The @font-face CSS at-rule allows authors to specify online fonts to display text on their web pages. By allowing authors to provide their own fonts, @font-face eliminates the need to depend on the limited number of fonts users have installed on their computers. Unfortunately different browsers understand differnt font types. This service allows you to generate css rule and font files that makes your font work in all the browsers that support font-face or webfonts.
As anyone in the .NET community who hasn't been living under a rock will know, there's a lot of exciting things happening with .NET at the moment with the announcement of the open source, cross platform, .NET Core. However, partly due to the very open nature of its evolution, there's been a whole host of names associated with its development - vNext, ASP.NET 5, ASP.NET Core, .NET generations etc.
In this post I'm going to try and clarify some of the naming and terminology surrounding the evolution of the .NET framework. I'll discuss some of the challenges the latest iteration is attempting to deal with and how the latest developments aim to address these.
This is really for those that have seen some of the big announcements but aren't sure about the intricacies of this new framework and how it relates to the existing ecosystem, which was my situation before I really started digging into it all properly!
Hopefully by the end of this article you'll have a clearer grasp of the latest in .NET!
OWASP’s Top 10 Risk List is an important tool for security engineers and compliance analysts. It describes the 10 worst security problems that are found in web and mobile applications today. But, on its own, it’s not much help to developers, so OWASP has come up with a list of 10 things that you can do as a developer to make sure that your code is safe and secure.
Flux is an architecture for creating data layers in JavaScript applications. It was designed at Facebook along with the React view library. It places a focus on creating explicit and understandable update paths for your application's data, which makes tracing changes during development simpler and makes bugs easier to track down and fix.
The main theme for this ASP.NET Core release was to improve developer productivity and platform functionality with regard to building Web/HTTP APIs. As usual, we made some performance improvements as well.
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
<Authorizing>
<p>Please wait, we are authorizing the user.</p>
</Authorizing>
<NotAuthorized>
<p>Not Authorized</p>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<LayoutView Layout="@typeof(MainLayout)">
<p>Sorry, there's nothing at this address.</p>
</LayoutView>
</NotFound>
</Router>
</CascadingAuthenticationState> {
"iss": "https://localhost:5001/",
"iat": 1616396383,
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "vahid@dntips.ir",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "vahid@dntips.ir",
"Id": "582855fb-e95b-45ab-b349-5e9f7de40c0c",
"DisplayName": "vahid@dntips.ir",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role": "Admin",
"nbf": 1616396383,
"exp": 1616397583,
"aud": "Any"
} using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Text.Json;
namespace BlazorWasm.Client.Utils
{
/// <summary>
/// From the Steve Sanderson’s Mission Control project:
/// https://github.com/SteveSandersonMS/presentation-2019-06-NDCOslo/blob/master/demos/MissionControl/MissionControl.Client/Util/ServiceExtensions.cs
/// </summary>
public static class JwtParser
{
public static IEnumerable<Claim> ParseClaimsFromJwt(string jwt)
{
var claims = new List<Claim>();
var payload = jwt.Split('.')[1];
var jsonBytes = ParseBase64WithoutPadding(payload);
var keyValuePairs = JsonSerializer.Deserialize<Dictionary<string, object>>(jsonBytes);
claims.AddRange(keyValuePairs.Select(kvp => new Claim(kvp.Key, kvp.Value.ToString())));
return claims;
}
private static byte[] ParseBase64WithoutPadding(string base64)
{
switch (base64.Length % 4)
{
case 2: base64 += "=="; break;
case 3: base64 += "="; break;
}
return Convert.FromBase64String(base64);
}
}
} <Project Sdk="Microsoft.NET.Sdk.BlazorWebAssembly">
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="5.0.4" />
</ItemGroup>
</Project> namespace BlazorWasm.Client.Services
{
public class AuthStateProvider : AuthenticationStateProvider
{
private readonly HttpClient _httpClient;
private readonly ILocalStorageService _localStorage;
public AuthStateProvider(HttpClient httpClient, ILocalStorageService localStorage)
{
_httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
_localStorage = localStorage ?? throw new ArgumentNullException(nameof(localStorage));
}
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var token = await _localStorage.GetItemAsync<string>(ConstantKeys.LocalToken);
if (token == null)
{
return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
}
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
return new AuthenticationState(
new ClaimsPrincipal(
new ClaimsIdentity(JwtParser.ParseClaimsFromJwt(token), "jwtAuthType")
)
);
}
}
} namespace BlazorServer.Common
{
public static class ConstantKeys
{
// ...
public const string LocalToken = "JWT Token";
}
} namespace BlazorWasm.Client
{
public class Program
{
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
// ...
builder.Services.AddAuthorizationCore();
builder.Services.AddScoped<AuthenticationStateProvider, AuthStateProvider>();
// ...
}
}
} @using Microsoft.AspNetCore.Components.Authorization
namespace BlazorWasm.Client.Services
{
public interface IClientAuthenticationService
{
Task<AuthenticationResponseDTO> LoginAsync(AuthenticationDTO userFromAuthentication);
Task LogoutAsync();
Task<RegisterationResponseDTO> RegisterUserAsync(UserRequestDTO userForRegisteration);
}
} namespace BlazorWasm.Client.Services
{
public class ClientAuthenticationService : IClientAuthenticationService
{
private readonly HttpClient _client;
private readonly ILocalStorageService _localStorage;
public ClientAuthenticationService(HttpClient client, ILocalStorageService localStorage)
{
_client = client;
_localStorage = localStorage;
}
public async Task<AuthenticationResponseDTO> LoginAsync(AuthenticationDTO userFromAuthentication)
{
var response = await _client.PostAsJsonAsync("api/account/signin", userFromAuthentication);
var responseContent = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<AuthenticationResponseDTO>(responseContent);
if (response.IsSuccessStatusCode)
{
await _localStorage.SetItemAsync(ConstantKeys.LocalToken, result.Token);
await _localStorage.SetItemAsync(ConstantKeys.LocalUserDetails, result.UserDTO);
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", result.Token);
return new AuthenticationResponseDTO { IsAuthSuccessful = true };
}
else
{
return result;
}
}
public async Task LogoutAsync()
{
await _localStorage.RemoveItemAsync(ConstantKeys.LocalToken);
await _localStorage.RemoveItemAsync(ConstantKeys.LocalUserDetails);
_client.DefaultRequestHeaders.Authorization = null;
}
public async Task<RegisterationResponseDTO> RegisterUserAsync(UserRequestDTO userForRegisteration)
{
var response = await _client.PostAsJsonAsync("api/account/signup", userForRegisteration);
var responseContent = await response.Content.ReadAsStringAsync();
var result = JsonSerializer.Deserialize<RegisterationResponseDTO>(responseContent);
if (response.IsSuccessStatusCode)
{
return new RegisterationResponseDTO { IsRegisterationSuccessful = true };
}
else
{
return result;
}
}
}
} namespace BlazorWasm.Client
{
public class Program
{
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
// ...
builder.Services.AddScoped<IClientAuthenticationService, ClientAuthenticationService>();
// ...
}
}
} Blazor WebAssembly apps don't currently have a concept of DI scopes. Scoped-registered services behave like Singleton services.
• Which API are you using? – Google+ API • Where will you be calling the API from? – Web server (e.g. node.js, Tomcat) • What data will you be accessing? – User data
https://localhost:6001/signin-google
{
"Authentication": {
"Google": {
"ClientId": "xxxx",
"ClientSecret": "xxxx"
}
}
} namespace DNT.IDP
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddAuthentication()
.AddGoogle(authenticationScheme: "Google", configureOptions: options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
});
} public const string ExternalCookieAuthenticationScheme = "idsrv.external";
namespace DNT.IDP.Controllers.Account
{
[SecurityHeaders]
[AllowAnonymous]
public class ExternalController : Controller
{
public async Task<IActionResult> Callback()
{
var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
var returnUrl = result.Properties.Items["returnUrl"] ?? "~/";
var (user, provider, providerUserId, claims) = await FindUserFromExternalProvider(result);
if (user == null)
{
// user = AutoProvisionUser(provider, providerUserId, claims);
var returnUrlAfterRegistration = Url.Action("Callback", new { returnUrl = returnUrl });
var continueWithUrl = Url.Action("RegisterUser", "UserRegistration" ,
new { returnUrl = returnUrlAfterRegistration, provider = provider, providerUserId = providerUserId });
return Redirect(continueWithUrl);
} var (user, provider, providerUserId, claims) = await FindUserFromExternalProvider(result);
foreach (var claim in claims)
{
_logger.LogInformation($"External provider[{provider}] info-> claim:{claim.Type}, value:{claim.Value}");
} External provider[Google] info-> claim:http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, value:Vahid N. External provider[Google] info-> claim:http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, value:Vahid External provider[Google] info-> claim:http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname, value:N. External provider[Google] info-> claim:urn:google:profile, value:https://plus.google.com/105013528531611201860 External provider[Google] info-> claim:http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, value:my.name@gmail.com
[HttpGet]
public async Task<IActionResult> Callback()
{
// ...
var (user, provider, providerUserId, claims) = await FindUserFromExternalProvider(result);
if (user == null)
{
// user wasn't found by provider, but maybe one exists with the same email address?
if (provider == "Google")
{
// email claim from Google
var email = claims.FirstOrDefault(c =>
c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
if (email != null)
{
var userByEmail = await _usersService.GetUserByEmailAsync(email.Value);
if (userByEmail != null)
{
// add Google as a provider for this user
await _usersService.AddUserLoginAsync(userByEmail.SubjectId, provider, providerUserId);
// redirect to ExternalLoginCallback
var continueWithUrlAfterAddingUserLogin =
Url.Action("Callback", new {returnUrl = returnUrl});
return Redirect(continueWithUrlAfterAddingUserLogin);
}
}
}
var returnUrlAfterRegistration = Url.Action("Callback", new {returnUrl = returnUrl});
var continueWithUrl = Url.Action("RegisterUser", "UserRegistration",
new {returnUrl = returnUrlAfterRegistration, provider = provider, providerUserId = providerUserId});
return Redirect(continueWithUrl);
} Always Encrypted is a new feature in SQL Server 2016, which encrypts the data both at rest *and* in motion (and keeps it encrypted in memory). So this protects the data from rogue administrators, backup thieves, and man-in-the-middle attacks. Unlike TDE, as well, Always Encrypted allows you to encrypt only certain columns, rather than the entire database.
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA.
