| |
browse.develop.com
Browse.develop.com is a community that was established to collect and
organize valuable web information. Our technical staff have selected and
indexed information and courses that they feel will help you stay
current on best practices across the SDLC.
|
57 Articles match "Web"
See all articles with
"Web"
| The Latest from www.leastprivilege.com | MORE | | Thinktecture.IdentityModel.Http and the ASP.NET Web API CodePlex bits I will keep the github repo in sync with the major releases of Web API (like Beta, RC, RTM). Because of the changes made to Web API after beta, my current bits don’t build against the CodePlex version anymore. Today I installed a build environment for the CodePlex bits, and migrated my code. It turns out the changes are pretty easy: Simply replace Request.GetUserPrincipal() with Thread.CurrentPrincipal ;). will update the repo when RC comes out. IdentityModel WebAPI www.leastprivilege.com - Wednesday, April 11, 2012 Identity in.NET 4.5–Part 3: (Breaking) changes This makes it easier to get started in web farm scenarios. I recently started porting a private build of Thinktecture.IdentityModel to.NET 4.5 and noticed a number of changes. The good news is that I can delete large parts of my library because many features are now in the box. Along the way I found some other nice additions. ClaimsIdentity now has methods to query the claims collection, e.g. HasClaim() , FindFirst() , FindAll(). ClaimsPrincipal has those methods as well. But they work across all contained identities. Combined with the above changes, no casting necessary anymore. www.leastprivilege.com - Wednesday, April 4, 2012 ASP.NET WebAPI Security 5: JavaScript Clients The most common is probably that the JS code is originating from the same web application that also contains the web APIs. Think a web page that does some AJAX style callbacks to an API that belongs to that web app – Validation, data access etc. The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. Since WebAPI inherits the security context from its (web) host, the client identity is also available here. All samples I showed in my last post were in C#. ajax({. www.leastprivilege.com - Thursday, March 15, 2012 | | The Best from www.leastprivilege.com | MORE | | Access Control Service: Walkthrough Videos of Web Application, SOAP, REST and Silverlight Integration This video does a quick walkthrough of the solution and shows the web application part. Part 4 – Silverlight and Web Identity Integration. The Silverlight Client shows ho to sign in to the application using a registered identity provider (including web identities) and using the resulting SWT token to call our REST service. Over the weekend I worked a little more on my ACS2 sample. Instead of writing it all down, I decided to quickly record four short videos that cover the relevant features and code. Have fun ;). Part 1 – Overview. watch. Part 2 – SOAP Service and Client. www.leastprivilege.com - Tuesday, May 24, 2011 Using an Active Endpoint to sign into a Web Application The scenario is, that you don’t want to do a passive redirect in a web app – but directly talk to an active STS endpoint to authenticate and request a token. The reasons for that could be that you need a local sign-in page in the web app – or that the token service is not publicly reachable. This question comes up from time to time, so I thought I’ll document it here. The following code can be used on a login page: protected void _btnLogin_Click( object sender, EventArgs e). {. // authenticate with WS-Trust endpoint. var factory = new WSTrustChannelFactory (. www.leastprivilege.com - Wednesday, April 14, 2010 Access Control Service v2: Registering Web Identities in your Applications [code] You can download the full solution here. The relevant parts in the sample are: Configuration. use the standard WIF configuration with passive redirect. This kicks automatically in, whenever authorization fails in the application (e.g. when the user tries to get to an area the requires authentication or needs registration). Checking and transforming incoming claims. In the claims authentication manager we have to deal with two situations. Users that are authenticated but not registered, and registered (and authenticated) users. incomingPrincipal.Identity.IsAuthenticated). {. Claims.Add(. www.leastprivilege.com - Saturday, May 21, 2011 | - Access Control Service v2: Registering Web Identities in your Applications [concepts]
ACS v2 support two fundamental types of client identities– I like to call them “enterprise identities” (WS-*) and “web identities” (Google, LiveID, OpenId in general…). Web identities – the fact that a user can authenticate with Google et al does not necessarily mean he is a legitimate (or registered) user of an application. Sometimes also a mixture of both approaches exist, for the sake of this post, I will focus on the web identity case. Application offers to authenticate (or sign in) via web identity accounts like LiveID, Google, Facebook etc. in ASP.NET terms). www.leastprivilege.com - Saturday, May 21, 2011 - ASP.NET WebAPI Security 2: Identity Architecture
The first important takeaway is that WebAPI is hosting independent- currently it ships with two host integration implementations – one for ASP.NET (aka web host) and WCF (aka self host). Pedro nicely shows the integration into the web host. Self hosting is not done yet so we will mainly focus on the web hosting case and I will point out security related differences when they exist. So the consequence is that WebAPI receives whatever IPrincipal has been set by the ASP.NET pipeline (in the web hosting case). Copy URI, method and headers from the HttpContext. www.leastprivilege.com - Thursday, March 8, 2012 - Using Silverlight to Access WIF secured WCF Services
An example would be that the user first authenticates with the web application and then starts the Silverlight app from there. Silverlight does not seem to care, but other web service stacks might. This topic comes up quite often recently – so I hope the title is search engine friendly. Disclaimer: At the time of this writing, the current version of Silverlight is v3 and WIF is in beta 2. Hopefully this will be a non-issue soon. talk a lot about claims, tokens and WIF/ADFS 2 to customers. All is good and fine and they like it. Now this is not an easy question to answer. Passive. www.leastprivilege.com - Wednesday, October 28, 2009 - ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios
To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. Another possible options for integrating SAML based identity providers is to use an intermediary service that allows converting the SAML token to the more compact SWT (Simple Web Token) format. When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. Call Service. www.leastprivilege.com - Wednesday, March 14, 2012 - Securing WCF Data Services using WIF
Since WCF Data Services is just a normal WCF service (using the web programming model), all the typical security APIs and extensibility points apply. This questions comes up every once in a while. That said, depending on your scenario you might have to be a little more creative for REST-style services. Here’s a quick walkthrough: Enabling WIF in the Data Service. The easiest way to get WIF wired up is by writing a custom service host factory. For accepting and converting more advanced token types like SWT or SAML, you need to plugin your own token handling. public Expression. www.leastprivilege.com - Monday, February 15, 2010 - ASP.NET WebAPI Security 3: Extensible Authentication Framework
In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. But there are many cases where you don’t use the containing web application for authentication, but need to do it yourself. Examples of that would be token based authentication and clients that don’t run in the context of the web application (e.g. Adding the authentication handler to a Web API application. Extensible. Both SAML 1.1 www.leastprivilege.com - Tuesday, March 13, 2012 - ASP.NET WebAPI Security 5: JavaScript Clients
The most common is probably that the JS code is originating from the same web application that also contains the web APIs. Think a web page that does some AJAX style callbacks to an API that belongs to that web app – Validation, data access etc. The typical course of events is that the user first logs on to the web application – which will result in an authentication cookie of some sort. Since WebAPI inherits the security context from its (web) host, the client identity is also available here. All samples I showed in my last post were in C#. ajax({. www.leastprivilege.com - Thursday, March 15, 2012 %>
398 Articles match "Web"
See all articles with
"Web"
| The Latest from DevelopMentor | MORE | | Reblogged: What should I learn to get started in.NET and web development? The question they had was: What should I learn to get started in.NET and web development? Now this question was starting from a position of “I’d like to get started with.NET and the web. To go from “ zero to web dev in.NET” I think you should start on these topics, in an iterative fashion: Fundamentals of C# (skip the advanced stuff – async, yield return, etc for now). '[ Note : I am reblogging this post which originally was posted to the LearningLine blog. Hope you all find it useful here as well]. How do I do that?” jQuery basics. Michael C. Kennedy's Weblog - Monday, May 6, 2013 Agile Clinic: Dear Allan, we have a little problem with Agile. The sender has graciously agreed to let me share the mail and my advice with you, all anonymously of course… The sender is new to the team, new to the company, they are developing a custom web app for a client, i.e. they are an ESP or consultancy. 'Consider this blog an Agile Clinic. On Friday an e-mail dropped into my mailbox asking if I could help. the Developers work in sprints, estimating tasks in JIRA as they go. Sprints last three weeks, including planning, development and testing. have been tasked to produce burndowns to keep track of how the Dev cells are doing.” Perhaps both. Allan Kelly's Blog - Sunday, April 28, 2013 A Roundup of MongoDB Management Tools Now there is one less worry in managing your web-scale data. Installs into your web app (provided you’re using Ruby or PHP). My take : This is a very interesting web monitoring app. Designed with security and ease of use, MMS collects statistics on all key server and hardware indicators and then presents the data in a powerful web console. 'I’ve been working with MongoDB for a long time now. Back in the early days, there really were no management tools analogous to RDBMS tools (e.g. SQL Server Management Studio ). The news is good. link]. Admin GUI). Michael C. Kennedy's Weblog - Monday, April 22, 2013 | -
| The Best from DevelopMentor | MORE | - Improve perceived performance of ASP.NET MVC websites with asynchronous partial views
Now, you web app is mostly fast and responsive, but there are certain types of data that just bring the whole thing to a grind. Filed under: Articles Tagged: NET , Articles , ASP.NET , jQuery , MVC , web. Articles.NET ASP.NET jQuery MVC webImagine you’re building an ASP.NET MVC website which has some performance problems. m sure this would never actually happen to you, but imagine you’re facing this problem just for the sake of exploring the possibilities. :-). First a disclaimer / warning. m going to show you how to make your site feel faster without speeding it up. Michael C. Kennedy's Weblog - Tuesday, November 13, 2012 - Understanding Text Encoding in ASP.NET MVC (ASP.NET MVC Foundations Series)
For example, if you were writing a forum web app, you should absolutely be paranoid about what your users are typing into your site. Filed under: Articles Tagged: NET , Foundations , MVC , web. Articles.NET Foundations MVC webThis article covers the various ways in which you might handle text encoding in ASP.NET MVC. You need to be very careful about how you redisplay their input. For example, a friendly forum user might write something like: Nice post, thanks for sharing! On the other hand, they may write: <script src=”[link]. CMS app with rich text editing. Michael C. Kennedy's Weblog - Monday, October 15, 2012 - Download My Web Apps Have HotKeys Too Sample App
I recently blogged about how web apps have hotkeys too. To encourage more developers to add hotkeys to their web applications, I created a jQuery plugin called jQuery.hotKeyMap.js It’s an ASP.NET MVC 3 web app. Filed under: jQuery Tagged: NET , ASP.NET , MVC , Open Source , Plugins , web. jQuery.NET ASP.NET MVC Open Source Plugins weband a sample application. just added a download link for the source code: WebAppsHaveHotKeysTooSample-MichaelKennedy-v1.zip. Hope you find it useful! Cheers, @mkennedy. Michael C. Kennedy's Weblog - Thursday, August 30, 2012 - How Are You Scaling ASP.NET?
Cheers, @mkennedy Filed … Continue reading → Polls.NET ASP.NET MVC polls webThere are some interesting debates out there around scaling ASP.NET. How do you do it? Please fill out this poll and tell the world: Interested in a blog post on this? Take it to the comments section. - Slides and demos from DevWeek 2013
18 Ways Your Brand-New MVC Web Application Can Be Better. Filed under: Speaking Tagged: NET , ASP.NET , Cloud , Conferences , DevelopMentor , jQuery , LearningLine , Speaking , tips , web. Speaking.NET ASP.NET Cloud Conferences DevelopMentor jQuery LearningLine tips webI had a great time discussing these topics with everyone at DevWeek 2013. Thanks to all who attended my sessions. Here are the slides: Getting Serious About The Cloud For Developers. Building Rich Forms in ASP.NET MVC. Applied NoSQL in.NET. Watch this space for the demo code as well. Cheers, @mkennedy. %>
| |   |
