Authorization Options in ASP.NET Core

ASP.NET Core 2.x has a robust authorization system extending beyond just the age old [Authorize] attribute. With ASP.NET Core you now have access to Authorization policies and Authorization filters. To understand what they are and when to use them (and when not to), you should begin by familiarizing yourself with how authorization works in MVC and where it fits into the context of ASP.NET Core middleware as a whole. ASP.NET Core Middleware Pipeline In a brand new ASP.NET Core 2.0 MVC project (using built-in templates), the request middleware pipeline executes in this order: Things like add logging, UseStaticFiles, UseDeveloperExceptionPage when…

Using Serilog with ASP.NET Core 2.0

In case you’re unfamiliar, Serilog is a an open source event library for .NET. Conceptually, Serilog gives you two important components: loggers and sinks (outputs). Most applications will have a single static logger and several sinks, so in this example I’ll use two: the console and a rolling file sink. Starting with a new ASP.NET Core 2.0 Web Application running on .NET Framework (as in the image to the right), begin by grabbing a few packages off NuGet: Serilog Serilog.AspNetCore Serilog.Settings.Configuration Serilog.Sinks.Console Serilog.Sinks.RollingFile Next, you will need to modify some files. Startup.cs Startup constructor Create the static Log.Logger by reading…

To Do or To Don’t?

A couple years ago I started using Trello to help me plan and organize my time. If you aren’t familiar with it, Trello is a free tool similar to a Kanban board, allowing you to create some lists and add things to those lists. Then you can freely drag items between lists. When you first get started with it, your board could end up looking like this: Not long after I started using it, I ended up creating another list to the left and calling it Tomorrow, intended for things that I meant to get to tomorrow. The problem I had was that…

Getting a list of your AMIs from Amazon AWS

I just ran into a problem running some code that worked the last time I ran it. Code that was calling DescribeImages on the Amazon Web Services (AWS) API. It was a really odd problem because my particular line of code was just calling the DescribeImages() method on the AmazonEC2Client which never returned and just blocked forever. I watched the request again the AWS REST API happen in Fiddler, which was also not very helpful. Anything I tried to do to the request would result in a response from the API that would never send a body. To fix the…

401 (Unauthorized) from Atlassian Cloud API

I am working on doing some automation with JIRA, through my Atlassian Cloud (previously OnDemand) instance. My goal is to create a .NET application in C# that can interact with JIRA and automate things as well as provide specific bits of information. I thought I was going crazy because I just could not get it to work. No matter what I did, or what I tried, I kept getting a 401 (Unauthorized) response when connecting to the API. And more specifically, this is what part of the response from the API looked like: I was using the library RestSharp and…

OWIN is not Katana is not vNext, or is it?

A lot of people get confused about OWIN and Katana, especially in their relation to vNext. To properly explain the differences between these things, let’s take a step back into the mid 2000s where ASP.NET (WebForms) was starting to see a lot of people moving away from it, towards things like Ruby on Rails. The reason for that being the fact that WebForms was this huge ugly beast, giving developers a bastardized model of the web to work from. WebForms abstracted away much of the “web” part of web development, and gave us things like the now-dreaded ViewState. But WebForms…