Renaming Kentor.AuthServices Nuget packages to Sustainsys.Saml2

Last year I left Kentor for new adventures as an independent consultant. I got the Kentor.AuthServices project with me, but of course need to rename it as it is not associated with Kentor any more. So how does one rename a library and nuget packges with 100k+ downloads and users all over the world? Simply releasing new versions under the new Sustainsys.Saml2 name will leave a lot of users stale on the last version with the old name. So what I did was to release dummy packages that kicks off the migration process.

The last release with functionality in the Kentor.AuthServices name was 0.22.0. I then did a huge renaming operation and published new packages named Sustainsys.Saml2 with version 0.23. Finally I published dummy Kentor.AuthServices 0.23 packages that brings in the Sustainsys.Saml2 0.23 packages and shows a readme with migration instructions.

Using ADFS with Azure API Management

Azure API Management is an API gateway that can be used to publish APIs to the Internet. It provides features such as per-developer API keys, request throttling and request authentication. One of the way requests can be authenticated is through standard OAuth2 bearer tokens. I assume that the most common scenario is to use Azure AD to issue those tokens. But if an organisation is not that cloud enabled yet and the users are in an on prem AD, the natural token issuer is to use ADFS. And ADFS on Windows Server 2016 supports OpenID Connect, so it should work, right?

Well, it turns out it didn’t just work. The OpenID Connect implementation in ADFS has some quirks that need to be handled. In the end it worked, but with some limitations.

Regaining Access to Azure VM with Expired Password

Lately I’ve been doing some experiments with Active Directory and of course I’m running my lab environment in Azure. It works great, until after 42 days the password of the one and only user account (mine) in the domain expires. Azure only provides remote desktop access to virtual machines, and in a default setup it’s impossible to change the password over rdp once the password has expired.

In all modern incarnations of remote desktop, the user authentication is done during the connection phase. This is called NLA: Network Level Authentication. It means the user name and password is entered in the Rdp client, as part of the connection setup. Not like in the old days where the remote desktop would show up and present the same user name and password prompt as if one were actually sitting at the physical console. In the old days, the remote server could show a password expired message and force a password reset before the logon was accepted. With NLA, that just doesn’t work. So what we need to do is to disable NLA, without logging on to the remote machine.

Expression Bodied vs. Auto Read-Only Properties

C#6 brought some nice short-hand ways of handling properties. I really like them, because they take away much boilerplate code. But as with all new tools, it’s easy to use them wrongly until they are familiar.

These are two attempts to declare a readonly property that preserves the time stamp of when the object was created. They look similar, but only one of them is right.

class SomeClass
{
  public DateTime CreationTimeA => DateTime.UtcNow;
  public DateTime CreationTimeB { get; } = DateTime.UtcNow;
}

Going Independent

After more than 8 years at Kentor the time as come to move on. I’m leaving Kentor and starting my own business. I will continue to work with identity and access management, especially SAML2 on .NET. I will do consulting, open source development and training, both on site and remotely. The Kentor.AuthServices project will be transferred to my new company, Sustainsys

Software Development is a Job – Coding is a Passion

I'm Anders Abel, an independent systems architect and developer in Stockholm, Sweden.

profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers

Code for most posts is available on my GitHub account.

Popular Posts

Archives

Series

Powered by WordPress with the Passion for Coding theme.