Showing posts from April, 2017

Filters in ASP NET Core - what are they and how to use them

Filters in ASP NET Core - what are they and how to use themASP NET Core comes with a concept of filters. Filters intercept the stages of the MVC pipeline and allows us to run code before/after their executions. They are meant to be used for cross-cutting concerns; logics which is required accross the whole application, generally not business oriented. One example is authorization where in a Web API, we would use to prevent unauthorized request to execute the code in our controllers. In order to do that we would have a filter at the entrance of the pipeline. In fact, ASP NET Core has predefine stages, the diagram can be found on the documentation Another example of a cross-cutting concern would be for logging and timing functions. While the concept of filters is easy to understand, the way to implement those aren’t always straight forward, especially when the filter instantiation itself requires simple objects. In or…

Different types of authorization in ASP.NET Core

Different types of authorization in ASP.NET CoreLast week I touched on how we could authenticate users using Resource Owner Password flow with identity server. Authentication is the act of taking the information provided and verifying the “identity” of the user, ensuring that Alice (our beloved example user) is who she “claims” to be.
In the program itself, we take her credentials and verify it and create an identity stating that the user is Alice and has claims A, B and C.Authentication is the first part of the access security, the second part is the authorization. The difference being that for authorization, we know who the user is, what we are verifying is if Alice is allowed to perform what she is trying to perform. The easiest example is the difference between user access and admin access commonly seen in software where users are authenticated but aren’t authorized to perform all the actions available in the system.ASP.NET Core comes with a set of useful tools to perform authoriz…

Resource owner password flow with Identity Server 4 and ASP.NET core

Resource owner password flow with Identity Server 4Few week ago I described how to build a custom Jwt authentication.
Today I will show how we can use Identity server together with Resource owner password flow to authenticate and authorise your client to access your api.This post will be composed by 3 parts:1. Identity server 2. Protect an api 3. Configure a client The full source code is available on my GitHub Identity serverIdentity server is a framework which implements Open ID Connect and OAuth 2.0 protocols.
The purpose of Identity server is to centralize the identity management and at the same time decouple your api(s) from authentication and authorization logic.
Centralizing has many advantages:If you have multiple apis, you can hold your identities in a common placeIf you have multiple apis, it provides single sign on - user only sign in into one client and is automatically sign in in all apis. This works because all clients …

Cost of living in London

Cost of living in LondonIn 2015, I decided to relocate from Singapore to London. At the time I had no idea about the cost of living, the places where I should rent and places where the groceries would be the cheapest. Fast forward to today, March 2017, I moved back from London to Singapore. I stayed around London for more than a year and a half and while I was there, I kept an extremely close look to every in and out from my bank account. I even created an app Expense King to track my expenses coming out from my bank account.Today I would like to share what I wish someone would have shared before I relocated, a post about cost of living in London. This post will be composed by 5 parts:1. Situation 2. Recurring expenses 3. Rent a place 4. Bills 5. Grocery shopping1. SituationMy fiancee and I lived in a one bedroom apartment. The apartment was located at Pontoon Dock on the east of Canary Wharf with access to the DLR (but not the underground). It is about 40min by DLR+underground from B…