Object oriented design is all about encapsulation. A class provides methods to manipulate its data and only allows manipulation that keeps the objects’ state correct. That works fine in theory, but in real life objects need to be loaded/materialized from a database and this usually means that property setters must be public. But not with Entity Framework Core! Entity Framework Core uses some reflection magic to access the behind the scenes private properties. So it is now possible to write “real” object oriented entities and persist them to the database.

Adding a normal entity class, without any considerations taken to persistence works perfectly well with EF Core.

public class MyEntity
{
  public MyEntity(string name)
  {
    Name = name;
  }
 
  public int Id { get; private set; }
  public string Name { get; private set; }
 
  public void Rename(string newName)
  {
    Name = newName;
  }
}

• Continue Reading →

Writing line of business applications usually means creating a lot of forms for data entry. Writing the HTML for them over and over again is tedious and also means copy-pasting the layout structure into every single form. Copy-pasting works fine as long as we one is happy with the design, but when it needs to be altered (beyond what’s possible by CSS), all forms in the application need to change. To remedy this, I created a form-entry tag helper. Now creating an entry for a field in a form is as simple as <form-entry asp-for="LocationName" />.

Using the default scaffolding in Visual Studio, I would get a form that repeats the same pattern over and over again, for each property of the view model.

<form asp-action="Create">
    <div asp-validation-summary="ModelOnly" class="text-danger"></div>
    <div class="form-group">
        <label asp-for="Name" class="control-label"></label>
        <input asp-for="Name" class="form-control" />
        <span asp-validation-for="Name" class="text-danger"></span>
    </div>
    <div class="form-group">
        <label asp-for="Address" class="control-label"></label>
        <input asp-for="Address" class="form-control" />
        <span asp-validation-for="Address" class="text-danger"></span>
    </div>
    <div class="form-group">
        <label asp-for="City" class="control-label"></label>
        <input asp-for="City" class="form-control" />
        <span asp-validation-for="City" class="text-danger"></span>
    </div>
    <div class="form-group">
      <input type="submit" value="Create" class="btn btn-default" />
    </div>
</form>

Using my form-entry tag helper, the code required is substantially less.

<form asp-action="Create">
    <div asp-validation-summary="ModelOnly" class="text-danger"></div>
    <form-entry asp-for="Name" />
    <form-entry asp-for="Address" />
    <form-entry asp-for="City" />
    <div class="form-group">
        <input type="submit" value="Create" class="btn btn-default"/>
    </div>
</form>

• Continue Reading →

Last year I left Kentor for new adventures as an independent consultant. I got the Kentor.AuthServices project with me, but of course need to rename it as it is not associated with Kentor any more. So how does one rename a library and nuget packges with 100k+ downloads and users all over the world? Simply releasing new versions under the new Sustainsys.Saml2 name will leave a lot of users stale on the last version with the old name. So what I did was to release dummy packages that kicks off the migration process.

The last release with functionality in the Kentor.AuthServices name was 0.22.0. I then did a huge renaming operation and published new packages named Sustainsys.Saml2 with version 0.23. Finally I published dummy Kentor.AuthServices 0.23 packages that brings in the Sustainsys.Saml2 0.23 packages and shows a readme with migration instructions.

• Continue Reading →

Azure API Management is an API gateway that can be used to publish APIs to the Internet. It provides features such as per-developer API keys, request throttling and request authentication. One of the way requests can be authenticated is through standard OAuth2 bearer tokens. I assume that the most common scenario is to use Azure AD to issue those tokens. But if an organisation is not that cloud enabled yet and the users are in an on prem AD, the natural token issuer is to use ADFS. And ADFS on Windows Server 2016 supports OpenID Connect, so it should work, right?

Well, it turns out it didn’t just work. The OpenID Connect implementation in ADFS has some quirks that need to be handled. In the end it worked, but with some limitations.

• Continue Reading →

Lately I’ve been doing some experiments with Active Directory and of course I’m running my lab environment in Azure. It works great, until after 42 days the password of the one and only user account (mine) in the domain expires. Azure only provides remote desktop access to virtual machines, and in a default setup it’s impossible to change the password over rdp once the password has expired.

In all modern incarnations of remote desktop, the user authentication is done during the connection phase. This is called NLA: Network Level Authentication. It means the user name and password is entered in the Rdp client, as part of the connection setup. Not like in the old days where the remote desktop would show up and present the same user name and password prompt as if one were actually sitting at the physical console. In the old days, the remote server could show a password expired message and force a password reset before the logon was accepted. With NLA, that just doesn’t work. So what we need to do is to disable NLA, without logging on to the remote machine.

• Continue Reading →