ASP.NET has some useful security options to prevent cross-site scripting, click hijacking, and other vulnerabilities. However, configuring these options has a few caveats.
ASP.NET Anti-forgery configuration
posted on March 9, 2016 by long2know in ASP.NET, Security
Streamlining Ninject Bindings
posted on February 11, 2016 by long2know in ASP.NET, Ninject
Dependency injection is very useful for decoupling classes from specific implementations. Typically, I use constructor injection with Ninject as my IoC (inversion of control) container. However, I’ve always had to specify interface -> type bindings one by one. It’s very clunky.
Accessing OWIN Context within a filter attribute
posted on February 10, 2016 by long2know in ASP.NET, MVC, OWIN, Security, WebApi
With a new project we have, I was tasked with working on security. Initially, I used OWIN and cookie authentication to implement a simple login and all was good. However, we wanted to remove the ability to login and have it driven by an external site redirecting a user with a token.
Service Pattern for accessing an external Api
posted on February 5, 2016 by long2know in ASP.NET, Web
A friend of mine asked me earlier today what a good pattern for accessing an Api from within a class library would look like. In .NET, I generally like to wrap this type of functionality within a service that can be injected.
Integrating SignalR with Angular
posted on November 23, 2015 by long2know in angular, ASP.NET, SignalR
SignalR is a nice framework for broadcasting messages to all clients connected to your web server. It also provides mechanisms to allow those clients to send messages to other clients. It’s not “Angular friendly” out of the box, though, since it’s designed more for use with (imho) jQuery. Here’s a simple service that I like to use with SignalR and Angular
Implementing the Actor pattern with Akka
posted on November 9, 2015 by long2know in Akka, ASP.NET
Over the past few weeks, I’ve been looking at what it takes to create a distributed computing system. The idea of using the Actor model / Actor pattern came up and it is a concept that seems to fit nicely. What is the Actor pattern then?
From Wikipedia, it’s described as such:
https://en.wikipedia.org/wiki/Actor_model
Here’s another concise definition:
An actor object is used when you have a long running task and some code that needs to be executed after it completes. This kind of object is given the information it needs to perform the task and callbacks to execute when that task is done. The actor runs on its own thread without any further input and is destroyed when it is finished.
How does one go about implementing the actor pattern, though?
Integrating client and server side validation (Part 1)
posted on October 30, 2015 by long2know in angular, ASP.NET, JavaScript, WebApi
Client side validation is pretty handy. However, as we all know, you can’t fully trust any data sent to your server from a web client. As such, we generally duplicate validation in both the client and server side scenarios. This isn’t a big problem, but it does create a disconnect when the client validation passes, but then the server validation fails. Even in duplication, I still want server-side validation to play an integral part of the overall user experience.
WebAPI Authorization in Views and Unit Tests
posted on September 28, 2015 by long2know in ASP.NET, MVC, WebApi
In my .NET 4.5 MVC projects, I already have helper methods/extensions that let me determine if a user has access to a particular controller action. This provides a nice mechanism to hide and show buttons, hyperlinks, or other UI action elements based on the authorization attributes that have been defined on the MVC Controller.
However, this is a bit more complicated with ApiControllers.
Developing and Deploying .NET Applications on Linux (Part 1)
posted on September 7, 2015 by long2know in ASP.NET, Microsoft
As a web developer primarily utilizing .NET for backend server development, and as one who uses Linux for my own hosting environments, Microsoft’s efforts to make .NET 5 cross platform are welcome. Over the Labor Day weekend, I spent a bit of time seeing how I could leverage this to host .NET web applications myself. While I mention Mint Linux, specifically, this guide should apply to any Debian/Ubuntu derivatives.
Weird OWIN Middleware Behavior
posted on September 3, 2015 by long2know in ASP.NET, Microsoft, OWIN, Security
Previously, I blogged about writing your own handler to hook into the OWIN middleware pipeline. I’ve been using the handler I described in that post for quite some time now.
However, after a bit of QA, I noticed at least one strange behavior.