Skip to main content

Posts

Why OpenID Connect came?

After publishing my previous article on ' Understanding concepts - OpenId, OAuth and SAML'  , I received a general question from a few of my colleagues and that is ‘Why OpenID arrived? What is the need of it’? By now, most of us are already aware that OAuth 2.0 is an authorization protocol and it really did a great job by providing information, which facilitated its user to take some prodigious authorization decisions. But what about exchanging this information? How to do that? Is that exchange done in a secure manner? Bla bla bla… All such sorts of questions are dealt in different- different manner as every authentication provider have their own mean of exchanging this OAuth information. As not all the providers have provided an equivalent level of security, led to some buzzes. Here OpenID Connect came for rescue. It fixes all the common problems by providing an authentication protocol with a standardized way of exchanging messages between a provider and subs

What's new in Visual Studio 2019

Microsoft has released Visual Studio 2019, two days back. This release has many awesome features targeting productivity and collaboration improvement. I’ve collected certain features as part of the launch event by Kendra Havens and Scott. Here are those: Side-by-side installation of Visual Studio versions New look of Start Page New look of Create Project window Redesigned user experience and theme Search is more intuitive Live share option for collaboration with fellow developers Debugger improvements – Search is available for Watch, Locals and Autos window Extracting only few projects from a solution – Solution filter Monitor awareness – VS resized as per the monitor size Fonts are colors based on classification of words Opening csproj file directly on double click of SDK projects New column Kind has added to Find All References option with Read/Write Code cleanup with just one click with rules configuration capability Facility to export code style as. editorconfig

Understanding concepts - OpenId, OAuth and SAML

I was going through some of the forums related to security concepts and found one topic which is very much communal, and many people posted questions about their confusion on the terms related to Authorization, Authentication and Security protocols.  So, I thought to write something about these terms in layman, which is more towards the concept and less towards technical aspects.  Before we start, let's have a look at the question, which really lighten the spark in me - stackoverflow.com - What's the difference between OpenID and OAuth ? Hope you are with me to get started. Well, one of the major aims of any application is to make it secure and easy to use without imposing much work on the end user. Now, in order to fulfill  this aim, we have to look into a few of the major security aspects in terms of protocols, usage and scenarios. And that's why this article is. What is Authentication and Authorization? In simple terms, authentication is the process to

Traditional file helper won't work in .Net core

Prior to .Net Core, we use to handle file by passing various sort of parameters, like -in memory bytes, FileStream or file path and that use to work perfectly.  But when it comes to .Net Core, passing a file path will not work exactly as ASP.Net MVC. In earlier versions, the path we supplied was considered as a physical path whereas in Core, same API is used to denote the virtual path. In other words, whatever path is provided will be appended with site URL.  Now how to give physical path in .Net Core?  No worries! Here comes the PhysicalFile helper for our rescue. To know more about it, here you go. Keep learning!

Confused with term Active Directory

Is On-premise Active Directory (Windows Active Directory) same as Azure Active Directory? In continuation to my previous blog post, this was one of another question asked to me.       Well, although these both are active directories but there are few differences though. Let’s have a look at those: Location - The most basic difference is, Windows AD is on-premise whereas Azure AD is cloud based. Initial moto – As Azure AD is a cloud based, some web service support is associated, unlike unadorned AD Protocols Used – Both the active directories use different protocols. As Azure AD uses SAML and oAuth whereas unadorned AD relies on NTLM and Kerberos for authentication and LDAP to query/modify Platform support – When it comes to provide support on other platforms apart from Windows, it is nightmare with Windows AD and requires more time and effort. But the same thing can be executed very smoothly with Azure AD as it just needs a registration with any one of your Microsoft

Windows Authentication & Forms-based Authentication

During my recent interaction with one of the development teams, I came across few queries. Hence, I decided to cover those general questions as part of my few upcoming blogs. The very first question I received is, when should one go for Windows authentication and when one should go for Form-based authentication? Now here one of the common response one can receive is – use Forms authentication whenever the user can supply username/password and go for Windows authentication whenever the user can use Windows Login System. No doubt, this response is correct. But there are few more points which can elaborate it. Let’ have a look at those: If user accounts are created in AD – go for Windows authentication using ActiveDirectoryMembershipProvider If user accounts are created in database, i.e. SQL Server – go for Forms-based authentication using respective membership providers, i.e. SqlMembershipProvider If user accounts are created in database whose direct member ship provi

Bit on certificates

In continuation to my previous blog, here I'm writing something more on SSL. As we learnt that, one of the key components of SSL protocol is certificates. Certification is nothing but just a set of files which contains information like: Owner of the certificate Issuer of the certificate Validity of the certificate, etc.  Below is the sample certificate: Before moving ahead, let’s have a look at the primary elements of certificates:  Public Key:   This file with extension as .crt is installed on the server and is distributed freely to any client.  Private Key: This file with extension .key is installed on the server and kept secret and secure. The file of SSL certificate contains information for encrypting data, it does not expire or have any details regarding organization or domain name.  Signing Request:   This file with extension .csr is sent to certificate authority by an applicant while applying for