List of Posts
This is the complete list of categories of posts written during Aug 2022. They have been ordered by the publish date, with the most recent first.
- Published: 02-Aug-2022Social media based authentication requires us to create an oauth app on a social media platform such as google, facebook, twitter, github. This app provides us a client id and a client secret key for use in various classes that provide social media integration. In this tutorial we have a walkthrough for creating an oauth app on the google cloud console. Steps for other social media are similar - so you can take them as an exercise.
- Published: 03-Aug-2022Social media based login provides a neat and user-friendly means of logging into your website. Users are more likely to trust this method because of the level of security provided by various social media platforms. It helps us simplify the sign-in process by delegating many complexities to social media platforms. In this tutorial we present a project that requires a user to login with his google account. Once he logs in, then he is shown his email-id, name and profile picture. We also explain persistence of cookie, i.e., how the user can be remembered, and also the signout scheme.
- Published: 05-Aug-2022WebApi can be protected through social media authentication also. The first step is to obtain a client id and a client secret by creating an app on a social media platform. Then these values are used to configure authentication services for that platform. In this tutorial we present the sequence of steps required to gain authorization to a web api protected by google authentication.
- Published: 12-Aug-2022In the previous tutorial, we demonstrated how a browser blocks cross-origin calls. So you must surely be wondering why cross-origin requests to CDN-hosted CSS files and fonts succeed. What's behind that success? Why do browsers permit some requests and block others? In this tutorial, we examine the reasons behind this. It will help us allow cross-origin requests in our ASPNET Core apps!
- Published: 16-Aug-2022An ASPNET Core application can permit cross-origin requests by adding "Access-Control-Allow-Origin" header to the HTTP response. Cross-origin requests are not allowed by default; they must be allowed explicitly. One way of doing it is by defining a suitable policy in the application pipeline. In this tutorial, we learn the steps required for this. We shall also learn how to define multiple policies so that each end-point can serve requests to its own set of origins.
- Published: 18-Aug-2022Static files are NOT accessible cross-origin if we call UseStaticFiles before UseCors. But if we reverse the order, every static file becomes accessible to permitted origins. So we have an all-or-none type of situation. CORS can either be disabled for every static file or disabled for none. This tutorial explains how to enable CORS for just a small subset of files, as done by the various CDN networks.
- Published: 21-Aug-2022Browsers consider some cross-origin requests as unsafe. For example, an HTTP PUT request is considered unsafe. A browser first queries the server if it accepts that type of verb or request or headers by sending an HTTP OPTIONS request, which is called a preflight request. In this tutorial, we learn some concepts regarding preflight requests.
- Published: 22-Aug-2022In this tutorial, we learn how to set a CORS policy that will respond to a pre-flight OPTIONS request. This policy will specify the list of acceptable request headers, a list of acceptable HTTP methods and a duration value for the Access-Control-Max-Age header.
- Published: 31-Aug-2022If a function consists of only one statement or expression, then the braces and the return keyword could be redundant. Thus, we can simplify such functions by removing the braces and the return keyword. The result is that the overall look of the function becomes simplified, and it becomes easier to read. Functions, properties, operators, and indexers that use this syntax are called expression-bodied members.