| |
browse.develop.com
Browse.develop.com is a community that was established to collect and
organize valuable web information. Our technical staff have selected and
indexed information and courses that they feel will help you stay
current on best practices across the SDLC.
|
11 Articles match "Course"
See all articles with
"Course"
| The Latest from www.leastprivilege.com | MORE | | ASP.NET WebAPI Security 5: JavaScript Clients The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers ;). JavaScript client scenarios. There are two fundamental scenarios when it comes to JavaScript clients. The most common is probably that the JS code is originating from the same web application that also contains the web APIs. come to mind. Single page apps often fall in that category. www.leastprivilege.com - Thursday, March 15, 2012 ASP.NET WebAPI Security 3: Extensible Authentication Framework Claims-based.and of course, this should always behave the same, regardless of the hosting environment. username, password) => username == password); You simply have to provide a password validation function which could of course point back to your existing password library or e.g. membership. In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. This is fine in many situations (e.g. Extensible. and 2.0 www.leastprivilege.com - Tuesday, March 13, 2012 ASP.NET WebAPI Security 2: Identity Architecture The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage ). Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. Pedro nicely shows the integration into the web host. Copy URI, method and headers from the HttpContext. Why so generic? www.leastprivilege.com - Thursday, March 8, 2012 | | The Best from www.leastprivilege.com | MORE | | ASP.NET WebAPI Security 2: Identity Architecture The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage ). Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. Pedro nicely shows the integration into the web host. Copy URI, method and headers from the HttpContext. Why so generic? www.leastprivilege.com - Thursday, March 8, 2012 ASP.NET WebAPI Security 1: Introducing Thinktecture.IdentityModel.Http Over the course of the next posts I will describe the security options you have when writing services using the new ASP.NET WebAPI. Before I start digging into the gory details, all the sample code and concepts I will show are implemented in the newest incarnation of Thinktecture.IdentityModel : https://github.com/thinktecture/Thinktecture.IdentityModel.Http. Stay tuned! IdentityModel www.leastprivilege.com - Tuesday, March 6, 2012 ASP.NET WebAPI Security 3: Extensible Authentication Framework Claims-based.and of course, this should always behave the same, regardless of the hosting environment. username, password) => username == password); You simply have to provide a password validation function which could of course point back to your existing password library or e.g. membership. In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. This is fine in many situations (e.g. Extensible. and 2.0 www.leastprivilege.com - Tuesday, March 13, 2012 | - ASP.NET WebAPI Security 5: JavaScript Clients
The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. All samples I showed in my last post were in C#. Christian contributed another client sample in some strange language that is supposed to work well in browsers ;). JavaScript client scenarios. There are two fundamental scenarios when it comes to JavaScript clients. The most common is probably that the JS code is originating from the same web application that also contains the web APIs. come to mind. Single page apps often fall in that category. www.leastprivilege.com - Thursday, March 15, 2012 - Need WIF Training?
My good friend Brock and I put together a two day training course about WIF that covers everything we think is important. The course includes extensive lab material where you take standard application and apply all kinds of claims and federation techniques and technologies like WS-Federation, WS-Trust, session management, delegation, home realm discovery, multiple identity providers, Access Control Service, REST, SWT and OAuth. The course outline looks as follows: Day 1. I spend numerous hours every month answering questions about WIF and identity in general. Day 2. www.leastprivilege.com - Wednesday, November 9, 2011 - Web Apps vs Web Services: 302s and 401s are not always good Friends
If it is a MVC based web service, that’s easy of course. It is not very uncommon to have web sites that have web UX and services content. The UX part maybe uses WS-Federation (or some other redirect based mechanism). That means whenever an authorization error occurs (401 status code), this is picked by the corresponding redirect module and turned into a redirect (302) to the login page. All is good. But in services, when you emit a 401, you typically want that status code to travel back to the client agent, so it can do error handling. These two approaches conflict. Just do it ;). www.leastprivilege.com - Friday, February 10, 2012 - Thinktecture.DataObjectModel
Expect more information and documentation soon (of course ;). Our very own Jörg Neumann had this cooking for quite a while. tt.DOM is a library that lets you add features like change tracking, undo, redo, views, transactions and n-tier support to arbitrary types (or lists of types). This makes typical data scenarios in 3-tier applications *much* easier to handle. In the meanwhile feel free to play around with it and give us feedback via the codeplex forum! link]. www.leastprivilege.com - Tuesday, March 9, 2010 - Patterns & Practices - Claims based Authentication & Authorization Guide
Over the course of the next months I will be working with Eugenio , Keith , Vittorio , Matias and David. Summer break is over – and exciting times lie ahead. The end result will (hopefully) be a very interesting, useful and pragmatic guide to all things claims. Eugenio already posted some details on the guide and we will be releasing interim version so you can give us feedback. Watch this space! www.leastprivilege.com - Sunday, August 23, 2009 - Geneva is the new WCF Security
Another option is of course to write your own registry class. Geneva has evolved to not only a an extension to WCF/ASP.NET for STS/token related things - it also changes how base WCF security works - to the better IMO. Let me give you an example: Trusted certificate issuers. When doing client certificate based authentication you always had three choices for validating those certs: PeerTrust, ChainTrust and Custom. wrote about these options in detail ( here ). Once you opt-in to the Geneva model - you will realize that client certificates start to break. like that. www.leastprivilege.com - Thursday, October 30, 2008 - Display Tokens & Geneva
of course – if you want to localize the claims – you should honor the requestDisplayTokenLanguage parameter). What are display tokens? In short: They allow an STS to pass some or all claims back to the client in a way that the client can read them. This differs from the “real” claims which are part of the security token and are encrypted for the relying party. popular example of an application that consumes display claims is the CardSpace identity selector that allows you to preview the claims before they get send to the RP. Look here in section 4.3.6 Generating a display token. www.leastprivilege.com - Friday, December 26, 2008 %>
352 Articles match "Course"
See all articles with
"Course"
| The Latest from DevelopMentor | MORE | | The real lessons of Lego (for software) We start with the standard Lego brick: Of course there are multiple colours: And a few variations: Which now allows us to snap together a useful wall: Walls are good but to build anything more interesting we need some more pieces, maybe some flat pieces: Or some thinner pieces, or some bigger pieces: It might also help to have some angled pieces, you know for roofs and things, and remember the slant can go either way, up or down: I think we’re heading for a house so we will need some doors and windows: Personally I like wheels, I like things to move, and so do my kids. Heard that? Allan Kelly's Blog - Monday, June 3, 2013 Llewellyn Falco (Approval Tests): What I've learned about open source by pairing with Simon Cropp Of course, ApprovalTest depends on ApprovalUtilities, but you can now use the Utilities on it''s own, as originally intended. 'Over the last 2 weeks I have be fortunate enough to pair with Simon Cropp for about 8 hours on my open source project ApprovalTests. Simon has taught me a lot about running a better open source project, this blog is an attempt to share some of that for those not fortunate enough to be able to pair with Simon themselves. Think about your ''brand'' Often I am writing ApprovalTests because I use ApprovalTests myself. There isn''t. dll binary *.exe exe binary *.png DevelopMentor Courses - Saturday, May 25, 2013 Unit testing code depending on the ASP.NET WebApi HttpClient Of course we still need tests for updating existing resources as well as deleting them but with these examples those should be easy enough :-). 'In a previous post I showed how to unit test an ASP.NET WebAPI Controller. But with a REST service there is both a client and a service component. Assuming for a moment the client part is also written in C# we should test that as well. In this case the client application contains the following class to load books from the REST WebAPI controller: 1: public class BooksClient. 7: _httpClient = httpClient; 8: BaseUrl = new Uri( "[link] ); 9: }. Maurice de Bejeir - Monday, May 20, 2013 | -
| The Best from DevelopMentor | MORE | - Take the first hour of any online developer course for free at LearningLine
We are announcing the ability to preview any of our online courses, for free without entering any payment information. You can now study approximately the first hour of any one of our courses. To get started, just head over to our schedule page , click on any course title you’d like and choose “ Preview course for free “: . At the time of this writing, there are 27 courses which run between 4 and 15 days in length. So head on over to the schedule page and find a course that is right for you: https://learninglineapp.com/schedule. - Why Choose NoSQL and Document Databases over RDBMS
This is an excerpt from my upcoming online MongoDB course for DevelopMentor. Filed under: NoSQL Tagged: DevelopMentor , LearningLine , NoSQL , Online courses , Online learning , Screencasts. NoSQL DevelopMentor LearningLine Online courses Online learning Screencasts 'Do you want to know the biggest single reason you should choose document databases over SQL Server, Oracle, or MySQL? Hint: It’s not performance or scalability. You can take the first 1 1/2 hours for free here: Early access: MongoDB and NoSQL for.NET developers. Cheers, @mkennedy. - ELINQ with EF 4.0 Course Update
I’ve been working feverishly the last couple of months to update my DevelopMentor course: Essential LINQ with Entity Framework 4.0. Here is a breakdown of the course content: Day 1: 1. Here’s when and where we’re offering the course: Boston: February 9-12, 2010 London: February 23-26, 2010 Los Angeles: March 30-April 2, 2010 Boston: April 20-23, 2010 London: May 4-7, 2010 Los Angeles: June 8-11, 2010 Boston: June 29-July 2, 2010. Functional Programming in C# 2. LINQ to Objects 3. LINQ to XML. Day 2: 4. LINQ to SQL 5. EF: Architecture 6. EF: LINQ to Entities. Day 3: 7. Tony and Zuzana's World - Tuesday, December 29, 2009 - Richard Blewett: Devweek 2013–WCF Crash Course
Thanks to everyone who attended my Devweek 2013 pre-conference session on WCF. You can get the slides and demos here DevelopMentor Courses - Tuesday, March 5, 2013 - Flowcharts in Workflow 4 and the Switch activity
Of course the FlowSwitch should just to a ToString() on the expression result , anything else would be pointless as any comparison fails. Flowcharts are a nice addition to Windows Workflow Foundation 4. They allow for a lot of pretty complex behavior that is hard to do in a sequential workflow. In WF 3 we used to model these complex behaviors as state machine workflows. That worked but they weren't really state machines or event driven and things could get a bit tricky. No it is just another activity to drop in a workflow. guess you get the picture. So far so good. Next (5). Enjoy! The Problem Solver - Tuesday, October 27, 2009 %>
| |   |
