MVC
Capturing Redirects with HttpClient
posted on July 27, 2016 by long2know in ASP.NET
A while back, I blogged about a pattern of accessing API’s with .NET’s HttpClient. In practice, one problem with .NET’s HttpClient is that it doesn’t provide any insight regarding Http redirects.
Angular2 basic routing
posted on July 18, 2016 by long2know in angular, ASP.NET, Core, JavaScript
In continuing to build upon my previous project to get Angular2 working with Visual Studio 2015, I’ve been playing with routing and components.
While routing and components are very different when compared to Angular v1, it’s still pretty straight forward to get a basic application up and running.
Accessing HttpContext in ASP.NET Core
posted on July 12, 2016 by long2know in ASP.NET, Core
In the solution that I’m migrating to ASP.NET Core, I have a domain project that uses System.Web’s HttpContext. Since System.Web is not part of .NET Core, I had to figure out how one gets the current user’s identity within a domain class.
ASP.NET Core Enforcing HTTPS
posted on July 11, 2016 by long2know in ASP.NET, Core
With OWIN and .NET 4.6.x, it was pretty straight forward to enable SSL (TLS), and redirect all requests to the HTTPS end-point with Visual Studio’s tooling (IIS Express). It’s not quite as straight forward to accomplish this in .NET Core.
ASP.NET Core OAuth Middleware
posted on July 11, 2016 by long2know in ASP.NET, Core, Microsoft, Middleware, Security
After using OWIN for months for basic OAuth authentication, it’s apparent that Microsoft is abandoning OWIN . This isn’t necessarily a bad thing. .NET Core is built on a similar structure as that which was implemented in OWIN. Essentially, we have a familiar middleware pipeline.
Consuming a SOAP service using HttpClient
posted on July 7, 2016 by long2know in ASP.NET
Some of Microsoft’s built-in code generation/tooling is really janky. One such example is the code generator that will produce service references and proxy classes from a SOAP WSDL definition. I’ve never liked this particular feature of Visual Studio. The service classes themselves don’t play nicely with injection, behave strangely with instantiation, scoping, singleton patterns, and are generally so .NET 1.1…
Porting EF6 to EF7 or EF Core
posted on July 6, 2016 by long2know in ASP.NET, Core, Entity Framework
Since my foray into utilizing .NET Core to port an older CRUD app using Angular 1.x and Entity Framework 6.x, my first stumbling block is dealing with breaking changes between EF 6.x and newer versions of EF.
Creating an Angular2 app with VS2015
posted on July 6, 2016 by long2know in angular, ASP.NET, Core
Last night, I was playing with the latest .NET Core tooling in Visual Studio 2015 and decided to create an Anuglar2 application. It is not a straight-forward process. Additionally, most tutorials that you will see floating around don’t deal with Angular2 RC4 (v.Latest). And the few that do either aren’t Visual Studio 2015 specific or aren’t targeting ES5 as required by IE11 or older.
Integrating with ASP.NET Identity’s Schema
posted on June 24, 2016 by long2know in ASP.NET, Entity Framework, Security
My current single-sign server, that utilizes OWIN, does not store information regarding users’ identity. On the back-end, it makes LDAP queries to Active Directory to authenticate users and then makes additional LDAP queries to determine roles and authorization.
Since I’ve been playing with Azure lately, I wanted to re-tool this solution to allow toggling between a data-store for user identity information and Active Directory.