Dasith Wijesiriwardena

Software Engineer | Solutions Architect | Tech Speaker | Geek with an unhealthy fascination for distributed systems and a #microsoftie. Not in that order. I’m currently based in Melbourne and work for Microsoft.

I’ve been developing software for close to 2 decades now. Since my early days of playing with C++, VB, ASP and PHP, software development has gone through a paradigm shift. These days I mostly work on things that run natively on the cloud and edge. Join me on my journey through the world of .NET and all things distributed.

Consider any opinions expressed here as my own.

Building Distributed Systems on the Shoulders of Giants - API Days Live, Australia 2020

2 minute read

I recently spoke about building distributed systems at API Days Australia conference. My talk is titled Building distributed systems on the shoulders of giants. It’s a reference to the popular metaphor about leveraging the knowledge on people who have been here before us. About API Days Live Australia On the website it says APIdays is the leading industry tech and business series of conferences in APIs and the programmable economy. As APIs become mainstream, our world becomes more connected, more au...

Converting a Visual Studio database project to use DbUp migrations

10 minute read

Database projects in Visual Studio have been a very popular way to develop and manage the database schema and logic in the past. With more and more applications now preferring to have the data tier logic and validation within the bounds of the application and use the database just for persistence, I’ve come across clients who want to convert their database projects to a more CI/CD friendly database migrations. So I decided to share an approach used to convert existing database project to use database mi...

Preventing fat/bloated/god controllers by following a simple endpoint pattern

5 minute read

I’ve been working with ASP.NET/CORE MVC and WebApi for a while now and there is a problem I often run in to. It’s the case of the fat/bloated/god controller. This is a fairly simple problem to diagnose and most developers I speak to understand why this is an anti pattern. But why does it keep happening and how do we prevent it? What makes good developers fall into this trap? The library referenced in this post SimpleEndpoints is hosted at https://github.com/dasiths/SimpleEndpoints. The Why Typical...

Integration Testing an AspNet Core API That is Protected With CSRF/XSRF Tokens

5 minute read

I was working on writing integrations tests for an AspNet Core Web API project recently (I blogged about how to write integration tests here). The front end was developed using Angular and we had CSRF protection enabled. If you haven’t done this before, the Microsoft documentation is a good place to start. How It Works On the first request to the server, it returns a cookie with a special name (i.e. XSRF-TOKEN). The SPA is expected to extract the value from the cookie and reattach that in the subseque...

Upcoming talk @ API Days, Melbourne 2019

19 minute read

I’ll be speaking about some of my Microservices scars at the upcoming API Days conference to be held at Melbourne convention & exhibition centre. My talk is titled A Game of Snake And Ladders Called Microservices. It’s a reference to the popular board game and hopeful to carry the theme throughout my talk.

Speaking @ DDD Melbourne 2019

1 minute read

Last weekend I spoke at @DDDMelbourne and it was my first time doing so. The event attracted close to 900 people and had 5 concurrent tracks. I spoke at the @JuniorDev channel about Modern Authentication.

Protecting Assets Without Using Authorization Headers (i.e. Bearer Tokens)

6 minute read

tl;dr; If you want to access an api endpoint but don’t have a way to append the authorization info to your request, you need to create a magic url that is short lived and has limited use. Go directly here for code samples. Consider this scenario. You have developed a SPA (Single Page Application) that uses some form of OAuth to retrieve an access/bearer token. You now append that to your http request header when you call your backend REST API. The backend inspects the token and processes the request....

Setting Up AzureAD Multi-tenant Authentication With ASP NET Core And Angular

6 minute read

Using Azure AD to implement a multi-tenant application is fairly straight forward. It requires turning on a few knobs and switches from the portal and you’re most of the way there. In this post we will look at how to setup an multi-tenant app registration and implement the logic in the front end to direct the user to a common sign-in endpoint. We will also look at how to control access to a pre determined set of tenants. App Registration This is the easy part. Create an app registration from the Azure ...

A Reply To Waleed Aly’s Article On Sri Lankan Easter Sunday Terrorist Attack

8 minute read

I doubt Waleed Aly will ever get to read this but at least it’s now in the ether. I wanted to apologize for bringing politics into my blog but then it dawned on me that one shouldn’t merely apologize for pointing out the fallacy of an argument made by someone else regardless of it being political or not. My only hope is that it drives a conversation. I’ve been getting a lot of comments/shares supporting this but I hope everyone still has the same motivation going forward to speak about ground realities ...

Requesting Additional Claims From AzureAD

1 minute read

I am currently working on a project that uses EasyAuth to protect a web app hosted on Azure App Services. Think of it as a layer that operates above your web app that handles authentication and then inserts some special headers with the logged in users information. Your backend web application can read these special headers and extract claims about the user. The Problem Out of the box it includes things like name, oid and upn of the logged in user. One thing very noticeably was missing was the email cl...