Authentication and Authorization in ASP.NET Core

Common vulnerabilities in software

• Cross-site scripting attacks
• SQL Injection
• Cross-Site request forgery
• Open redirect attacks

Authenticiation

ASP.NET Core Identity is a membership system that adds login functionality to ASP.NET Core apps. External login providers are also supported. (Read the article) Identity is enabled by calling UseAuthentication() which adds authentication middleware to the request pipeline. (In ASP.NET Core 1.x this was UseIdentity() - See Migration Guide)

When signing out, SignOutAsync clears the user's claims stored in a cookie. You can also add custom user data to Identity. 

Read More

Software Architecture Design - Considerations

Image Credits  : Colour Box

Architecture of anything defines how well the thing is designed and how long it's going to last. Be it a a building, a car or anything the same rule applies. It is the same when it comes to a software architecture as well.

If the architecture of a software is designed well, it should be able to accommodate any or many of the requirements be it functional or non-functional, the stakeholders requests. Therefore when designing a good architecture, one should be very careful when laying the foundation.

Keep in mind the following non-functional requirements when you're designing the initial architecture of your application.

Scalability

High Scalability has many practical case studies. It is important to keep in mind how much scalable your application is going to be in coming milestones. Size of codebase also matters

• Scale up (Increase power of hardware)
• Scale out  (Increase no. of hardware)

Scalability of Django. This video demonstrate how Instagram scales.

Instagram has a caching(memcache) mechanism between database and the client. Whenever user is served it keeps it in the cache as well as update primary and secondary storage.

Read What is scalability for more information

Performance

This is a key fact when the application grows larger. This might not matter initially but it should be kept in mind as the application grows. Some considerations for performance are,

• Perceived performance (Fluent Conf 2017 - Video)  : Measure of How Quick a User Thinks Your Site Is. 
• If you look at some websites it first loads the content placeholders which is mainly html and then only loads the actual data which takes time
• Applicable for mobile apps as well. First loads the placeholder before loading data from server
• Bundle & minification : Reduces the size of files that needs to be downloaded
• Caching & content delivery networks
• Optimizing image usage

Web Performance: Leveraging the Metrics that Most Affect User Experience (Google I/O '17)

Re-usability

Make sure to design common things in such a way that they can be reusable.

Supportability

What devices is your application going to support in future? Can the architecture be designed in a way that it supports future requirements of new devices?

See - Azure Design Guideline

There are lot of other things which should be considered when designing an architecture. But most importantly,

"make sure to think through cost and the benefit for every decision you make."

Read More

Getting started with ASP.NET Core

ASP.NET Core is a complete redesign of ASP.NET framework. It is open source and cross platform. This can be run on .NET Core or full .NET framework.

Dependency injection in ASP.NET Core
By default ASP.NET Core supports dependency injection.

Read More