A form-entry Tag Helper

Writing line of business applications usually means creating a lot of forms for data entry. Writing the HTML for them over and over again is tedious and also means copy-pasting the layout structure into every single form. Copy-pasting works fine as long as we one is happy with the design, but when it needs to… Continue reading A form-entry Tag Helper

Kentor.AuthServices 0.21.2 Security Release

Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues. XML External Entity Injection (affecting .NET 4.5 only) Malicious IdP can cause write to arbitrary file Flawed ReturnUrl validation leads to Open Redirect The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign.… Continue reading Kentor.AuthServices 0.21.2 Security Release

Kentor.AuthServices 0.18.1 Breaking Changes

Today we released Kentor.AuthServices 0.18.1. It contains a number of bug fixes, but also a couple of breaking changes to a mostly internal API and logout handling. You are affected if… you build a HttpRequestData yourself, instead of using a build in ToHttpRequestData() extension method. you are using Single Logout and… you have a ClaimsAuthenticationManager… Continue reading Kentor.AuthServices 0.18.1 Breaking Changes

TLS on Azure with Legacy Android

In a recent project using Azure, SSL worked perfectly on all devices – but those running Android 2.X. It turned out that legacy Android has limited support for modern SSL/TLS features such as SNI and subject alternative name. Getting TLS configuration right nowadays can be quite tricky. Google Chrome is aggressively pushing for deprecation of… Continue reading TLS on Azure with Legacy Android