Kerberos is a ticket-based authentication protocol, which requires deep understanding to make it work properly. Information about setting it up is somehow scattered over the web, so it took me some time to find relevant reads. In my previous post I wrote about my initial experience with Kerberos and I want to share some more in this one.
Working in a load-balanced environment introduces (administrative) complexity to your system and Kerberos is no exception to this. In this post I will focus on setting your IIS (>= 7.0) correctly up to work with Kerberos in such scenarios. Continue Reading…
Model binding is a technique that allows you to map data to your controller actions in ASP.NET MVC. In the old days one would manually call
Request["param"] to get the value of а parameter, but this could quickly become annoying as you get many parameters (f.x., via form POST). Model binding abstracts away this tedious activity and allows us to focus on designing our controllers. The process itself looks like this:
A nice bonus is that we can map our models from any kind of request, for example a form POST or AJAX. Continue Reading…
It has already happened to me a couple of times and every time I forget what the issue was and how to solve it. That’s why I decided to write a short post about it, so hopefully next time I will remember. 🙂 The problem arises when making a few (independent) HTTP requests using C#’s
HttpWebRequest. At first it sounds like a very usual thing to do, but the mystical part of it is that the first few requests succeed and then at a certain point the others start timing out. You may be tempted to increase the
Timeout first, but you will soon understand that it does not solve the problem. Continue Reading…
ASP.NET Identity brings the authentication and authorization to a new level. Based on the OWIN middleware, one can plug & play different authentication and authorization providers, f.x. OAuth, OpenID, simple forms authentication. The beauty of the new identity model is that it provides a unified interface to work with. One can write her own log-in providers that still rely on the same unified interface.
Besides the typical scenarios where a user logs in with her username and password, or Twitter/Facebook/Google, or maybe a two factor log-in with SMS/e-mail confirmation, there is another interesting one. In some cases you would want to enable users to log in with simple forms authentication to access a basic area of functionality, f.x. just reading data. On the contrary you would want to protect other areas of the web site where the user can edit sensitive information, f.x. his password. In this case you may want to require that the user logs in again – either with the same provider or with another one.
To solve this issue I decided to write a simple extension for ASP.NET Identity, which I called Double confirm identity. It provides a set of utility methods you can use to achieve the described scenario.
public static void Register(BundleCollection bundles)
Then in your page (either an ASP.NET page or a MVC view) you would invoke the rendering of these bundles by calling Scripts.Render(“~/bundles/jquery”) and Styles.Render(“~/bundles/css”). Continue Reading…