Web API 2 security extensibility points part 4: custom authorisation filters

July 30, 2015 1 Comment

Introduction

In the previous post we built a custom HTTP message handler for our demo Web API 2 application. We saw how a registered message handler intercepts all calls to your API before authentication filters are executed. We also wrote a couple of examples where we checked for the presence of a custom header and of an authorisation header. We finally showed how to set the principal for the current HTTP call.

In this post we’ll see another way you can intercept the calls to your API. Authorisation filters are executed after authentication filters and before your controller action methods. That is the last stage where you can add your custom auth-related logic.

Read more of this post

Filed under .NET, Security, web api 2 Tagged with , ,

Using a thread-safe dictionary in .NET C# Part 2: CRUD operations

July 29, 2015 Leave a comment

In the previous post we briefly introduced the ConcurrentDictionary object. We said that it was the thread-safe counterpart of the standard Dictionary object. The Dictionary object is not suited as a shared resource in multi-threaded scenarios as you can never be sure if another thread has added to or removed an element from the dictionary just milliseconds earlier. A ConcurrentDictionary is a good option to cure the shortcomings of the thread-sensitive Dictionary object but it is also more difficult to use.

We’ll briefly look at the 4 Try methods that enable you to insert, remove, update and lookup elements in the ConcurrentDictionary.

Read more of this post

Filed under .NET, C# language features, Generics, Task Parallel Library Tagged with , , ,

Using a thread-safe dictionary in .NET C# Part 1: introduction

July 28, 2015 1 Comment

In this post we saw how to use the thread-safe counterpart of the Queue object, i.e. the ConcurrentQueue of T. The standard Dictionary class also has a thread-safe counterpart and it’s called ConcurrentDictionary which resides int the System.Collections.Concurrent namespace.

The ConcurrentDictionary is definitely a dictionary type but it can mimic other collection types if you need a thread-safe collection that doesn’t have a built-in concurrent counterpart such as a List. ConcurrentDictionary is more difficult to use than a standard dictionary so its usage cannot really be summarised in a single short post. Therefore we’ll go through the basics in a mini-series instead.

It implements the IDictionary interface just like Dictionary but some methods are hidden:

Read more of this post

Filed under .NET, C# language features, Task Parallel Library Tagged with , , ,

Web API 2 security extensibility points part 3: custom message handlers

July 27, 2015 2 Comments

Introduction

In the previous post we looked at how to implement your own custom authentication filter. Authentication filters – and filters of type IFilter in general – are executed just before your controller action methods are run. We saw how to implement the IAuthenticationFilter interface and how to apply the custom filter both as an attribute and as a global filter.

In this post we’ll look at HTTP message handlers and specifically how to add your own message handler. Message handlers are executed even before any custom filter so they provide an early entry point into the life cycle of a web application. There’s nothing stopping us from adding an initial security check or a full-blown login mechanism already at that stage. We can check e.g. if a mandatory custom header has been provided and reject all incoming HTTP calls that don’t fulfil this requirement up front.

Read more of this post

Filed under .NET, Security, web api 2 Tagged with , ,

Implementing an enumerator for a custom object in .NET C#

July 24, 2015 Leave a comment

You can create an enumerator for a custom type by implementing the generic IEnumerable of T interface. Normally you’d do that if you want to create a custom collection that others will be able to iterate over using foreach. However, there’s nothing stopping you from adding an enumerator to any custom type if you feel like it, it’s really simple.

Consider the following Guest class:

public class Guest
{
	public string Name { get; set; }
	public int Age { get; set; }
}

Guests can be invited to a Party:

Read more of this post

Filed under .NET, C# language features, Generics Tagged with ,

Web API 2 security extensibility points part 2: custom authentication filter

July 23, 2015 6 Comments

Introduction

In the previous post we introduced the topic and main goals of this series. We also set up a demo Web API 2 project which we’ll use throughout. We also briefly investigated the HTTP request context and how we could extract information about the current user of the HTTP request from it.

In this post we’ll see how to write your own custom authentication filter attribute. We’ll only look at a simple example to show how to access the request context from an authentication filter. Further down you’ll find a reference to a post on http://www.asp.net which takes up a much more detailed example.

Read more of this post

Filed under .NET, Security, web api 2 Tagged with , ,

Using a thread-safe queue collection in .NET

July 22, 2015 Leave a comment

We looked at the Queue collection type in .NET in this post. We saw how it could be used as a first-in-first-out collection. A new element is placed at the end of the queue and the first element to be removed from it is the one in front of the queue.

A Queue is an ideal container for tasks. Let’s create a class called WorkTask to represent tasks. I didn’t want to call this object a “Task” so that it is not confused with the Task object in the Task Parallel Library (TPL). If you don’t know what TPL means then take a look at the post referenced at the end of this article.

Read more of this post

Filed under .NET, C# language features, Task Parallel Library Tagged with , , , ,

Thread-safe bags in .NET

July 21, 2015 1 Comment

Bags are very similar to Stacks and Queues. We saw that both stacks and queues order their elements in a well defined way: last-in-first-out and first-in-first-out respectively. Bags on the other hand are unordered collections. There’s no guarantee on how, i.e. in which order the elements will be retrieved.

Unlike stacks and queues, bags have no one-to-one single-threaded implementation in .NET. They are however implemented as thread-safe ConcurrentBag objects in the System.Collections.Concurrent namespace.

Read more of this post

Filed under .NET, C# language features, Task Parallel Library Tagged with , , ,

Web API 2 security extensibility points part 1: starting point and HTTP request context

July 20, 2015 1 Comment

Introduction

Web API 2 comes with a number of new security features. In this new series we’ll concentrate on the HTTP request context and its Principal property. In particular we’ll see how to hook into the different extensibility points in the Web API. These extensibility points offer you to plug in your security-related checks at different points in the application lifetime when a request hits your API. You can carry out a number of checks and modify the request Principal according to your business rules and needs.

I’m building the demo in Visual Studio 2013. I’m not sure at this point how much the Web API template will change in Visual Studio 2015.

Read more of this post

Filed under .NET, Security, Web API, web api 2 Tagged with , ,

Structurally compare two arrays in .NET

July 17, 2015 Leave a comment

In this post we saw how to determine if two arrays are structurally equal in .NET. Two arrays are said to be structurally equal if they contain the same elements in the same order.

Structural equality has a comparison counterpart: IStructuralComparable. It determines if an array comes before or after or is equal to another array based on the elements within it.

Read more of this post

Filed under .NET, C# language features Tagged with ,

Older posts

Newer posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

ARCHIVED: Bite-size insight on Cyber Security for the not too technical.