Tuesday, March 5, 2019

Integrate Google Oauth 2.O OpenId without Owin in sitecore asp.net mvc

Introduction:

I've sitecore 8.2.1 and content delivery web app is integrated with form based authentication. I enabled third party google login using OAuth2.0 open id without using .net OWIN or Sitecore OWIN setup. 
I just keep the whole flow simple with very minimal impact to the overall architecture. Made solution easy to decouple in future or reuse it across the different project.

The below problem statement is addressed while implementing this solution
  • Handle Session timeout for form based users and google logged in users differently
  • Handle log-off so that user is redirected to specific login page.
  • Handle CSRF Cross side anitorgery token using State property of api call.

Let's get started

I assume one understand to enable google oauth using developer console and well verse with the whole steps of how google oauth and api is enabled for us to proceed. If not I recommend to go through this using below links

It is two step implementation

  1. Create a separate login screen or existing screen for that matter. Assume there is a button say google login in it. On click of it , it will initiate google login screen and consent form etc.Google returns Authorization code.
  2. When user select his/her google account and give consent user is redirected to respective home or landing page. In this part access token is received based on Authorization code. Custom authorization can be checked against custom application database and accordingly user will be redirect to landing page. Mind it. The first redirection url is registered with google that is where we will write our login in controller action. 

Initiate Google Login process


Key take away

In order to work through different login mechanism the only way to handle session and log-off is to set a application level state flag.
Set something at very beginning of login initialization

HttpContext.Application.Add("google_logged_in_users"true);



Also very important once we get google access token and we verify google users to have access to our system. It is important to check @if (User.Identity.IsAuthenticated)


please note above code is just for reference and it is draft version. You can refine and refactor as per your needs.

Reference:



Wednesday, November 28, 2018

Collection constructor with collection initialzer

You can pass anything that is a valid constructor parameter. For example, List permits construction from any enumerable, so you can do this:

this combination notation is useful if you want to clone an existing collection and then make some tweaks to it.

Wednesday, November 14, 2018

Real world Use Case Linq Aggregation

Problem statement

We want to process numbers and categorized them into categories. This could be any data and we want to classify them based on requirement. Just to create small proof of concepts here is the sequence of numbers and idea is to classify them into even, odds and so on.

Solution Statement

Linq Aggregate with Union to show them all.

Class Diagram


Implementation Details

Number Class


Enum NumberType 

NumberGroup Classes




INumberGroup



NumberFilter Class



Main Calling Function
This is it!





Wednesday, September 19, 2018

OneNote Immersive reader Microsoft learning tool

It is one of the amazing tool or add ins for OneNote users. This is very helpful for students and content author to proof reads or improve their language skills.

Long Story short.

Install this plug-ins free of charge if you are OneNote user.

https://www.onenote.com/learningtools


Thursday, May 17, 2018

Azure AppInsight Custom Logs Alerts at very granular level with queries

Introduction

An alert service has become more powerful day by day due to advent of Azure AppInsight. Microsoft is actually listening to developer and support/operation  aka (devops) team very closely. Now we can get alert at very granular level. Whenever you performance test or UAT testing it is good to enable sitecore logs trigger straight into your mail box or into slack or any web hooks. It is easy done. I keep this demonstration simple . I injected simple trace sitecore logs query which will be triggered every 10 mins if error count greater than 1.

Open your Applnsight blade, look for Alert and add new alert . Below screenshot is self explanatory.

Cool part about it you can add any level of AppInsight Analytics query in it. It is very flexible.

E.g
traces
| where message contains "ERROR"






Monday, April 9, 2018

Custom Attribute ValidateApplicationPermission 403 Access Denied Leak and MVC filters

This is always the case when we write some custom filter without being understanding the sequence which we should be using.

One classic example is to handle custom Unauthorized Access for application permissions at Controller Action level. Say if it user has authorization of application but some of the permission is not allowed and still it executes controller-action then it is a serious issue.

[Authorize]
SomeController
{
      [ValidateApplicationPermission]
      SomeAction
    {

    }
}

Problem Definition: 

ValidateApplicationPermission results into 403 access denied leak. It captures access denied and tries to redirect however it is redirecting with executing existing action filter which it should not suppose to be.

For. Eg
Using something like this, here we are trying to use filterContext with HttpContext
filterContext.HttpContext.Server.TransferRequest(Entities.Constants.Entities.Content.Something.Home._403.Path
                            .GetSitecoreItemUrlPath());  

Solution

Use filterContext with its Result, obey filters and its context.
filterContext.Result = new RedirectResult(Entities.Constants.Entities.Content.Something.Home._403.Path.GetSitecoreItemUrlPath());


Implementation Code Base

Wednesday, April 4, 2018

Awesome-ness of AppInsight Analytics and Failure Preview

The Microsoft Azure AppInsight has made so much easy for us to trace the request execution sequence for any exception traces. You can actually see how the request has been executed for given exception. This way it is very easy to troubleshoot and fine actual root cause of the problem.

Check out for following stuff in Azure AppInsight

  • Failure (Preview)- New feature within AppInsight
  • Operation Id- Locate operation id for any specific exception
  • Open up AppInsight Anaytics query analyzer to view the sequence trace leading to an exception.

 Failure (Preview) Blade

  • Lookup for Count(Failed) vs total request
  • Top 3 Response Codes
  • Top 3 Exception Types
  • Last 24 hours or custom date filter. Slide through graph date statistics. Awesome-ness
  • Operations vs Dependencies vs Exceptions tabs
  • Nevertheless View in Analytics 

Suggested- Click on one of the exception to view Operation ID and from this operation id you get all trails and missing piece of an issue.




End to End transactions