Author Archives: lindner

ASP.NET Core 2.0 Disable Authentication in Development Environment

This article describes how to disable authentication for ASP.NET Core 2.0.

ASP.NET Core JWT Authentication

I have some Rest API which I want to protect via JwtBearer token in production e.g.

 

However in order to test the API, for development I totally want to disable authentication without having to remove all Authorizes in the Controllers.

Continue reading

JSF ViewState Hack Attempt: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 – com.sun.faces.renderkit.ServerSideStateHelper.getState (ServerSideStateHelper.java:313)

Hack Attempt on JSF ViewState

This article explains why the error java.lang.StringIndexOutOfBoundsException: String index out of range: -1 in the class ServerSideStateHelper in the method getState (313) might be someone trying to hack your application server. It is getting quite technical in here… but bear with me… it’s really interesting. I also break down the actual attack to demonstrate what the attacker was trying to do.

Continue reading

WildFly 10 with Apache and AJP

This article demonstrates how inbound request from a webserver (Apache) can be proxied to an application server (WildFly 10) using the Apache JServ Protocol (AJP). For more information on what AJP actually is, take a look at https://en.wikipedia.org/wiki/Apache_JServ_Protocol .

WildFly 10 Configuration

First you have to add an ajp-listener to the undertow subsystem (line 4).

standalone.xml –  undertow subsystem:

Then you also have to add a socket-binding (line 4).

Continue reading

Angular2 with NPM and Webpack

This article demonstrates how to set up an Angular2 project with Webpack. The setup also supports Typescript, Less, CSS packages like Twitter Bootstrap and Fonts e.g. FontAwesome.

It describes how to set up all the different plugins, loaders etc. I needed for a real Angular2 application. Most articles I read so far only concentrate on one small part of a complete setup. If you think I forgot to mention an elementary part of the setup, please let me know.

Required NPM Packages

All required dependencies for Webpack are put into package.json as devDependencies, so that NPM will automatically install them.

Continue reading

Angular2 Release Candidate 1 (RC1) Changes

This article summarizes a couple of changes I encountered during the migration of angular2 beta 17 to angular2 rc1.

Angular2 Packages for RC1

Previously angular2 could be pulled in by npm using the following configuration entry in package.json

Now all packages have been split up and moved to @angular instead of angular2.

package.json

Continue reading

Hangfire Dashboard and ASP .NET 5

This article demonstrates how the Hangfire dashboard can be set up in an ASP .NET 5 application including authentication via ASP .NET Identity.

Adding Hangfire Packages

project.json:

Since I am using Hangfire with SQL, I have to add Hangfire itself and Hangfire.SqlServer to the project.json.

Continue reading

302 Redirect VS 401 Unauthorized – ASP .NET 5 Identity

302 API Redirect Problem

If you make a request to a REST service and are not logged in, by default ASP .NET 5 Identity returns a 302 Redirect to login page. This is great if you are visiting the URL of a controller directly. If you make an Ajax request to a specific REST API and are not logged in however, you are also redirected to the login page and instead of the content of the API you will get the content of the login page itself. Probably without even noticing it right away.

So in instance of API calls I would prefer a 401 Unauthorized status code, e.g. $http requests using AngularJS. Here only the Ajax call itself gets redirected, but the URL of the browser remains the same. This means you won’t see that there is an “authentication problem” and you are not redirected to the login page.

Continue reading

Angular2 Http Authentication Interceptor

In my Angular2 application I want to be redirected to the login page whenever I get a 401 response during an Ajax call. Therefore I want to intercept all Ajax calls and check for the response code. In addition to that I also want to set a couple of default request headers for each Ajax call. The code below shows an interceptor for angular2 http requests.

Continue reading

ASP .NET 5 Identity with Entity Framework 7 Setup

In this article we will demonstrate how to provide authentication to ASP .NET 5 applications using ASP .NET Identity with Entity Framework 7.

Adding Packages

Add the following package to your ASP .NET project. This will automatically pull in additional required dependencies for ASP .NET Identity.

project.json

Continue reading