UseHttpsRedirection on Azure App Service

Recently, when deploying a project, we have hit an interesting issue – when we deployed an ASP.NET Core 2.1 application with HTTPS redirection middleware with HSTS middleware disabled, however the redirection wasn’t working correctly.

Continue reading “UseHttpsRedirection on Azure App Service”

Beware of SameSite cookie policy in ASP.NET Core and upcoming iOS 12

I have recently stumbled across a bug in iOS 12 preview which sort of breaks existing sites which make use of OpenID Connect middleware in ASP.NET Core 2.1.

Continue reading “Beware of SameSite cookie policy in ASP.NET Core and upcoming iOS 12”

Hosting small sites in Microsoft Azure

I have been running this blog and bunch of other projects on a local shared hosting called WEDOS for something over 3 years. They offer some great services for real good price, however after couple of issues and temptation I decided to move away to an Azure VM. We are going to take a look at how I did the move and what technologies I am using the background.

Continue reading “Hosting small sites in Microsoft Azure”

Passing state through authentication in ASP.NET Core

When authenticating a user, you might want to persist the state through the authentication request – for example whether the user is authenticating for some special action like organizational signup or simply some state of your application. ASP.NET Core makes this very easy.

Continue reading “Passing state through authentication in ASP.NET Core”

Including front-end libraries in ASP.NET Core projects

I have been recently working on an internal project which allows people to authenticate into a Wi-Fi with Azure AD and other various methods through a captive portal. While trying to maintain a strict policy on what hostnames can be accessed (basically just allowing Azure AD endpoint’s and the application server) I noticed that the default ASP.NET Core project setup seems to set a bad example in handling JavaScript libraries in your project.

Continue reading “Including front-end libraries in ASP.NET Core projects”

Remotely debugging PHP on App Service on Linux

I previously wrote about the possibility of remote debugging PHP apps in Microsoft Azure using ngrok. This solution wasn’t much secure and required the use of 3rd party software. During build, Microsoft announced support for SSH directly into the App Service on Linux instance and thanks to that, we no longer need ngrok or similar software and can do with just Azure CLI and VS Code. In this article, we are going to look at the setup.

Continue reading “Remotely debugging PHP on App Service on Linux”

Using ADAL for Node.js with Passport.js

I haven’t touch Node.js much lately, however, back while I have been working with it, I was always curious, how to leverage both Passport.js with Azure AD and using ADAL for Node.js together in order to have ADAL handle the tokens, refreshes, cache etc. In the end, I have come up with a solution which I am going to share below.

Continue reading “Using ADAL for Node.js with Passport.js”

Missing claims in ASP.NET Core 2.0 OpenID Connect

We have been migrating couple of projects to ASP.NET Core 2.0 recently. Amongst the major changes in ASP.NET Core 2.0, probably the biggest change has been done in the Authentication. I have written an article about cookie size in ASP.NET Core which explains the basic issue with too many claims in the identity. ASP.NET Core 2.0 OIDC addresses this by removing some of the token values from the identity on the background.

Continue reading “Missing claims in ASP.NET Core 2.0 OpenID Connect”

The dangers of too many cookies on a website

Sometimes, when browsing Microsoft’s sites, you can run into some weird errors – like Bad Request – Request too long or sometimes even Connection refused. These errors are mostly caused by cookies. In this article, I am going to show you the most common causes and also tips on how to avoid these issues on your sites.

Continue reading “The dangers of too many cookies on a website”

MyGroups: B2B application sample!

Based on my previous post about B2B guest access to application, I made another sample called MyGroups. I think it demonstrates practical usage of both B2B guest access, Office 365 Groups and Microsoft Graph.

MyGroups can be used to display all Office 365 Groups to which the user has been added and additionally list direct links to the group’s SharePoint site, which is something we have been in need of internally within our company.

In the HomeController, you can find the call which is being made to Microsoft Graph’s groups endpoint to get the group’s site information – it is being made in parallel to make the request shorter for the user – generally, on average, it took about 1 second to get the site details of each group.

If you would like to use the code, just go ahead and grab the source from GitHub!