Should All Web Traffic Be Encrypted? The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point
This web app allows you to create a visual representation of your BenchmarkDotNet console results. You can conveniently copy the generated chart to your clipboard, save it as a PNG image, or share it through a URL.
- یکی برای هدرهای کوکی است و یکی برای تنظیم مشخصات توکن.
The TimeSpan after which the authentication ticket stored inside the cookie expires. ExpireTimeSpan is added to the current time to create the expiration time for the ticket. The ExpiredTimeSpan value always goes into the encrypted AuthTicket verified by the server. It may also go into the Set-Cookie header, but only if IsPersistent is set. To set IsPersistent to true, configure the AuthenticationProperties passed to SignInAsync. The default value of ExpireTimeSpan is 14 days.
- DateTimeOffset.UtcNow است.
Todo REST API samples using ASP.NET Core minimal APIs. It showcases:
- Using EntityFramework and SQLite for data access
- JWT authentication
- OpenAPI support
- Rate Limiting
- Writing tests for your REST API
آیا زمان ثبت نام در سمت سرور نباید هم access_token و هم refresh_token رو تولید و به سمت کلاینت ارسال کرد؟
مشکلی که هست تو اکشن logout شی userIdValue خالیه و بنظر میرسه که کوکی مقدار نداره!
با بررسی کدهای مربوط به backend این سری و مبحث مربوط به اعتبارسنجی مبتنی بر JWT در ASP.NET Core 2.0 بدون استفاده از سیستم Identity عملیات ثبت نام رو به صورت زیر پیاده سازی کردم.
//do register action and send sms message to client //then call activateRegisterCode action from client to server //In the following run operation authentication for user
[AllowAnonymous]
[HttpPost("[action]")]
[IgnoreAntiforgeryToken]
public async Task<IActionResult> ActivateRegisterCode([FromBody] ActiveCodeModel model)
{
if (model == null)
{ return BadRequest("درخواست نامعتبر"); }
var user = await _userService.FindUserByKeyCodeAsync(model.Keycode);
if (user == null)
{
return BadRequest("کد امنیتی معتبر نیست لطفا مجددا درخواست کد امنیتی کنید");
}
user.IsActive = true;
var userUpdated = await _userService.UpdateAsync(user, CancellationToken.None);
var jwt = await _tokenFactoryService.CreateJwtTokensAsync(userUpdated);
this.Response.Headers.Add("x-auth-token", jwt.AccessToken);
this.Response.Headers.Add("access-control-expose-headers", "x-auth-token");
_antiforgery.RegeneratedAntiForgeryCookie(jwt.Claims);
return Ok();
} در ادامه پیاده سازی action logout برای حذف توکنها از دیتابیس
[AllowAnonymous]
[HttpGet("[action]"), HttpPost("[action]")]
public async Task<bool> Logout(string refreshtoken)
{
var claimsIdentity = this.User.Identity as ClaimsIdentity;
var userIdValue = claimsIdentity.FindFirst(ClaimTypes.UserData)?.Value;
if (!string.IsNullOrWhiteSpace(userIdValue) && Guid.TryParse(userIdValue, out Guid userId))
{
await _tokenStoreService.InvalidateUserTokensAsync(userId).ConfigureAwait(false);
}
await _tokenStoreService.DeleteExpiredTokensAsync().ConfigureAwait(false);
await _uow.SaveChangesAsync().ConfigureAwait(false);
_antiforgery.DeleteAntiForgeryCookie();
return true;
} آیا باید زمان فراخوانی این اکشن refreshtoken رو هم بهش ارسال کنیم؟
تو اکشن لاگین هم کوکیها مقدار نمیگیره یا اینکه اصلا با کوکیها کار نداریم و بر اساس refreshtoken باید مقادیر claimهای داخلش رو decode و بررسی کرد و سپس بر اساس اون در بانک اطلاعاتی عملیات خذف توکنهای صادر شده در زمان ثبت نام و یا لاگین رو انجام داد.
Team Explorer support for TLSv1.2
- We have updated the Git and the Git Credential Manager components that ship in Visual Studio.
- The optional Git for Windows component has also been updated.
- This update allows Git to connect to services that have deprecated support for TLSv1 and TLSv1.1 in favor of TLSv1.2.
Issues Fixed in this Release
These are the customer-reported issues addressed in this release:
- Projects targeting .NET Core 2.1 or newer are not supported by Visual Studio 2017 version 15.5.
- Fixed issue where installation of the SDK for .NET Core 2.1 or newer would cause the option to create ASP.NET Core 2.0 Web applications to disappear.
Almost overnight, Docker has become the de facto standard that developers and system administrators use for packaging, deploying, and running distributed applications. It provides tools for simplifying DevOps by enabling developers to create templates called images that can be used to create lightweight virtual machines called containers, which include their applications and all of their applications’ dependencies.
This project is the next generation of the ASP.NET Boilerplate web application framework.
Modular Architecture
Designed as modular and extensible from the bottom to the top.
Microservice Focused
Designed to support microservice architecture and helps to build autonomous microservices.
Domain Driven Design
Designed and developed based on DDD patterns and principles. Provides a layered model for your application.
Authorization
Advanced authorization with user, role and fine-grained permission system. Built on the Microsoft Identity library.
Multi-Tenancy
SaaS applications made easy! Integrated multi-tenancy from database to UI.
Cross Cutting Concerns
Complete infrastructure for authorization, validation, exception handling, caching, audit logging, transaction management and so on.
اشتراکها
روش محافظت از سایت، در صورت آلوده شدن تعدادی از اسکریپتهای آن که از یک سایت ثالث تامین شدهاند
SRI Integrity Attribute allows the browser to determine if the file has been modified, which allows it to reject the file.
<script src="//www.site.com/plus/scripts/ba.js"
integrity="sha256-Abhisa/nS9WMne/YX+dqiFINl+JiE15MCWvASJvVtIk="
crossorigin="anonymous"></script>
Today, we are glad to release .NET 6 Preview 2. It includes new APIs, runtime performance improvements, and early builds of .NET MAUI. It also includes builds for Apple Silicon, which were missing for Preview 1.
