Skip to main content


Showing posts with the label Authentication

Making a call to Retail Server APIs

This article will talk about how to make a call to Retail APIs (non anonymous )  and what all information is required to get the response. I started by generating the access token using username-password flow and obviously the client id as shown in below image: Then I tried to make a call to an API using Postman as shown below: And here is the 401 Unauthorized error ☹ and the reason is -  Microsoft_Dynamics_Commerce_Runtime_DeviceTokenNotPresen t After spending hours, I got to know that Retail APIs  can’t be called just by passing the access token. In order to make API call successful, there is one additional information ‘ devicetoken ’, which needs to be sent.  Now where to pass this information? Well, fortunately I was able to figure it out. This devicetoken  has to be passed as an header while making API call as shown below: Once device token is passed, I received the expected response from the API.  Hope I saved your hours

Creating ASP.NET Core 2.2 Application Step-by-Step

This article will walk you through the creation of ASP.NET Core application using ASP.NET Core 2.2 from scratch, by utilizing the capabilities of package manager, EF Core, Identity API, Razor Class Library, etc. So, rather than being more theoretical, this article will focus mainly on the implementation part. Wherever required, I’ll throw some light on the conceptual part too. To know more, you can either go here or here .

Understanding concepts - OpenId, OAuth and SAML

I was going through some of the forums related to security concepts and found one topic which is very much communal, and many people posted questions about their confusion on the terms related to Authorization, Authentication and Security protocols.  So, I thought to write something about these terms in layman, which is more towards the concept and less towards technical aspects.  Before we start, let's have a look at the question, which really lighten the spark in me - - What's the difference between OpenID and OAuth ? Hope you are with me to get started. Well, one of the major aims of any application is to make it secure and easy to use without imposing much work on the end user. Now, in order to fulfill  this aim, we have to look into a few of the major security aspects in terms of protocols, usage and scenarios. And that's why this article is. What is Authentication and Authorization? In simple terms, authentication is the process to

Authentication using External Providers(Hotmail)

In my previous article, I wrote about how to authenticate by creating new user accounts. Now what if, anyone doesn’t want to add another pair of user id password to his memory and want to use the existing ones which he/she is using very frequently in his/her day-to-day life. Well, here comes the external providers in the picture. In this article, I won’t be covering the basics on how to create a website from scratch as it is already covered in an earlier article. So, let’s quickly jump on to the login screen and on right hand side, you will see the text as ‘Use another service to log in.’ . It  also provides a hyperlink, which will guide us on how to setup the authentication using external providers. What are external providers? There is a huge list of authentication providers. The most common one’s are Twitter, Facebook, Google and Microsoft. This list is not restricted till here as it can be any other custom provider. Throughout this article, I’ll be driving you to set

Authentication in layman terms

Recently I met one of my readers and he asked me what is authentication and why is it required in very simple terms. So, here is the post. What is Authentication? To understand the fundamentals of authentication, let's begin by taking an easy example. You are working on some file and now you want to share that file to a person named XYZ over OneDrive. So, the purpose of authentication in this case is to make sure that only XYZ can access that document. How to achieve it? It can be achieved by setting up the authentication system and this system will tell who all can access this file based on some predefined rules. In our case, the rule is simple - none except XYZ should be able to access the file. How verification happens? Entire verification activity solely depends on our authentication system. When I'm saying authentication system, it means it is nothing but a piece of software written by someone. Now how will this piece of software validate the incoming us

Setting up Two-Factor Authentication in ASP.NET Core 2.0

In this article, I’m going to write bit about security aspects in ASP.Net Core 2.0. Whenever you create a new ASP.NET Core application, you must notice that there is an option on dialog with a button captioned as Change Authentication and once you click on that, you will land upon a dialog having below 4 options as shown below:    I’ll discuss about each of these options in detail but as of now, to get started, let’s take a high-level idea about these No Authentication – which means application is completely anonymous and open for everyone to access it. Individual User Accounts – it uses local database for storing the information related to user. Work or School Accounts – it means application will work with Office365, Active Directory, support for cloud, etc.. Windows Authentication – For internet application and uses IIS capabilities to know who has logged in. Here I’ll be choosing my option as ‘ Individual User Accounts ’ which is very easy, simplest as well