What is OWIN, and what is it doing in my new ASP.NET MVC project?

Ok, so straying a bit away from the AngularJS posts I have been doing lately, I want to talk a bit about OWIN. Why? Well, I recently took a look at it, after putting it off WAY too long, and found it to be awesome! And the goal with this post is to explain what it is, why it is cool, and why Microsoft is putting it into ASP.NET MVC projects by default…

But let’s start with “what is OWIN”… Well, OWIN stands for “Open Web Interface for .NET” and you can find more about OWIN as such at http://owin.org/. And now that you are back from that site, you are probably not a whole lot more in tune with what OWIN is, and the reason for that is probably that the site contains very little information. And it contains that little information because OWIN _is_ really that small. It is just a definition of an interface used to decouple the web applications we build, from the servers that are hosting it…

More...

Cookie problems when using federated security and SignalR

I recently ran into a problem where the application I was working on didn’t pass the security information as expected to the server. The application in this case is a Silverlight client, with a WebAPI and SignalR backend. For security, we are using WIF…or federated security…I don’t know what to call it anymore. We aren’t really federating it today, but it is based on the same framework…

It has been a while since I was involved in the system, but I got roped back in to solve some issues. And while doing so, I discovered that I wouldn’t get a proper security context for calls made from the client to the server using SignalR. For some reason, those calls where just not being authenticated properly…

More...

Where are we going?

Yesterday I saw a few blog posts coming online, talking about the future of Microsoft’s development sphere. There was one from Scott at OdeToCode that talked about the future of .NET, and that open source might be the the thing that “saves” it. And then there was another one called “The Dying Platform: .NET”. I decided to highlight the later one on Twitter and Facebook, and got a few different replies. All of them more or less solidifying my beliefs, so I decided to write this post about it… And by that, I mean that people with a close connection with Microsoft and/or long experience of the Microsoft spehere, said it was wrong, and the more “regular Joe” developers said that it was spot on…

First of all, due to the fact that a couple of people fairly close to me told me that it was wrong, I will start off by explaining what parts of that second blog post I agree with, and why.

More...

Building a simple custom STS using VS2012 & ASP.NET MVC

In my previous post, I walked through how “easily” one can take advantage of claims based authentication in ASP.NET. In that post, I switched out the good old forms authentication stuff for the new FedAuth stuff. In this post, I want to take it a step further and actually federate my security, but instead of just using the Windows Azure ACS’s built in identity providers, I want to build a very simple one of my own.

A lot of the solution is based on the STS project that we could get by using VS2010 and the WIF SDK. However, this project was a Web Site project using Web Forms, and I really wanted a MVC version for different reasons.

If you are fine with using VS2010 and the WIF SDK, adding a custom STS is really easy. Just create a new web project, right-click the project and choose “Add STS Reference…” and then, walking through the wizard, there will be a step that offers you to select an STS. In this step, you choose “Create a new STS project…”, which will generate a custom STS project that you can modify to your needs. Unfortunately, that option isn’t available in VS2012. Using the “Identity and Access” add-on, you are only allowed to connect to an existing STS, the ACS or a local test STS, not an STS project.

More...

Claims-based identities in ASP.NET MVC 4.5 using the standard ASP.NET providers

Lately I have done a bit of work with claims-based identities. Most of it has been about doing federated security using the Windows Azure Access Control Service. However, I have also been working with a client that wanted claims-based identity management without federating it. For the moment, they just want to run locally, but they want to be prepared for a future where they might expand and move to a federated paradigm. And also, the way that they handle multitenancy is a perfect fit for claims…

Interestingly enough, working through their scenario, I found that there is a lot of information on the web about how to set up claims-based identity management using federation, but there is not a whole lot around for running it locally… It might not be that surprising considering that federated security has some really good points. Having been faced with this lack of information, I had to come up with a solution on my own, and building on what I built for them, I decided to create an extended example…

More...

Compressing messages for the Windows Azure Service Bus

As a follow up to my previous post about encrypting messages for the Service Bus, I thought I would re-use the concepts but instead of encrypting the messages I would compress them.

As the Service bus has limitations on how big messages are allowed to be, compressing the message body is actually something that can be really helpful. Not that I think sending massive messages is the best thing in all cases, the 256kb limit can be a little low some times.

Anyhow… The basic idea is exactly the same as last time, no news there…but to be honest, I think this type of compressions should be there by default, or at least be available as a feature of BrokeredMessage by default… However, as it isn’t I will just make do with extension methods…

More...

Encrypting messages for the Windows Azure Service Bus

A week ago I ran into Alan Smith at the Stockholm Cental Station on the way to the Scandinavian Developer Conference. We were both doing talks about Windows Azure, and we started talking about different Windows Azure features and thoughts. At some point, Alan mentioned that he had heard a few people say that they would like to have their BrokeredMessages encrypted. For some reason this stuck with me, and I decided to give it a try…

My first thought was to enherit the BrokeredMessage class, and introduce encryption like that. Basically pass in an encryption startegy in the constructor, and handle all encryption and decryption inside this subclass. However, about 2 seconds in to my attempt, I realized that the BrokeredMessage class was sealed. An annoying, but somewhat understandable  decision made by Microsoft. Ok, so I couldn’t inherit the class, what can you do then? Well, there is no way to stop me from creating a couple of extension methods…

More...

SDC 2013 Service Bus Talk Demo Code

Yesterday I did a talk about the Widnows Azure Service Bus at the Scandinavian Developer Coneference in Gotheburg. As a part of that, I promised to make all the code I demoed available here on my blog, so here it is. The only thing you need to do to be able to run it is to set up a new Service Bus service in the Azure portal, and the copy the namespace and key into the App.config file available in the “Shared” folder.

The App.config in the “Shared” folder is shared throughout all the projects in the solution, so you only need to change it in that single file. The code will however default to use the “owner” account, which I made pretty clear during the talk that you shouldn’t use. But for a demo like this, it will have to do.

Code: GetOnTheBus - Demo Code.zip (314.08 kb)

Tech-knowledge in approximately 100 pages

A while back a company called Syncfusion contacted me and asked me if I would be interested in trying out one of their Metro Studio, which is a brilliant tool for anyone doing “Modern UI” development (WP7/8 or Windows 8 Store applications). It is basically a massive icon library that fit straight into the Modern UI look and feel, and offers some cool abilities to resize them and so on. And to be completely honest, if I did a bit more WP dev than I am at the moment, I would not want to spend a day with out it. As soon as I do any WP8 development, I keep starting it up to quickly get some icons for my app.

However, that is NOT the reason I am doing this blog post… While browsing around their website looking for a simple way to download Metro Studio after a re-install of my machine, I stumbled upon a “Resources” section of their web, which is great. It includes a bunch of free whitepapers about different things, as well as a bunch of free e-books.

More...

SignalR Demo Code from the 1st Wednesday presentation

So…here is the code that I promised the people participating at the 1st Wednesday presentation last night. It worked straight up when I tried rebuilding the whole thing, so hopefully the code in this zip will work for you all. If not, let me know and I will fix it somehow… Code: DarksideCookie.SignalR.Demo.zip (1.24 mb)