List of Posts
This is the complete list of categories of posts written during Jul 2022. They have been ordered by the publish date, with the most recent first.
- Published: 10-Jul-2022BindAsync is a second method for custom binding of parameters. The first one - TryParse - is good for cases where the items are available in a single string - most ideally as in a query string, or a header value, or a route segment. However, if need a greater control over the binding process, then a more robust parameter such as the HttpContext is more suitable - and the BindAsync method does exactly that. It provides a signature that contains HttpContext as a parameter.
- Published: 15-Jul-2022In this tutorial we examine how to write a web api that accepts an uploaded file and saves it to a server. We shall also present a C# console application that will post a file to that web api. Let's see how!
- Published: 17-Jul-2022In this tutorial we shall learn of our first step on migration of an android app to the Play Integrity API. We shall make a few settings on the google play store listing so that it is ready for integration to the new Play Integrity API.
- Published: 18-Jul-2022When your app places a query for integrity check, the playstore servers respond with an encrypted json string of base64 characters. A securely encrypted message cannot be intercepted by, for example, an android clone that intends to present itself as a good device. In this tutorial we shall learn how to generate the encryption and decryption keys so that the response is securely decrypted inside your app!
- Published: 19-Jul-2022In the previous tutorial we learnt how to obtain the encryption and decryption keys from the play console dashboard. And now it's time to make a call to the google play integrity api and get a response for the Integrity Verdict. The response is received as an encrypted string, which has to be securely decrypted using the two keys that we obtained the last time.
- Published: 23-Jul-2022Basic Authentication is not encourged by ASP.NET Core because login id and password are sent as plain text in the request header - it's vulnerable to XSRF also. So there are no readymade classes like we have for cookies based authentication. But what if your project still needs to allow basic authentication? Perhaps because your security requirements are not of extreme cutting-edge type? For that case we present a simple solution that helps you protect a web-api with basic authorization. It can be a lot safer with Basic Authentication if your communication is over https, and even better if XSRF measures are taken, which is beyond the scope of this tutorial.
- Published: 25-Jul-2022The recommended way of implementing a custom authentication scheme is by deriving a class from AuthenticationHandler and implementing the HandleAuthenticateAsync function. This makes the code systematic because the authentication and header parsing code now moves to a dedicated class. This approach also allows us to include multiple authentication schemes in the same project - for example you might want one web api to be authorized through basic authentication, and another one through a JWT based authentication, and yet your razor pages through a cookie based authentication. In this tutorial we implement the basic authentication scheme.
- Published: 26-Jul-2022JWT stands for JSON Web Token. In its simplest form, JWT authentication is a two step process. First a client obtains a JWT token from the server. This token is signed with a secure key and encrypted with a standard encryption algorithm. It has an expiry date, and it contains a list of claims such as the user-id, user-role, his email, etc., The client obtains authorization to a web api by sending this token in an authorization header. In this tutorial we shall see a server side implementation of the code for generating a JWT token, and of protecting a web api.
- Published: 30-Jul-2022In this tutorial we present a C# console application that connects to the web api that we have done in the previous tutorial. This app will first obtain a JWT Token by sending it's login credentials in a basic authorization header, and then it will use that token in a bearer header to obtain authorization to the second api protected by JWT Authorization. Please go through the previous turorial where we have explained both the web apis.