Angular, C#, Web

Secure your Angular/ASP.NET Core application with Anti-forgery token

Security has always been at the forefront of Web Applications. There are so many security concerns one has to think of when developing web applications. Today, I want to share with you guys how to secure a Single Page Application (SPA) from Cross-site request forgery (CSRF or XSRF) using Angular 4. If you’re still using Angular 2 this works as well but I recommend upgrading to 4. It’s easy and they made the code faster and smaller (maybe a topic for another day ;-]) By default, the Angular core HTTP library will look for a token in the cookie with the name XSRF-TOKEN and add it to the request. Thanks to the CookieXSRFStrategy provided by Angular, Angular does that part for you. However,…

Read more
Angular, Web

Demystifying a few Angular2 concepts for starters

Being immersed in the JavaScript frameworks world can be intimidating. Today, I will try to demystify a few concepts and perhaps at the same time answer some questions that someone starting with Angular2 will most probably have. The framework is mature enough at this point in time to be able share some of the basics, but useful, things that one should have in mind when using it. Angular2 uses TypeScript TypeScript is a subset of JavaScript that is strongly typed, unlike JavaScript which is dynamically typed. Without going into too much details, it basically means that the compiler will not let you put a type into another. For instance, assigning a number (may it be an short, int, double, etc) to a…

Read more
Tools, Visual Studio, Web

Synchronizing node version with your environment in Visual Studio 2017

Visual Studio 2017 is official finally out and Microsoft did a tremendous job in listening to their user base. They simplified the install process, enhanced the speed of the load of the projects, enhanced their IntelliSense and debugging tools to say the least. If you have not tried it yet, go and grab yourself a copy today! The community edition is free and is available to everyone! On that note, one may remember the nodejs binding problem that would occur in Visual Studio 2015 when it comes to gulp and node-sass

This happens because Visual Studio has a set of paths that are searched to find node/npm etc. By default Visual Studio 2017 comes with Node 5.4.1 and npm 3.3.4 shipped. As…

Read more
Continuous Integration, Web

ASP.NET Core web.config publishing blues

I’ve been working on being able to use Octopus Deploy to deploy ASP.NET Core applications through IIS and I was faced with an interesting challenge. When publishing to a File System through the Visual Studio Publish command, it will trigger a PowerShell script that essentially will call Microsoft Web Deploy V3 (msdeploy) to put your FileSystem up to date with your release. But before calling MSDeploy, it will update (or should I say overwrite) your web.config with the proper handlers that match your application. This means that it will create a generic web.config and removing all the settings you may want. The ASP.NET team is aware I believe of the fact that the publishing tool is limited and thus in need of some customization features…

Read more
C#, Web

Two-Factor authentication in ASP.NET Identity 3 using TOTP authenticator

Two-Factor authentication is becoming more critical especially in business applications where sensitive and/or critical data can be accessed. A business application should communicate on a secure channel (https) and should implement Two-Factor as a minimum for their users especially if they can access the application remotely, which means everywhere. You could obviously skip the Two-Factor authentication when the user is on the intranet. This is not implemented in this article. What is a Two-Factor authentication? I will give a brief overview of what Two-Factor authentication actually is. As Joel Franusic described it in his post Two-Factor Authentication or TFA is a method where your users are required to log in with two “factors”: a password, and a code from a device that…

Read more
Angular, React, Web

Angular2 or React in the business environment

In 2015 and 2016, React was at the top of front end libraries for creating reusable components. AngularJS (Angular 1) was being slowly left behind; the Google team after 5 years of development learned from the users and came out with Angular 2. The framework was rewritten completely and it really is an amazing accomplishment. As a software architect, a key task of my job is to evaluate the current and future tools, frameworks and libraries out there and see if one of more could potentially be a fit for the development team. As you probably know, they are a lot of articles comparing both React and Angular 2. As a user of both, I want to share with you my findings….

Read more