I love delegated authentication. I strongly feel that this is one of the priorities that the ASP.NET Core team got right by "forcing" or better coercing developers and companies to use an external service to manage user authentication and authorisation. The right route. Why? Only a couple of days T-Mobile Austria made the news (and Twitter news) for claiming that they have "Amazingly Good Security" while storing users' passwords in clear text! You can read all about it here. However, we're not here to lament on other peoples' bad security. There are too many things wrong with this example …[read more]
Showing all posts tagged: 'ASP.NET Core'
A 4-post collection
In the early days of ASP.NET Core, Kestrel (the lightweight, open source web server) was fairly basic. And this was totally intentional! Kestrel provides a mechanism to spin up and run ASP.NET Core websites and APIs fast and efficiently with as little overhead as possible. This, combined with the other ASP.NET Core improvements (90% smaller HTTP requests etc) have contributed to ASP.NET Core's speed. Kestrel was great at its job but in some cases proved to be very basic. It's important to understand that Kestrel was never intended to run applications in production. Instead, the recommendation …[read more]
I'm a big proponent of delegated authentication. It's no surprise that Broken Authentication is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C but this time I wanted to take Auth0 for a spin. In this post …[read more]
Service Fabric is Azure's highly scalable, multi-node, always-on solution that's designed to make deployment and running of distributed micro-services (and not only) a breeze. It provides a lot of features and functionality out of the box, allowing you to focus on the business value of your solution instead of the architectural and design decisions that could delay your path to production/market. There's great, impartial set of articles on micro-services published by Microsoft, along many, so if you want a crash course introduction, then I would urge you to have a read here. This is not the one true source …[read more]