Speaking @ DDD Melbourne 2019
Last weekend I spoke at @DDDMelbourne and it was my first time doing so. The event attracted close to 900 people and had 5 concurrent tracks. I spoke at the @JuniorDev channel about Modern Authentication.
Protecting Assets Without Using Authorization Headers (i.e. Bearer Tokens)
tl;dr; If you want to access an api endpoint but don’t have a way to append the authorization info to your request, you need to create a magic url that is short lived and has limited use. Go directly here for code samples. Consider this scenario. You have developed a SPA (Single Page Application) that uses some form of OAuth to retrieve an access/bearer token. You now append that to your http request header when you call your backend REST API. The backend inspects the token and processes the request....
Setting Up AzureAD Multi-tenant Authentication With ASP NET Core And Angular
Using Azure AD to implement a multi-tenant application is fairly straight forward. It requires turning on a few knobs and switches from the portal and you’re most of the way there. In this post we will look at how to setup an multi-tenant app registration and implement the logic in the front end to direct the user to a common sign-in endpoint. We will also look at how to control access to a pre determined set of tenants. App Registration This is the easy part. Create an app registration from the Azure ...
A Reply To Waleed Aly’s Article On Sri Lankan Easter Sunday Terrorist Attack
I doubt Waleed Aly will ever get to read this but at least it’s now in the ether. I wanted to apologize for bringing politics into my blog but then it dawned on me that one shouldn’t merely apologize for pointing out the fallacy of an argument made by someone else regardless of it being political or not. My only hope is that it drives a conversation. I’ve been getting a lot of comments/shares supporting this but I hope everyone still has the same motivation going forward to speak about ground realities ...
Requesting Additional Claims From AzureAD
I am currently working on a project that uses EasyAuth to protect a web app hosted on Azure App Services. Think of it as a layer that operates above your web app that handles authentication and then inserts some special headers with the logged in users information. Your backend web application can read these special headers and extract claims about the user. The Problem Out of the box it includes things like name, oid and upn of the logged in user. One thing very noticeably was missing was the email cl...
Mediator Pattern Implemented In .NET/C#
The mediator pattern or the “domain whisperer” as I like to call it has been around for a long time and the main selling point of it is the reduction of coupling and enforcing clear separation of the domain logic from UI/Top layers. Let’s look at the Wikipedia definition. Usually a program is made up of a large number of classes. Logic and computation are distributed among these classes. However, as more classes are added to a program, especially during maintenance and/or refactoring, the problem of...
OAuth Client Credentials Flow With AzureAD
Navigating through the various authentication and authorization flows in AzureAD can sometimes be confusing. The Microsoft documentation on app types is a good place to start. Today we will be looking at the client credentials grant flow. The Microsoft documentation around the flow with regards to AzureAD can be found here. They have named the document Service to service calls using client credentials which is what the client credentials grant is used for. It is a prerequisite of this post that you ...
Integration Testing ASP.NET Core WebApi
If you’re a decent .NET developer and lucky enough to work in a good team then most of your work would be unit testable. But there is always a case to write some integration tests to make sure things work end to end. I was in such a situation recently. I had to write integration tests for a ASP.NET core 2.2 project which had external dependencies I had to mock during the test. The Microsoft documentation was very good but it doesn’t (at the time of writting this post) cover all scenarios when mocking is...
NimbleConfig - A Simple Config Injector For .Net
I recently started an open sourced project called NimbleConfig (hosted in GitHub). It is a simple, unambitious, convention-based configuration injector for .NET using IConfiguration (Microsoft.Extensions.Configuration) with full support for AspNetCore.
Speaking @LevelsConf 2018
I recently got a chance to speak at Levels Conference and it was my first time speaking in front of such a large audience. There were around 400 very keen junior developers there.