Mira Javora Blog

In a common Web API scenario, you may want to secure your endpoints so that certain actions can only be executed by authenticated users who posses the correct permissions and are authorised to access the endpoints. For example, you would not want expose your DELETE endpoint of a resource to the general public. This problem is traditionally solved by Authentication and Authorization and your credentials are passed along with the request to the server. An alternative is to exchange the username and password for a short-lived access token and use this access token to perform the protected actions. This solution does not fit every scenario,  however, it means that if the access token gets exposed, the user credentials are not revealed.  Authentication and Authorisation There is a … more

This is a second post in the series all about ASP.NET Web API. The first post looked at getting started with the Web API. You can find the source code on Github. An important part of Web API is resource content negotiation. The HTTP protocol RFC defines content negotiation as the process of selecting the best representation for a given response when there are multiple representations available. In practise the same resource can be represented in a variety of different ways – lets say a contact information resource can be shown in JSON representation, but also in XML or even as a PNG QR code containing the same content. The content negotiation can be either server or client driven. In the first instance, the server decides what content to send down based on the various headers sent from … more

A significant part of ASP.NET MVC4 release was the Web API. In a nutshell, it’s a powerful framework that makes creation of HTTP services easy and straight-forward. In many ways, it’s something we’ve all been waiting for. The code sample for the article can be found on GitHub. You can find more details at the end of the article. Creating a RESTful API with ASP.NET There are several options you can go for when deciding what technology you adopt for your RESTful API. In fact, you’ve got lots to chose from. If you’re old-school (and enjoy living in the past), you might want to go for WCF. Another popular open source framework for creating RESTful APIs with C# is OpenRasta. A creation of Sebastien Lambda has been around for a while, however, it hasn’t had that much traction in the last 18 … more

About a month ago, I was approached by Packt Publishing to write a book on SignalR. The idea was to write a book that would guide you through various SignalR components using some sort of real-world example. I was up for it and the publisher seemed very keen. How It Went Downhill All was going well. We agreed on the terms, I put together a detailed outline, which got reviewed and then eventually approved and then … then things went sour. It started with the schedule. It was based on the outline a consisted of a simple formula between days and pages. No questions asked about holidays, week ends apparently weren’t a thing anymore and nobody celebrates Christmas these days. At this point the alarm bells were ringing but after a bit of back-and-forward they were happy to accept my schedule. … more

This is a fifth contribution in a series dedicated to SignalR. The previous article looked at dependency injection. SignalR was built with scalability in mind. Even though you will be able to run a fair number of concurrent connections on a single server instance, there will come a point where a single node will not be able to handle the load. The maximum threshold of concurrent connections per node depends on quite a few factors such as server spec, client transport type or the amount of work alongside message processing. The solution is to increase the number of server nodes and run SignalR over load balancer or in web-garden. However, these separate instances will need to pass data between each other to ensure every client gets the same data. This is done through a backplane. SignalR … more

A typical MVC site would consist of a folder containing all the views and partials that are then rendered using a view engine. However, it can get a little tricky when you want to re-use the same view template across multiple projects without content duplication. Perhaps you want to re-use a small partial with tracking code or even entire views for common actions such as login / reporting.

You may consider storing the content in a resource file and embed it in a class library. Or perhaps do a clever virtual directory mapping in your IIS setup. However, the best solution is simply to compile the views into a class library using Razor Generator. Razor Generator is  tool that allows processing Razor files at design time instead of runtime, allowing them to be built into an … more

The default browser compatibilities mobile detection in ASP.NET in System.Web.HttpBrowserCapabilitiesBase is pretty poor. It ignores majority of the mobile devices and since it does not update on regular basis, it will ignore any new devices as well. Simply put, if you are using mobile-specific views then most mobile devices will get only the desktop views, because the device will be not recognised as a mobile device. You can add browser definition files to your solution and specify capabilities for the latest devices. It is however a quick road to hell. Instead, there are several open source libraries that help you improve the device detection and override the BrowserCapabilities. 51Degrees.mobi is widely recognised and I had very good experience using it in the past. It contains an … more

Sooner of later, there comes a point you will be asked to implement email templates. Tools such as Campaign Monitor are useful, but they are not cost-effective when you reach a larger number of users and you have in-house skills to create an email system. The Old School – XML And XSLT or Token Replacement A common way to implement email templates was to use XML in combination with XSLT. It used to make sense: you separate the data from the markup, are able to create multiple XSLT tranforms based on HTML vs PlainText using the same data, you could use complex logic and loops and you could re-use the templates cross-systems. However, editing and maintaining the templates was never easy. Simpler systems may even use token replacement techniques. Razor Engine To Generate Your Email Templates … more

This is a fourth contribution in a series dedicated to SignalR. The previous post focused on publishing data from .net services using hub proxies. Setting up dependency injection with SignalR is pretty straightforward. SignalR uses DefaultDependencyResolver to resolve its own services (IConnectionManager, IConfigurationManager, IJsonSerializer, ITransportManager and many more) and hub extensions (IHubManager, IJavaScriptProxyGenerator and many more). Using GlobalHost, you can set your own dependency resolver. Extending the DefaultDependencyResolver When it comes to writing your own dependency resolver for SignalR, you have two options: - You can implement IDependencyResolver  and write the entire logic yourself (for the brave with lots of time)- You can extend the … more

This article is a third in a series dedicated to SignalR. My previous article looked at pushing data using IHubContext.

A larger web projects would typically consist not only of front end web project, but would include additional class libraries and offload some of the heavy processing work to service or console apps. The common problem is then how do you update the front-end and signal the site that some work has been completed.

A crude way around this is to store a flag in your persistence and continuously poll the data whether the job has finished. This is grossly inefficient. SignalR offers a straightforward solution to exactly that problem. Using Hub proxies, you are able to push data all the way to the connected clients on the front-end.

Image Hub

In my example, I will use Win … more