owin : setting up basic authentication

Setting up basic OAuth with OWIN is very simple using username/password flow.

Install nuget

Microsoft.Owin.Security.OAuth

Once you install it, you will need to do two things

  1. First, write a class which implement authentication logic
  2. Second, integrate that class with OWIN.

Implementing provider

Lets define a class which implements `OAuthAuthorizationServerProvider`

[sourcecode language=”csharp”]

public class SimpleAuthorizationProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Run(() => context.Validated());
}

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (context.Password != context.UserName)
{
context.SetError("invalid_password", "The user name or password is incorrect.");
return;
}
await Task.Run(() => context.Validated(new ClaimsIdentity(context.Options.AuthenticationType)));
}
}

[/sourcecode]

Integrate Provided

Now we need to configure OWIN to use OAUTH. so change the existing OwinConfiguration class to look like below

[sourcecode language=”csharp”]

public class OwinConfiguration
{
public void Configuration(IAppBuilder app)
{
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
Provider = new SimpleAuthorizationProvider()
});

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
Provider = new OAuthBearerAuthenticationProvider()
});
}
}

[/sourcecode]

Setting the authentication mode to active will help us in having `IPrincipal` set for web-api’s.

Testing

Owin provides its own testing framework as well. Please install nuget:

Microsoft.Owin.Testing

Once installed please add below tests and make sure that they passes.

[sourcecode language=”csharp”]

[TestFixture]
public class OwinTests
{
[Test]
public async Task Should_Authenticate_User()
{
using (var server = TestServer.Create<OwinConfiguration>())
{
var response = await server.CreateRequest("/token")
.And(x => x.Content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("username", "admin"),
new KeyValuePair<string, string>("password", "admin"),
new KeyValuePair<string, string>("grant_type", "password")
})).PostAsync();

response.IsSuccessStatusCode.Should().BeTrue();
response.StatusCode.Should().Be(HttpStatusCode.OK);
}
}

[Test]
public async Task Should_Fail_Authentication()
{
using (var server = TestServer.Create<OwinConfiguration>())
{
var response = await server.CreateRequest("/token")
.And(x => x.Content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("username", "admin"),
new KeyValuePair<string, string>("password", "wrong-password"),
new KeyValuePair<string, string>("grant_type", "password")
})).PostAsync();

response.IsSuccessStatusCode.Should().BeFalse();
response.StatusCode.Should().Be(HttpStatusCode.BadRequest);
}
}
}

[/sourcecode]

self-hosting webapi 2 using Owin/Topshelf

OWIN is an abstraction between .NET web servers and web applications. It decouples the application from the server, making it ideal for self-hosting. OWIN can serve as host for webapi, nancy or even as ftp server.

  • Host application in your own process, independent of IIS e.g. in a windows service.
  • Easily port application between hosts and potentially entire platforms/operating systems.
  • Reduces middle ware components, works as pipeline transparently.
  • Simple workflow due to pipelines, and improved efficiency due to reduce pipeline.

OWIN is a community-owned specification, not an implementation. The Katana project is Microsoft’s implementation of OWIN.

This tutorial shows how to host ASP.NET Web API in a console application, using OWIN to self-host the Web API framework.

Step 1 : Create a project and install Nugets

Create a project of type Console Application, to host our webapi using own. 
Install nugets
> Microsoft.AspNet.WebApi.OwinSelfHost
> Topshelf
We will use topshelf to host owin inside a windows service.

Step 2: Setup Webapi

Create HelloWorldApiController.cs

[sourcecode language=”csharp”]
public class HelloWorldApiController : ApiController
{
[HttpGet]
public string Get()
{
return "Hello World";
}
}
[/sourcecode]

Also register the controller with route provider, using

[sourcecode language=”csharp”]
public class WebApiConfig
{
public static HttpConfiguration Register()
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute("DefaultApi",
"api/{controller}/{id}",
new { id = RouteParameter.Optional });
return config;
}
}
[/sourcecode]

Step 3: Register the web application with Owin

To register webapi with owin, create a class OwinConfiguration.cs

[sourcecode language=”csharp”]
public class OwinConfiguration
{
public void Configuration(IAppBuilder app)
{
app.UseWebApi(WebApiConfig.Register());
}
}
[/sourcecode]

Step 4: Host owin inside windows service

Topshelf hosts OWIN as console application while debugging using visual studio.

To register OWIN with topself create below class

[sourcecode language=”csharp”]
public class HostingConfiguration : ServiceControl
{
private IDisposable _webApplication;

public bool Start(HostControl hostControl)
{
Trace.WriteLine("Starting the service");
_webApplication = WebApp.Start<OwinConfiguration>("http://localhost:8089");
return true;
}

public bool Stop(HostControl hostControl)
{
_webApplication.Dispose();
return true;
}
}
[/sourcecode]

Also change the main method as below
[sourcecode language=”csharp”]
public static int Main()
{
var exitCode = HostFactory.Run(x =>
{
x.Service<HostingConfiguration>();
x.RunAsLocalSystem();
x.SetDescription("Owin + Webapi as Windows service");
x.SetDisplayName("owin.webapi.test");
x.SetServiceName("owin.webapi.test");
});
return (int)exitCode;
}
[/sourcecode]

Step 5: Test

Vist the url http://localhost:8089/api/HelloWorldApi in your favorite browser to make sure it works.

Note: To install it as windows service using topshelf, start CMD as an administrator and run command `install` & `start` on the project.exe

Sql Server : Connection Timeout v/s Command Timeout

Sql server provides two types of timeouts, thought they look same there is a huge difference between then

  • Connection Timeout

Connection timeout is the number of seconds to wait n try to get a connection to sql server. Default is 15 seconds. You can modify it using connection string. Use property **Connection Timeout = 30;**

Read more about it here

 

  • Command Timeout

Command timeout is the number of second to wait for completion of query execution. The default is 30 seconds. You can set it using **.Timeout()** method in dbContext.

Read more about it here

 

Comments in Code

In an ideal code comments have no places.

  • They make code look ugly. Even makes it unreadable.
  • Too many comments makes it difficult to navigate code.
  • They almost always convey outdated information. With outdated information, they might become confusing.
  • One needs to read same code line twice. And the need to remember extra information while understanding the code.

Think, why should one write a comment? To tell certain information about

  • a particular line of code
  • about a block of code.

Can we express the same information via code.

  • One should name the variable appropriately.
  • Refactor a block of code in a separate method.

One more place where you will see comments is around the code which is no longer relevant. What should one do about such comments? JUST DELETE IT. Yes, just delete it. Version Control Systems remember it for you. Add if you want it work on it, just write TODO for it.

Happy Coding.

 

 

IIS AppDomain, Application Pool and Worker Process

There are 3 things involved when hosting an application in IIS.

App Domain

In a server you can have many asp.net sites that runs together. Each one site is an app domain.

App Pool

You must assign to each of them one application pool. Many AppDomains (sites) can have the same application pool, and because they have the same application pool they run under the same processes, and under the same account – and they have the same settings of the pool. If this pool restarts, then all sites under that pools restarts.

Worker Process

Now each pool can have one or more worker process. Each worker process is a different program that run’s your site, have their alone static variables, they different start stop calls etc. Different worker process are not communicate together, and the only way to exchange data is from common files or a common database. If you have more than one worker process and one of them make long time calculations, then the other can take care to handle the internet calls and show content.

Resharper not running unit tests

I had an issue with ReSharper where it was running my unit tests sometimes and not always. I am using Resharper 9 and VS2013. It was working fine, but suddenly stopped. ReSharper’s unit test window stayed grey, the spinning icon endlessly.

Tried things like restarting Visual Studio, rebuilding solution, running Visual Studio in administration mode and even restarting my computer but I was still not closer to getting my unit tests running.

Eventually I cleared ReSharper cache using ReSharper’s options (Resharper > Options > Environment > General > Clear Cache), and after clearing ReSharper’s cache and restarting Visual Studio I was able to run my unit tests once again.