Kerberos and load balancers

Kerberos is a ticket-based authentication protocol, which requires deep understanding to make it work properly. Information about setting it up is somehow scattered over the web, so it took me some time to find relevant reads. In my previous post I wrote about my initial experience with Kerberos and I want to share some more in this one.

Working in a load-balanced environment introduces (administrative) complexity to your system and Kerberos is no exception to this. In this post I will focus on setting your IIS (>= 7.0) correctly up to work with Kerberos in such scenarios. Continue Reading…

HttpWebRequest keeps timing out

It has already happened to me a couple of times and every time I forget what the issue was and how to solve it. That’s why I decided to write a short post about it, so hopefully next time I will remember. 🙂 The problem arises when making a few (independent) HTTP requests using C#’s

HttpWebRequest

1	HttpWebRequest

. At first it sounds like a very usual thing to do, but the mystical part of it is that the first few requests succeed and then at a certain point the others start timing out. You may be tempted to increase the

Timeout

Timeout

first, but you will soon understand that it does not solve the problem. Continue Reading…

Double confirm identity with ASP.NET Identity

ASP.NET Identity brings the authentication and authorization to a new level. Based on the OWIN middleware, one can plug & play different authentication and authorization providers, f.x. OAuth, OpenID, simple forms authentication. The beauty of the new identity model is that it provides a unified interface to work with. One can write her own log-in providers that still rely on the same unified interface.

Besides the typical scenarios where a user logs in with her username and password, or Twitter/Facebook/Google, or maybe a two factor log-in with SMS/e-mail confirmation, there is another interesting one. In some cases you would want to enable users to log in with simple forms authentication to access a basic area of functionality, f.x. just reading data. On the contrary you would want to protect other areas of the web site where the user can edit sensitive information, f.x. his password. In this case you may want to require that the user logs in again – either with the same provider or with another one.

To solve this issue I decided to write a simple extension for ASP.NET Identity, which I called Double confirm identity. It provides a set of utility methods you can use to achieve the described scenario.

Extending MEF

In the last days of 2010 Mark Seemann announced a Christmas challenge concerning MEF. MEF uses attributes to export objects and inject them later where needed. The challenge was to find a way how to export objects and inject them in constructors without using attributes. Personally I don’t have much experience with MEF because I have mostly worked with other DI containers like autofac and Ninject. I like puzzles like this so I started experimenting. The first thought I had when I saw the chanllenge was about fluent MEF. I knew there was already such a project but I didn’t know its progress. So I started investigating MEF’s extensibility points.

MEF offers a few ways for extensibility. Each of them has its pros and cons so you have to decide which one fits best in your solution. Continue Reading…

protected internal exposed

.NET gives developers a lot of freedom. In every version new features are added to ease them in their daily work. One of the simplest things that have existed since the first versions of .NET framework are access modifiers. Using them one sets the access to a specific class/method. Public, private, protected… all are standard modifiers. If you have experience with an object-oriented language you must know them by heart. .NET provides another modifier – internal. It allows access to a method only in the parent assembly (the one the corresponding class resides in). Continue Reading…

Boyan Mihaylov