My xprymnts with technology!!: 2018

Monday, November 5, 2018

Headless CMS .NET Core

Inspired from Soctt Hanselman blog:

Most of the traditional CMS systems are monolithic, UI, back end systems, admin tools..etc. Since the world is rallying towards REST, headless CMS systems are becoming popular (integrate content via APIs).

A Headless CMS is a back-end only content management system (CMS) built from the ground up as a content repository that makes content accessible via a RESTful API for display on any device.

So, if you are doing some projects using ASP.NET Core, the below are the few headless CMS frameworks:

https://github.com/jamesej/lyniconanc
https://github.com/ButterCMS/buttercms-csharp
https://github.com/umbraco/Umbraco-CMS (ASP.NET web site is based on this)
https://docs.squidex.io/architecture/01-overview

Friday, September 7, 2018

Git flow simplified

I always get confused when it comes to git flow - from where to branch and merge. So, I kept the below cheat sheet.

A develop branch is created from master
A release branch is created from develop
Feature branches are created from develop
When a feature is complete it is merged into the develop branch
When the release branch is done it is merged into develop and master
If an issue in master is detected a hotfix branch is created from master
Once the hotfix is complete it is merged to both develop and master

pic courtesy -> https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow

Wednesday, August 29, 2018

.NET framework and ASP.NET , MVC and EF and WebAPI version cheat sheet

Wednesday, August 15, 2018

OSWAP (Open Source Web Application Security Project) Replay attack

OSWAP (Open Source Web Application Security Project) focused on improving the security of a software and they provides “OSWAP top 10”, a collection of most frequent vulnerabilities exist in a Web, IoT and mobile applications.

Everyone who develops web, mobile or any IoT project MUST know about OSWAP and you may be wondering why I am writing this post now.

I lead an initiative to migrate the payment provider for our existing B2B and B2C portfolios. The following are the integration flows:

Application(s) use a back end service to authenticate with the payment provider and then authorize for the $ amount.

The payment provider authorizes and redirects to an external hosting page to enter credit card details

After the payment, the third party provider redirects to an application page with the payment status.

Based on the payment status, an application can decide what's the next steps.

Since the payment provider redirects back to an application URL, there is a potential chance of a replay attack. An attacker can use the URL in another transaction.

To mitigate the risk, we used a token-based approach - a signed token is send to the payment provider during the authorization process. After the payment, the token will be send along with the redirect URL and on the confirmation page; the token will be invalidated so that the same token cannot be used in another session.

Friday, June 8, 2018

Change audio input and volume windows 10

Original post: https://www.hanselman.com/blog/AutomaticallyChangeYourAudioInputOutputAndVolumePerApplicationInWindows10.aspx

I use multiple headsets and I find it very hard to manage these headsets when I jump into conf calls.

The two utilities mentioned by Scott will be a life saver :)

Audio Switcher: A simple app runs as part of the notification area, that help you to switch default audio input and output devices. There is no down load available. You have to copy code from git and build it. Once build is completed, find the exe from the bin folder and run the AudioSwitcher.exe program.

https://github.com/davkean/audio-switcher

EarTrumpet:https://www.microsoft.com/en-us/p/eartrumpet/9nblggh516xp?activetab=pivot%3aoverviewtab

Monday, March 19, 2018

Converting Odata Specification to OpenAPI

Last week I was working on on-boarding a few SAP Odata APIs to API Management gateway. The APIM tool used by my organization supports JSON or YAMAL specification file to on-board an API.

So, I have reached out to OpenAPI team and they informed me that Odata will soon be part of OpenAPI and mean while the below mentioned tools/process can be used to convert Odata specification to OpenAPI specification

Odata to Open API conversion tools are available at https://github.com/oasis-tcs/odata-openapi/tree/master/tools
Download or clone tools folder
Create a folder and name examples at the same level as of “tools” folder. This folder is used to keep Odata Edmx files.
If you have node installed, install the following npm packages (for windows machine)
$ npm install -g node-gyp
npm install --global --production windows-build-tools
Once the above packages are installed, then open command window at the tools folder location and run npm install –g. This will install a few packages based on the package.json located at tools folder
Once the packages are installed, to convert Odata to Open API, run the command odata2openapi -drp <<MyMetadata.xml>> (The file MUST be inside examples folder)
By default the tool converts to Open API 3.0 specification. To convert to 2.0 (swagger) specification, use the below options

Options:

--basePath base path (default: /service-root)

-d, --diagram include YUML diagram

-h, --help show this info

--host host (default: localhost)

-o, --openapi-version 3.0.0 or 2.0 (default: 3.0.0)

-p, --pretty pretty-print JSON result

-r, --references include references to other files

--scheme scheme (default: http)

-u, --swagger-ui URL of Swagger UI for cross-service references

. Once the file is converted, I used swagger editor and modified a few values and finally on-boarded it to APIM

Monday, February 26, 2018

HTTPClient for ASP.NET core 2.0

The following articles explain the issue using HttpClient class:

https://aspnetmonsters.com/2016/08/2016-08-27-httpclientwrong/

http://www.nimaara.com/2016/11/01/beware-of-the-net-httpclient/

As per ASP.NET 2.1 road map a default HttpClient Service will be available. Until the framework available, I'm using the below implementation of HttpClient

https://gist.github.com/ajopjo/796ddf8d2f44dd3dbf6268da179cb239

If you find any issues with the implementation, please let me know.

Thursday, February 22, 2018

Integrating Serilog to ASP.NET Core

If you are not using the seri log configuration package and want to set up serilog based on app specific configuration use

webHostBuilder.ConfigureLogging((hostingcontext, logging) =>
{
var logSettings = new LogConfiguration();
//my custom section
hostingcontext.Configuration.GetSection("LogSettings").Bind(logSettings);
if (logSettings.Sink.Equals("rollingFile"))
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft", Information)
.Enrich.FromLogContext()
.WriteTo.RollingFile(logSettings.Url)
.CreateLogger();
}
else
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft", Information)
.Enrich.FromLogContext()
.WriteTo.Seq(logSettings.Url)
.CreateLogger();
}

var levelSwitch = new LoggingLevelSwitch();
int.TryParse(logSettings.LogLevel, out var level);
levelSwitch.MinimumLevel = (LogEventLevel)level;
logging.AddSerilog(dispose: true);
});

Autofac dependency injection per request based on header parameter ASP.NET Core2.0

builder.Register(c =>
{
string dependencyName= c.Resolve<IHttpContextAccessor>().HttpContext.Request.Headers[Constants.CountryHeader];

return c.ResolveNamed<interface>(dependencyName);
}).InstancePerLifetimeScope();

and in the module
protected override void Load(ContainerBuilder builder)
{
//register modules here
builder.RegisterType<ClassName>().Named<Interfacer>("Name of dependency");
}

My xprymnts with technology!!