ASP.NET Webapi same origin policy workaround using Custom Http Headers

Posted in .Net Framework with No Comments April 29th, 2012

Recently, I’m working on an API that should be accessed by both javascript and desktop clients. During debugging of the javascript client, I ran into the Same Origin Policy problem which prevented my javascript app to make XHR to the API. Both the client and the API are hosted on different ports which triggers this policy. localhost:35000 and localhost:35001

One such workaround is to have the API utilize Cross-Origin Resource Sharing. This is basically sending back the header `Access-Control-Allow-Origin: *` the asterisk(allow all domains) can be replaced with specific domain names. I utilized a custom http header attribute that can be used on the Controller or the Action;

Using it:

The headers should now look like:

Access-Control-Allow-Origin:*
Cache-Control:no-cache
Connection:Close
Content-Type:application/json; charset=utf-8
Date:Sun, 29 Apr 2012 18:39:05 GMT
Expires:-1
Pragma:no-cache
Server:ASP.NET Development Server/11.0.0.0
Transfer-Encoding:chunked
X-AspNet-Version:4.0.30319

Tags:

Review of uCertify ASP.NET Web Applications Development Training Kit

Posted in .Net Framework, Uncategorized with No Comments April 20th, 2012

I’ve been using the 70-515-CSHARP – MCTS: Web Applications Development Training kit from uCertify for a week. A typical study-learn-practise guide to completing the Microsoft 70-515 exam. The software is installed and used as a desktop application.  I’ll express my subjective views on what I liked and disliked. I have not done the exam as yet and will write another article on how well this training kit helped me in passing the exam.

Tests (10/10)

I like the fact that they present you with a diagnostic test first. Each question is from a particular area and structured so you can know which area to focus on. They tested from basic ASP.NET configuration, deployment to even the now not so new MVC (13% of the exam). Upon finishing the test, you get the typical report system of how you did, what you got wrong etc. You can view correct answers and their explanations during the test or after the test from the report section. What I loved about this section is that they utilized pointing to MSDN documentation on the topic for further reading. A variety of question types are used, such as ordering elements multiple choice, so its not just the typical all multiple choice test suite.

Tests are given in sequence, from easy to hard. But there is a cool feature called an Adaptive test that pulls questions from the easy or hard pool depending on whether you got the previous one wrong. The harder questions you get correct, the harder they get.

So far, they try to simulate tests like the real world exam while trying to aid you in learning.

Study (8/10)

For me, the best way to study and learn something in the software engineering field is to read the documentation, write code, tweak, write some more code, tweak some more. In the kit, the about 70% of the content are definitions and examples, most of which already requires some knowledge of the content. Most of this section can be used as a reference guide to everyday development if they provided a search feature.

Another great way for me to learn is by watching screen-casts, and they also provide these although they are not packaged with the software. They are hosted on youtube, for eg. ASP.NET MVC Models, which are free for everyone so you can watch and judge the quality for yourself. Some labs contain a series of image to guide you through certain set-ups or files just in case you are lost.

The software provides you with most of the information required to not only know the answers to the questions but to also understand them and why they work that way.

Why 8? There is room for improvement with more video and image based content. Sample visual studio projects should be provided with this kit. Sample code and projects are a big help in the software engineering field. Lack of search functionality.

User Experience (6/10)

Their User Interface needs some more work. The home of the software is fine but when you drill down into the questions and study sections, the font size, colors and design is not really motivational. Functionalities or navigation controls does not look like items the user should be interacting with. They might have a list with 2 lines of text, both of which are click-able but are designed as plain text. It displays the content you need but does not give that new software/web 2.0 look and feel. Check out something like Khan Academy‘s designs, for my computer science readers, he has stuff on calculus, linear algebra, etc. So be sure to check him out.

Another concern of mine is that it was not cloud based. I would love to sync up my reports and other test/study data to my other computers that I use.

Conclusion

uCertify’s Microsoft web developer training has their content and teaching methodologies well structured. The study guide alone is beneficial to people who do not even need to do the certification, somewhat similar to an ASP.NET Cook-book (I’ve even found features I’ve never used before but are useful in real world development). This kit and exam is not for the beginner. But as they stated, you should have 2-3 years of software engineering in the ASP.NET environment to really understand these concepts presented.

Tags: ,

SimpleCrypto.Net a PBKDF2 Hashing wrapper for .Net Framework

Posted in .Net Framework with No Comments April 10th, 2012

Recently, Jeff Atwood blogged about a hashing speed problem, so I decided to rewrite my library since many people will be searching for easier ways of implementing PBKDF2 hashing. So I moved and re-factored my PBKDF2 algorithm stated in this post into this project which is much more object oriented friendly and focused only as a cryptography library. SimpleCrypto.Net, a simple wrapper for .NET that abstracts away complex cryptography algorithms from the user (easy password hashing for noobs).

There are 3 basic ways of using this wrapper:

1. Compute Hash for a string by generating a salt

Default Hash Iteration: 5000

Default Salt Size: 16

 

2. Compute Hash for a string by generating a salt with parameters


 

3. Compute Hash for a string with known salt


 

Salt Generation

The salt is stored in the format of: “{#hash_iterations}.{generated_salt}”. Salt size is used as the number of bits the generated_salt should be. An example would be: “50.dakh3oihh123knadn”. If the salt is not in this format, a FormatException will be thrown. Remember to always generate an unique salt for each user and regenerate it whenever they change password.

The library is also hosted on NuGet:  PM> Install-Package SimpleCrypto

I may be adding more hashing algorithms in the future, or if you would like to add some, fork the project and do a pull request. Please include unit test.

Tags: , , ,

Force download of file from ASP.NET WebAPI

Posted in .Net Framework with No Comments April 6th, 2012

How to generate and download content as files from an ASP.NET WebApi action. This example is focused on text content. When returning a file, we actually utilize `HttpResponseMessage` for low level modification of http headers.

First we return HttpStatusCode.OK, then set the content to a StringContent, content could be set to many other things such as streams, etc. We then set the Content-Type to ‘application/octet-stream’, which means the downloaded file is associated with a program that can open/read the file. We then create a Content-Disposition type of ‘attachment’, which tells the browser to utilize a save-file dialog box to save the file. We use ContentDispositionHeaderValue class for that. ContentDisposition is null so we need to initialize and configure it.

Sample Code:

This gives the response header:

  1. Status Code: 200
  2. Date: Fri, 06 Apr 2012 21:28:30 GMT
  3. X-AspNet-Version: 4.0.30319
  4. Transfer-Encoding: chunked
  5. Content-Disposition: attachment; filename=mytext.txt
  6. Connection: Close
  7. Pragma: no-cache
  8. Server: ASP.NET Development Server/11.0.0.0
  9. Content-Type: application/octet-stream
  10. Cache-Control: no-cache
  11. Expires: -1

And Body: Hello

When the browser gets this response, you will be prompted to download the file: mytext.txt.

Tags:

Create/Generate an absolute url in asp.net webapi

Posted in .Net Framework with No Comments April 4th, 2012

To get the absolute Url to an action or route in your WebAPI controller that points to another action, play around with the following code:

If the route is set to null, the first mapped route in the global.asax file will be used. You can play around with the parameters and anonymous object to get the correct routing you need.

For absolute url in mvc, see http://www.shawnmclean.com/blog/2011/07/creategenerate-an-absolute-url-in-asp-net-mvc-controller/

Tags:
« Older