13334048894_001d3e53d1_b

HowTo: Create Self-Signed Certificates with PowerShell

This is a short post about how to create Self-Signed certificates with the New-SelfSignedCertificate  PowerShell module.  More specifically, this post will cover creating your own Root Certificate, exporting public and PFX certificates, creating certificates signed by your root certificate authority.  Historically you would do this using the old-trusty makecert.exe, but nowadays we can do it straight from powershell! (oh joy!)

Continue reading

Solved: Identity Server v3 and ‘Invalid provider type specified’ CngKey private key errors

In the scenario described in this post, you have encountered an error in your log that says the following:

Signing certificate has not private key or private key is not accessible. Make sure the account running your application has access to the private key

TL;DR; See how to convert your certificate key from CNG to RSA

Or maybe your haven’t seen this error message but have encountered an issue with Identity Server signing it tokens.  If this is the case, I would highly recommend you stop and enable logging before you go any further, restart your application and check your logs for the error message above.  Logging is key, we need to see what is going on in order to know how to fix it! Jump ahead to Enabling Logging in Identity Server V3 then come back to find out what the error is all about.

Continue reading

Office 2016 Logos

Fix: Blurred text in Office 2016 (Skype for Business 2016)

Example of blurred text in Skype for Business UI

Just a heads up.  If after you install Office 2016 you discover that the Skype For Business UI displays with horrendous burred font and scaling issues, then I may have a fix for you.

The fix is rather simple…

  1. Switch to Outlook
  2. Go to File > Options > Advanced > and Turn off hardware acceleration
  3. Restart Skype for Business 2016

…and your problem should be solved.

DC

HowTo: Clear Nuget cache on a build server

nuget cache clear
teamcity512

Do you need to clear the Nuget cache on a build server which runs as a windows service?
Simply navigate to the nuget cache store which is located in the temp directory for the system service accounts.

Alternatively, you could tell nuget to bypass the nuget cache altogether when it installs packages by using the -nocache option in your install statement

image_thumb.png

HowTo: Use self-signed certificates during Windows Apps development (no code required)

 

TL;DR; My solution was to save my self signed certificate in DER format, sticking it on a local IIS site, loading the URL to the certificate in my mobile emulator, opening the file (when prompted) and installing the certificate.  Having done this, my mobile now trusts that certificate and I am free to play to my hearts content over HTTPS.

Continue reading

HowTo: Auto synchronise files upon network connection (Windows)

TestLab.grid-6x2There are times where we need to work away from the office network and the safety of backup infrastructure.  What would be nice is to automatically synchronise files on my laptop whenever I connect to the office network.

Working locally on laptops, it should go without saying, carries a danger of loosing data either through “Doh!” moments or through hardware failure (travelling can indeed be hard on the little grey rectangular friends of ours) so we need a solution that provides some safety to our data – preferably without us having to remember to do anything.  Holding back the urge to write something bespoke for once I looked at what I already have my dispersal –  GIT, RoboCopy and Task Scheduler to the rescue – Let’s start auto synchronising our files upon connecting to a given network

Continue reading

Designing with Animation

Presentation by Pasquale D’Silva http://psql.me/

We’re in the future, and interfaces are falling behind the curve. Software should feel as responsive and human as the people interacting with it. Design should respond and react with vitality. Too much design is created with an old, static web mentality, and not pushing the new mediums we have to design for. What is it like building interfaces with an animated foundation? Why is it better? This will be an adventure into the magical cosmos of animation. Cartoons, Anvils, Jokes, Jokes people might not get, Dynamite, Stage Dives!

Referenced Article – Transitional Interfaces on Medium

How do I edit my GitHub Wiki locally and include relative images?

This post sets out to describe how to edit a GitHub wiki on your computer as an alternative to editing directly within the GitHub web UI.

Cloning the GitHub Wiki to your computer

The wiki content is unsurprisingly stored within a Git repository and GitHub give you direct access to this repository which can enable you to edit the content locally on your computer. First though we need to clone the git repository to our computer.

  • From your repository homepage on GitHub, click the Wiki link on the right hand side Wiki link example
  • If you already have content in your wiki, Click the Clone URL button.

image

  • If you have yet to create a page on your wiki you only see the green New Page button. Simply click New Page, set a page title (for example Home) and put some filler blurb content in the page body. Hit Save, and the Clone URL button should appear.

Hitting the Clone URL button will copy the git url for your wiki repository into your clipboard.

  • Now, go to your favourite git client and clone the repository to your computer.

Editing your wiki content efficiently (Windows)

GitHub wiki content can be written in a number of different markup languages. My preference is markdown.

For this I use an awesome editor (if I do say so myself) called MarkPad which was one of the projects we worked on as part of the Code52 effort.

MarkPad is available for windows desktop (download) as well as a windows store app (install from Windows Store) – the source is also available for all if you want to have a poke about.

Sidenote: MarkPad is open source and as such is open to contributions from anyone. We are very open to community contributions so if you use it and think of a way to make it even better then please do get in touch via GitHub issues.

Instructions on how to write Markdown is out of the scope of this article but anyone familiar with editors such as MSWord will pick up thinks pretty quickly.

Ok, so one of the best life-hacks (read: makes your life simple) offered by MarkPad is its handling of images. You can of course construct links to images on the web in markdown but what is extra handy is that MarkPad can also generate image files on the fly from your clipboard.

Simply take a screenshot using something like Shotty (copy to clipboard) or Cropper (set output to clipboard)  and Paste (<ctrl>+v) the contents of your clipboard. MarkPad will automatically generate an image file appropriately named for where you pasted within your document (in relation to the closest header) and link to it in markdown. Very cool, very easy.

Note: When linking to images in markdown that have paths relative to the wiki page be sure to use  “\” as the path separator and not “/”

Push your changes to GitHub

Commit your changes, making sure to include (add) any new content and/or images generated then just perform a GIT push to submit your changes to github. Your changes will be visible on the wiki immediately – go marvel in their splendour.

Glimpse for DotNetOpenAuth 1.3

Finally I got a chance tonight to update my DotNetOpenAuth extension for Glimpse. I’ve pushed the update out to Nuget so go ahead and update now.

 

What does it do?

This extension attaches to the internal logging of DotNetOpenAuth and provides you with a view directly within your browser.

Example of Glimpse for DotNetOpenAuth

The source code and test MVC4 web app have been published to GitHub here

https://github.com/DavidChristiansen/DNOA4Glimpse

Glimpse

The guys at Glimpse have put some really amazing work into Glimpse as of late. Check it out if you haven’t already http://getglimpse.com

openid_connect

How simple is a OpenID Connect Basic client? (C#)

John Bradley has just posted a great entry demonstrating how simple life is going to be for a Relying Party when it comes to OpenID Connect. I highly recommend you go and read it.

OpenID Connect provides a lot of advanced facilities to fulfill many additional features requested by the member community. It is full of features that go beyond basic Authentication. However, that does not mean that it cannot be used for the simple case for “Just Authentication”.

The sample code in John’s post is in PHP so I thought I would quickly provide the same samples in C#. here we go.

Making an OpenID Connect request

In order for the client to make an OpenID Connect request, it needs to have the following information about the server:

  • client identifier – An unique identifier issued to the client (RP) to identify itself to the authorization server. (e.g. 3214244)
  • client secret – A shared secret established between the authorization server and client used for signing requests.
  • end-user authorization endpoint – The authorization server’s HTTP endpoint capable of authenticating the end-user and obtaining authorization. (e.g., https://server.example.com/authorize )
  • token endpoint – The authorization server’s HTTP endpoint capable of issuing access tokens.

In the simplest cases, this information is obtained by the client developer, having read the server’s documentation and pre-registered their application. Then, for a bear bone authentication request you would put a link like this in the HTML page:

The user initiates login by clicking on the “Login with Example.com” link, and is taken to the server where she is asked username/password etc. if she is not logged into example.com yet. Once she agrees to login to  the RP, the browser is redirected back to the call back URL at the RP by 302 redirect. The PHP Server side code may look like:

Note: state is the parameter that is used to protect against XSRF.  It binds the request to the browser session.  It is recommended but not required in OAuth and has been omitted to make the example static. That should be simple enough?

Calling the Token endpoint to get id_token

Now that the RP has the ‘code’, you need to get the id_token from the token endpoint. The id_token is the user login information assertion.  What do you do? Just GET it with HTTP Basic Auth using client_id, client_secret, and the code you got in the first step. Using C#, it would look like:

The result, responseJson, will contain a JSON like this (line wraps for display purposes only):

For simple authentication we will ignore “access_token”, “token_type” etc. What you only care about is the “id_token”. “id_token” is encoded in a format called  JSON Web Token (JWT). JWT is the concatenation of “header”, “body”, “signature” by periods (.). Since you are getting this directly through TLS protected channel that is verifying the identity of the server certificate, you do not need to check the signature for integrity, so you just take out the second portion of it and base64url_decode it to get the information out of the id_token. So in c# you may do something like:

The resulting assertion, id_body in the above example,  about the user (after pretty formatting)  is:

“iss” is showing the issuer of this token, in this case, the server.example.com. The issuer must match the expected issuer for the token endpoint, if it is different you must reject the token. the ‘iss” is the name space of the  user_id, which is unique within the issuer and never reassigned. When the client stores the user identifier, it MUST store the tuple of the  user_id and iss. “aud” stands for “audience” and it shows who is the audience of this token. In this case, it is the RP’s client_id. If it is different, you must reject the token. “iat” stands for the time the token was issued.  This can be ignored in this flow as the client is talking directly to the token endpoint. “exp” is the expiry time of the token. If the current time is after “exp”, e.g., in PHP, if  $exp < time();  the RP should reject the token as well. So, that is it. Now you know who is the user, i.e., you have authenticated the user. All of the above in the form of code would be:

— Once again, be sure to go read John’s post (http://www.thread-safe.com/2012/07/how-simple-is-openid-connect-basic.html)