Angular, C#, Web

Secure your Angular/ASP.NET Core application with Anti-forgery token

Security has always been at the forefront of Web Applications. There are so many security concerns one has to think of when developing web applications. Today, I want to share with you guys how to secure a Single Page Application (SPA) from Cross-site request forgery (CSRF or XSRF) using Angular 4. If you’re still using Angular 2 this works as well but I recommend upgrading to 4. It’s easy and they made the code faster and smaller (maybe a topic for another day ;-]) By default, the Angular core HTTP library will look for a token in the cookie with the name XSRF-TOKEN and add it to the request. Thanks to the CookieXSRFStrategy provided by Angular, Angular does that part for you. However,…

Read more
Angular, Web

Demystifying a few Angular2 concepts for starters

Being immersed in the JavaScript frameworks world can be intimidating. Today, I will try to demystify a few concepts and perhaps at the same time answer some questions that someone starting with Angular2 will most probably have. The framework is mature enough at this point in time to be able share some of the basics, but useful, things that one should have in mind when using it. Angular2 uses TypeScript TypeScript is a subset of JavaScript that is strongly typed, unlike JavaScript which is dynamically typed. Without going into too much details, it basically means that the compiler will not let you put a type into another. For instance, assigning a number (may it be a short, int, double, etc) to a…

Read more
Tools, Visual Studio, Web

Synchronizing node version with your environment in Visual Studio 2017

Visual Studio 2017 is official finally out and Microsoft did a tremendous job in listening to their user base. They simplified the install process, enhanced the speed of the load of the projects, enhanced their IntelliSense and debugging tools to say the least. If you have not tried it yet, go and grab yourself a copy today! The community edition is free and is available to everyone! On that note, one may remember the nodejs binding problem that would occur in Visual Studio 2015 when it comes to gulp and node-sass

This happens because Visual Studio has a set of paths that are searched to find node/npm etc. By default Visual Studio 2017 comes with Node 5.4.1 and npm 3.3.4 shipped. As…

Read more
Documentation

Why you should have release notes

Building software is exciting. You get your first release out there, rock back your chair or celebrate with your team and overall everyone is happy. The word goes out and people start using what you’ve built. Exciting! Like any living software, you start improving your software and fix some bugs. There are a few times where I am looking at software (may it be a full blown application or plugins), I see that a new version is out, but I don’t see what has been changed. I also often come across releases where the major version has changed. As per semver, a major version means that one makes incompatible API changes. However, do developers really do follow that? Some may want to…

Read more
Software Architecture

The importance of good logging

Lately, as you may have noticed through my other posts, I’ve been doing a lot of migration and DevOps. I’ve had my fair share of problems and the fact that I was able to skim through the logs for clues helped me put everything into production. I want to discuss in this post the importance of good information logging whether it is general information for the user or errors occurring in the application. Often we see applications not having any logs or the logs they provide are poor in content. Every system is different; not every system is configured the same way and/or has the same applications installed. Here are some points that should be followed by every developer when it comes…

Read more
Continuous Integration, Web

ASP.NET Core web.config publishing blues

I’ve been working on being able to use Octopus Deploy to deploy ASP.NET Core applications through IIS and I was faced with an interesting challenge. When publishing to a File System through the Visual Studio Publish command, it will trigger a PowerShell script that essentially will call Microsoft Web Deploy V3 (msdeploy) to put your FileSystem up to date with your release. But before calling MSDeploy, it will update (or should I say overwrite) your web.config with the proper handlers that match your application. This means that it will create a generic web.config and removing all the settings you may want. The ASP.NET team is aware I believe of the fact that the publishing tool is limited and thus in need of some customization features…

Read more
Server administration

Having IIS and Tomcat running side by side on Windows

It has been an interesting week for me as I’ve been doing a lot of DevOps and migrating a lot of the internal tools that we use. One problem I faced with was to make IIS and Tomcat friends. It must be easy right? Setup IIS, setup Tomcat, bind each to a respective IP address so they can run on the regular ports (80/443). You start IIS, you start Tomcat and then you look at the logs of Tomcat and you get the famous java.net.BindException: Address already in use exception. There’s a solution. By default, IIS goes through HTTP.sys and binds to all available IP addresses. You have to tell it which addresses it can be bound to. To do that,…

Read more
C#, Web

Two-Factor authentication in ASP.NET Identity 3 using TOTP authenticator

Two-Factor authentication is becoming more critical especially in business applications where sensitive and/or critical data can be accessed. A business application should communicate on a secure channel (https) and should implement Two-Factor as a minimum for their users especially if they can access the application remotely, which means everywhere. You could obviously skip the Two-Factor authentication when the user is on the intranet. This is not implemented in this article. What is a Two-Factor authentication? I will give a brief overview of what Two-Factor authentication actually is. As Joel Franusic described it in his post Two-Factor Authentication or TFA is a method where your users are required to log in with two “factors”: a password, and a code from a device that…

Read more
Tools

A way to manage nodejs and npm on windows

For the ones starting with NodeJS and NPM on windows, you probably are asking yourself how to update those when a security flaw is found or when a new version comes out. There is a way. Updating NPM You can update NPM by using npm-windows-upgrade If you want to skip all the reading of their page, here’s the parts that you need to know (excerpt from the page): First, ensure that you can execute scripts on your system by running the following command from an elevated PowerShell. To run PowerShell as Administrator, click Start, search for PowerShell, right-click PowerShell and select Run as Administrator.

Then, to install and use this upgrader tool, run (also from an elevated PowerShell or…

Read more
Angular, React, Web

Angular2 or React in the business environment

In 2015 and 2016, React was at the top of front end libraries for creating reusable components. AngularJS (Angular 1) was being slowly left behind; the Google team after 5 years of development learned from the users and came out with Angular 2. The framework was rewritten completely and it really is an amazing accomplishment. As a software architect, a key task of my job is to evaluate the current and future tools, frameworks and libraries out there and see if one of more could potentially be a fit for the development team. As you probably know, they are a lot of articles comparing both React and Angular 2. As a user of both, I want to share with you my findings….

Read more