Archives

Archives / 2013
  • Using the Katana Authentication handlers with NancyFx

    Once you write an OWIN Middleware service, it can be reused everywhere as long as OWIN is supported. In my last post, I discussed how you could write an Authentication Handler in Katana for Hawk (HMAC Authentication). Good news is NancyFx can be run as an OWIN handler, so you can use many of existing middleware services, including the ones that are ship with Katana.

  • Writing an AuthenticationHandler for Katana

    As I discussed in my previous post, Katana is pretty much organized in middleware services.  One of those middleware services is authentication, which provides some built-in implementations for existing OAuth providers such as Facebook, Twitter, Google or Microsoft, and also an implementation for Forms authentication with cookies.  All those implementations are currently distributed as Nuget packages under the name of Microsoft.Owin.Security.*, where the last part identifies the name of the implementation (e.g. Microsoft.Owin.Security.Twitter).

  • Getting started with Owin and Katana

    The .NET ecosystem offers today a lot of alternatives for developing web applications. You can either use any of the frameworks supported by Microsoft with ASP.NET such as Forms, MVC or Web API, or any other open source alternative like FubuMVC, ServiceStack, NancyFx or OpenRasta to name a few. From an architecture standpoint, all these frameworks have three main layers in common (in spite of the difference with the implementation details), hosting, middleware, and application.

  • Pushing ETW events through SignalR

    ETW or Event Tracing for Windows is a very efficient pub/sub built-in mechanism that runs in Kernel Mode for doing event tracing. That implies there is just a little overhead in using this feature compared to other traditional tracing solutions that are I/O bound and drop the traces in different storages like files or databases for example. As it is a built-in mechanism in Windows, many of the operating systems services and components make good use of it. You can not only troubleshoot your application but also many of the OS components involved in the execution of that application.

  • IP Throttling in ASP.NET Web API

    Some Web APIs use the client IP address to enforce Service Level Agreements such as limit the number of calls in a period of time. The client IP address can be used as a replacement for an authentication key sometimes when a previous registration of client applications is not required.

  • Authentication in Web APIs. Keys, OAuth or HMAC

    Most of the Web APIs available out there in the web nowadays use some kind of authentication for identifying client applications. Although they implement authentication in different ways, they can be typically categorized in three main groups, services that use Keys, OAuth or HMAC.

  • Giving temporary access to your ASP.NET Web API with Hawk

    One of the features supported by Hawk, an HTTP authentication protocol based on HMAC, is to provide read-only access to a Web API for a short period time.  That’s performed through a token called “bewit” that a Web API can provide to a client. That token is only valid for Http GET calls and it can be used for a limited period of time.

  • ASP.NET Web API Logging and Troubleshooting

    ASP.NET ships with two built-in mechanisms for doing logging and troubleshooting.  Chasing errors without knowing these two mechanisms might be a daunting task, specially if they happen in the runtime pipeline much before a message gets to a handler or a controller.