Category

Web

Azure, Debugging, Web, WebApi

Debugging a managed identity connection to Azure SQL in Azure App Service using containers

So you’ve been eager to deploy your containerized web application that you’ve been working on for a while, to Azure App Service. You follow the best security practices which means you’ve setup your connection to your Azure SQL database using a managed identity. Upon loading your application, you get a dreadful exception that you can’t connect to the database. You then wonder, is this a database permission problem or some another problem, such as the application cannot connect to the database using its managed identity. This problem is even tougher to diagnose in applications such as Custom Off the Shelf (COTS) that you don’t have the source code. Rest assured, this happen to the best of us (yes, even me!)….

Read more
Azure, Development, Web, WebApi

Load testing your applications using Azure Load Testing, JMeter and GitHub Actions

I’ve been working with more customers that are starting to take testing (unit, integration, end to end and load testing) more seriously. You may ask, “Dom, really? I thought testing was trivial”. Unfortunately not. As we’re entering an era where businesses are producing software like never before, relatively speaking, these businesses are not software companies. They are seeking to prioritize the speedy creation of business value while disregarding the importance of testing. Development teams, most often than not, are under pressure when the applications they develop do not perform the way they intended it to work, after being released. Testing is not engrained within their DNA. If it would have been, the extra stress and anxiety associated with debugging the…

Read more
Azure, Database, Web

Using managed identities with SQL Azure Database in ASP.NET Core

We are now in a world where we want to eliminate passwords as much as possible, and Microsoft, through its cloud platform Azure, is trying to help us do that. Today, I want to show you how you can secure your SQL Azure database using managed identities so you don’t have to create any SQL Login and carry passwords around. Prerequisites To demonstrate this, I will be using the following Azure resources: Azure App Service Plan / App Service Azure SQL Server 1 Azure SQL Database Make sure you have those already created. You also will need either the Azure CLI or Azure Az powershell module. In my case, I will be using the Azure Az powershell module. Moreover, in…

Read more
Azure, C#, Web

Connecting Azure AD and Azure AD B2C to IdentityServer4

I’ve been playing with IdentityServer4 lately and I wanted to share you guys the findings I’m finding while I am playing with it. IdentityServer4 for the ones who don’t know it, is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 2. You can read all about it here. In today’s post, I would like to show you how you can connect Azure AD and Azure AD B2C to IdentityServer4 as external providers. When doing so, IdentityServer becomes a federated gateway. Both implementation are similar, however, Azure AD and Azure AD B2C have specificities that are particular to them. Connecting to Azure AD We can connect Azure AD to IdentityServer through an external OpenIdConnect provider. To do that, you…

Read more
C#, Web

ASP.NET Identity for your custom user and roles models

I’ve been seeing a lot of requests by developers in the past months who seem to be struggling with adding their custom user authentication model into their application; they want to be able to integrate it into the ASP.NET pipeline to play nice with the Authentication middleware (i.e. AuthorizeAttribute). ASP.NET Identity Core has been rewritten to leverage the use of interfaces (abstraction!) so you can easily develop a system that caters to your needs. In this post, I want to show you how to leverage that by using ASP.NET Identity in an ASP.NET Core 2.0 application. Setup The first thing is to add the ASP.NET Identity package to your project. In Visual Studio 2017, you can right click on the Dependencies…

Read more
C#, Web, WebApi

Web APIs: what you should not forget

In today’s day and age, you probably have heard of (REST) Web APIs as the way to consume data over the web. This is especially true with the emergence of microservices. You are probably building, have built or thinking of building a/some Web API(s). You are or may be planning to consume a/some Web API(s). In this post, I want to highlight certain things not to forget, on a technical stand point, when consuming and building Web APIs. Remember that those are just a start. There are multiple resources on the internet to help you adopt good practices. A good one that I recommend is the Microsoft API Implementation guide. TL;DR In building APIs: Versioning Verbs to nouns Status codes overload…

Read more
Angular, Web

Custom control validation in Angular

Validation is an integral part of a web application. Making sure that a first validation pass is done on the client side can (to some extent) help you cleanse your data and show useful messages to your users when the input data is invalid. Angular comes with a pre-determined set of validators, and you can find find some validators libraries on GitHub, but sometimes this is not enough as you need custom rules for validating your data. Since form validation can occur through reactive forms or template driven forms, let’s go over each of them to see how we can add a custom validator in each case. Custom validator through reactive forms Validation can occur on a formControl or on a…

Read more
Angular, C#, Web

Secure your Angular/ASP.NET Core application with Anti-forgery token

Security has always been at the forefront of Web Applications. There are so many security concerns one has to think of when developing web applications. Today, I want to share with you guys how to secure a Single Page Application (SPA) from Cross-site request forgery (CSRF or XSRF) using Angular 4. If you’re still using Angular 2 this works as well but I recommend upgrading to 4. It’s easy and they made the code faster and smaller (maybe a topic for another day ;-]) By default, the Angular core HTTP library will look for a token in the cookie with the name XSRF-TOKEN and add it to the request. Thanks to the CookieXSRFStrategy provided by Angular, Angular does that part for you. However,…

Read more
Angular, Web

Demystifying a few Angular2 concepts for starters

Being immersed in the JavaScript frameworks world can be intimidating. Today, I will try to demystify a few concepts and perhaps at the same time answer some questions that someone starting with Angular2 will most probably have. The framework is mature enough at this point in time to be able share some of the basics, but useful, things that one should have in mind when using it. Angular2 uses TypeScript TypeScript is a subset of JavaScript that is strongly typed, unlike JavaScript which is dynamically typed. Without going into too much details, it basically means that the compiler will not let you put a type into another. For instance, assigning a number (may it be a short, int, double, etc) to a…

Read more
Tools, Visual Studio, Web

Synchronizing node version with your environment in Visual Studio 2017

Visual Studio 2017 is official finally out and Microsoft did a tremendous job in listening to their user base. They simplified the install process, enhanced the speed of the load of the projects, enhanced their IntelliSense and debugging tools to say the least. If you have not tried it yet, go and grab yourself a copy today! The community edition is free and is available to everyone! On that note, one may remember the nodejs binding problem that would occur in Visual Studio 2015 when it comes to gulp and node-sass

This happens because Visual Studio has a set of paths that are searched to find node/npm etc. By default Visual Studio 2017 comes with Node 5.4.1 and npm 3.3.4 shipped. As…

Read more
Continuous Integration, Web

ASP.NET Core web.config publishing blues

I’ve been working on being able to use Octopus Deploy to deploy ASP.NET Core applications through IIS and I was faced with an interesting challenge. When publishing to a File System through the Visual Studio Publish command, it will trigger a PowerShell script that essentially will call Microsoft Web Deploy V3 (msdeploy) to put your FileSystem up to date with your release. But before calling MSDeploy, it will update (or should I say overwrite) your web.config with the proper handlers that match your application. This means that it will create a generic web.config and removing all the settings you may want. The ASP.NET team is aware I believe of the fact that the publishing tool is limited and thus in need of some customization features…

Read more
C#, Web

Two-Factor authentication in ASP.NET Identity 3 using TOTP authenticator

Two-Factor authentication is becoming more critical especially in business applications where sensitive and/or critical data can be accessed. A business application should communicate on a secure channel (https) and should implement Two-Factor as a minimum for their users especially if they can access the application remotely, which means everywhere. You could obviously skip the Two-Factor authentication when the user is on the intranet. This is not implemented in this article. What is a Two-Factor authentication? I will give a brief overview of what Two-Factor authentication actually is. As Joel Franusic described it in his post Two-Factor Authentication or TFA is a method where your users are required to log in with two “factors”: a password, and a code from a device that…

Read more
Angular, React, Web

Angular2 or React in the business environment

In 2015 and 2016, React was at the top of front end libraries for creating reusable components. AngularJS (Angular 1) was being slowly left behind; the Google team after 5 years of development learned from the users and came out with Angular 2. The framework was rewritten completely and it really is an amazing accomplishment. As a software architect, a key task of my job is to evaluate the current and future tools, frameworks and libraries out there and see if one of more could potentially be a fit for the development team. As you probably know, they are a lot of articles comparing both React and Angular 2. As a user of both, I want to share with you my findings….

Read more