posted on May 15, 2015 by long2know in ASP.NET, Azure, Database, Entity Framework, Microsoft
I’m still playing with Azure and getting a full fledged application working and hosted using the Azure services. As I showed yesterday, setting up a Web App is pretty easy.
The next step for me involves moving an Entity Framework Database using Migrations to Azure.
posted on April 24, 2015 by long2know in Security, Web
I’ve really enjoyed running WordPress. However, there are a few features that plugin authors overlook or don’t consider. One such problem that I ran into was with the Social Login plugin that I use.
This is a great plugin (Social Login), but it was not loading profile images over HTTPS. While this may not seem like a big deal, it did make it so that a browser would report an issue with my site. This was a bit of a show stopper for me after the effort I put into getting certs/https/etc set up.
Fortunately, thanks to the flexibility of WordPress, and PHP in general, it wasn’t too terribly hard to fix.
posted on April 23, 2015 by long2know in ASP.NET, MVC, Web
I’ve used T4MVC within my MVC projects for a long, long time now. It’s one of those extremely useful utilities that probably gets forgotten.
At any rate, I’m not sure if I ever mentioned why I like T4MVC, but here are a few reasons.
posted on April 16, 2015 by long2know in ASP.NET, Web
Here’s something I learned about Url hashtags a while back that seemed worth sharing.
As you may know, hashtags are never sent to the server. There is, by regular browser redirection, no way to get hashtag information to the server.
For a client-side script based web application that uses hashtags, obviously, this presents a challenge. Even if all you want is a redirect url on login, it can’t utilize the hashtag.
One work-around that I found that works well is to redirect to a page that has a hidden HTML input which you can stuff the hash (url encoded) into and then post that as a named/value pair to the server.
posted on April 14, 2015 by long2know in ASP.NET, OWIN, Security, Web
After my previous post regarding Secure Token Services / SSO, I have been diving deeper into OWIN to understand its capabilities further.
As I mentioned, the STS system I devised is still using FormsAuthentcation. As a consequence, the relying applications are also dependent on FormsAuth. Upon further inspection, I found that this is redundant. It turns out that OWIN was doing more than I initially divined. Additionally, from all that I have read, it appears that Microsoft’s vision is to completely supplant, and retire, FormsAuth. This, obviously, could be a point of contention if one ties their authentication system into FormsAuth.
posted on April 9, 2015 by long2know in ASP.NET, OWIN, Security, Web
For the past week, I’ve been working on creating a Single SignOn (SSO) system with ASP.NET. One joke around the office is that SSO could also stand for Seldom SignOn. Essentially, we want to make securing applications as painless for the user as possible. Along the way, being able to generate secure tokens through a Secure Token Service (STS) seemed advantageous as well.
Interestingly, it still comes back to cookies. Tokenizaiton is only useful for securing API’s. That is to say, attaching an Authorization Header to an API call is straight forward, but it’s not feasible to attach one to a user’s initiated browsing.
