C#6 brought some nice short-hand ways of handling properties. I really like them, because they take away much boilerplate code. But as with all new tools, it’s easy to use them wrongly until they are familiar. These are two attempts to declare a readonly property that preserves the time stamp of when the object was… Continue reading Expression Bodied vs. Auto Read-Only Properties
Going Independent
After more than 8 years at Kentor the time as come to move on. I’m leaving Kentor and starting my own business. I will continue to work with identity and access management, especially SAML2 on .NET. I will do consulting, open source development and training, both on site and remotely. The Kentor.AuthServices project will be… Continue reading Going Independent
Kentor.AuthServices 0.21.2 Security Release
Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues. XML External Entity Injection (affecting .NET 4.5 only) Malicious IdP can cause write to arbitrary file Flawed ReturnUrl validation leads to Open Redirect The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign.… Continue reading Kentor.AuthServices 0.21.2 Security Release
When Code Coverage Betrayed Me
I’m a fan of code coverage as a way to ensure that there are covering tests. One area that I tend to rely heavily on Code Coverage for is to catch any tests that are no longer working correctly due to changes in the production code. That often works out well, but today I got… Continue reading When Code Coverage Betrayed Me
Kentor.AuthServices v0.20.0 Released
Half a years worth of pull requests with great features have finally been baked into an official release of Kentor.AuthServices which is now available on Nuget. The most important fixes are improved active/passive handling for the Owin middleware and full support for SHA256/384/512 as it is time to leave SHA1. First of all I would… Continue reading Kentor.AuthServices v0.20.0 Released