In a recent project using Azure, SSL worked perfectly on all devices – but those running Android 2.X. It turned out that legacy Android has limited support for modern SSL/TLS features such as SNI and subject alternative name. Getting TLS configuration right nowadays can be quite tricky. Google Chrome is aggressively pushing for deprecation of… Continue reading TLS on Azure with Legacy Android
Category: Web
Secure Account Activation with ASP.NET Identity
Distribution of credentials to new users of a system is often done in an insecure way, with passwords being sent over unsecure e-mail. With ASP.NET Identity, the password recovery functionality can be used to create a secure account activation mechanism. The scenario for ASP.NET Identity, in the default MVC template is to let users self… Continue reading Secure Account Activation with ASP.NET Identity
Pickup Mail Viewer
This is a guest post by Albin Sunnanbo introducing a great hack to work with mails in test environments. If you have a .NET application that sends emails, this is probably something for you. TL;DR; PickupMailViewer is a simple web viewer for emails saved by the specifiedPickupDirectory SMTP setting in a .NET application. Download the… Continue reading Pickup Mail Viewer
Catching the System.Web/Owin Cookie Monster
Cookies set through the Owin API sometimes mysteriously disappear. The problem is that deep within System.Web, there has been a cookie monster sleeping since the dawn of time (well, at least since .NET and System.Web was released). The monster has been sleeping for all this time, but now, with the new times arriving with Owin,… Continue reading Catching the System.Web/Owin Cookie Monster
Using Owin External Login without ASP.NET Identity
ASP.NET MVC5 has excellent support for external social login providers (Google, Facebook, Twitter) integrating with the ASP.NET Identity system. But what if we want to use external logins directly without going through ASP.NET Identity? Using external logins together with ASP.NET Identity is very simple to get started with, but it requires all users to register… Continue reading Using Owin External Login without ASP.NET Identity