asp.net

dotNetConfPL – online conference for .NET developers

Together with Michal Franc and Pawel Sawicz we are organizing online conference for .NET Developers: dotNetConfPL. It will take place on October 12 (3pm-10pm UTC+2), on the Internet! We have many great speakers and hot sessions.

Attendees will be able to ask questions through dotNetConfPL2013 room on JabbR.

Today, we have over 500 registered users! Additionally, during the conference we will give away 6 ReSharper licenses (thank you JetBrains).

Registration is not obligatory, but only registered users will have chance to win ReSharper licenses.

See you there!


OWIN and Katana – what’s the big deal?

OWIN stands for The Open Web Interface for .NET. It is a standard for communication between .NET web servers and web applications. It defines required elements for HTTP request (details). It is inspired by Rack from Ruby on Rails World. Katana is implementation of this standard. We can say that it is a lightweight web server for .NET. In fact, it is more than that (more info here).

Demo

First, we need to create application project. Let’s create ‘Empty Web Application’ (it might be also Console App).

OWIN - empty Project

Next, we will install two NuGet packages (using Package Manager Console):

Install-Package Microsoft.Owin.Host.SystemWeb

Install-Package Owin.Extensions

Then, we need to create ‘Startup class’.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using Owin;

namespace OwinDemo
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseHandlerAsync((req, res) =>
            {
                res.ContentType = "text/plain";
                return res.WriteAsync("Hello Katana!");
            });
        }
    }
}

Now we are ready to run our web server, but you may get following error:

OWIN - error

Fortunately there is easy fix for that. You need to modify Web.config file, adding following code in configuration section:

<appSettings>
    <add key="owin:HandleAllRequests" value="true"/>
</appSettings>

Then you can run server (CTRL+F5) and you should see:

OWIN - Hello Katana

Summary

So, what is big deal? We have web server in 7 lines of code! We do not need IIS as only one, right choice.

Of course we can do much more sophisticated things. Such as routing, WebAPI or even SignalR. You can also debug it easily.

More info about OWIN and Katana on ASP.NET website: An Overview of Project Katana
There is also screencast on Channel9: The Katana Project – OWIN for ASP.NET (it shows e.g. how to use WebAPI from 35:40).
Here is very nice article how to use SignalR with Katana.

Katana is Open Source and available on CodePlex.


Sign in with facebook (OAuth): how to and threats

Many websites provide possibility to authorize with OAuth protocol (e.g. using facebook account).

How to

In ASP.NET application it is very easy to implement. Check this 3 minutes long screencast by Scott Hanselman.

In Rails it is a little bit more complex, but also not big deal. There is nice Rails cast #360 about it (12 minutes).

Threats

However it is good to know what data we are providing when we click ‘Login with facebook’. I implemented facebook auth with omniauth-facebook library (according to above rails cast). I was surprised when I look at the source code.

This is auth data available for developer, when we sign in with facebook:

{
  :provider => 'facebook',
  :uid => '1234567',
  :info => {
    :nickname => 'jbloggs',
    :email => '[email protected]',
    :name => 'Joe Bloggs',
    :first_name => 'Joe',
    :last_name => 'Bloggs',
    :image => 'http://graph.facebook.com/1234567/picture?type=square',
    :urls => { :Facebook => 'http://www.facebook.com/jbloggs' },
    :location => 'Palo Alto, California',
    :verified => true
  },
  :credentials => {
    :token => 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
    :expires_at => 1321747205, # when the access token expires (it always will)
    :expires => true # this will always be true
  },
  :extra => {
    :raw_info => {
      :id => '1234567',
      :name => 'Joe Bloggs',
      :first_name => 'Joe',
      :last_name => 'Bloggs',
      :link => 'http://www.facebook.com/jbloggs',
      :username => 'jbloggs',
      :location => { :id => '123456789', :name => 'Palo Alto, California' },
      :gender => 'male',
      :email => '[email protected]',
      :timezone => -8,
      :locale => 'en_US',
      :verified => true,
      :updated_time => '2011-11-11T06:21:03+0000'
    }
  }
}

We provide our email(!), timezone and even location! Actually I was not aware of that. I thought facebook provides just basic info like name and photo.

We should think twice before we sign in to some website with OAuth. Especially due to providing our email address. Malicious websites can use it for sending spam.


Build 2013

June was a month of conferences for .NET developers! We had Tech Ed North America, Norwegian Developers Conference, Tech Ed Europe and bunch more, but the biggest one was Microsoft Build Developer Conference.

All videos are live and available for free on Channel 9. Both Keynotes are worth to see, but for .NET people second day’s keynote would be more interesting. I also recommend Scott Hanselman‘s session What’s New in ASP.NET and Visual Studio 2013. Scott shows lots of nice new features like:

  • One ASP.NET
  • Bootstrap as default template in ASP.NET project
  • Multiple default browsers in Visual Studio
  • Real-Time website refreshing between Visual Studio and Browser (without page reloading)
  • New ninja snippets
  • and much, much more

There is also very solid session Introduction to Node.js on Windows Azure by Tomasz Janczuk. I really enjoyed this session. Tomasz shows Node.js basics, and how to it on Windows Azure in very simple and clear way.

Third must see (if you are .NET dev) is Visual Studio 2013 for Web Developers: Deep Dive by Mads Kristensen. Mads shows hot new features in VS editors (HTML, CSS, JavaScript) and WebEssentials add-on.

Other interesting stuff:


Tech Ed North America 2013

In June 3 – 6, there was Tech Ed North America conference in New Orleans. The videos are available on channel9. I have watched a few very good sessions, and I can recommend you especially 5 of them.

Live Demonstration: Hacker Tools You Should Know and Worry About (Hasain Alshakarti and Marcus Murray)

This is my favourite session. You can learn about various security tools. They show things we should be aware of.

APTs: Cybercrime, Cyber Attacks, Warfare and Threats Exposed (Hasain Alshakarti and Marcus Murray)

Another session. Now in enterprise point of view. They discussed techniques how companies are getting hacked.

Adventures in Underland: What Passwords Do When No One Is Watching (Paula Januszkiewicz)

This session shows that our passwords are not 100% secure when stored in Windows.

Hackers (Not) Halted (Paula Januszkiewicz)

Session about most common mistakes, which can be used to hack you.

Microsoft ASP.NET, Web, and Cloud Tools Preview (Damian Edwards)

General overview and new enchancements of Web Tools and Features in .NET.

There was NDC conference in Oslo, in last week (June 12-14), but Videos are not available yet. The next big thing is build 2013 in San Francisco, June 26 – 28.