Site Moved, Updated, and Just Better

Leave a reply

If you frequent my blog, and I know that not too many people do just yet, you’ll notice that I’ve changed things up a bit.  I’ve moved from my old provider to Azure and WordPress to make my life a bit easier in managing things.

I’ve spoken for a while on how great Azure is, and decided to put my website where my mouth is.  This is a bit of a new experience for me, as I have never managed a WordPress site before.

Bear with me as I learn how to get things running at scale on Azure with WordPress.  I hope to be a quick learner.  If not, well… you’ll be the first to know.

Authentication, Authorization and OWIN – Who Moved My Cheese?

I was working with one of my ASP.NET projects this weekend and ran into an interesting

problem while I was debugging.  This application was written from the ground up to use ASP.NET identity and OAuth security for all of my authentication and authorization needs.  That also means that my application follows the new default layout for an ASP.NET web forms application, with account management and login capabilities reside in the /Account folder structure.

An interesting series of things happens to web.config when we adapt the OAuth security management in ASP.NET 4.5+  What follows is what I have learned the hard way…

Authentication Information in Web.Config disappears

If you’re a long time developer with ASP.NET like me, you’re accustomed to the FormsAuthentication configuration in web.config.  With the new authentication and identity modules in ASP.NET 4.5, all of this goes away.  This really tweaked me at first, I got confused and followed the code… and trust me, its all good.

Web.Config has its authentication turned off and all identity providers removed.  Check out this snippet from a fresh web.config in a new ASP.NET 4.5 application:

  <system.web>
    <authentication mode="None" />
    <!-- other stuff -->
    <membership>
      <providers>
        <clear />
      </providers>
    </membership>
    <profile>
      <providers>
        <clear />
      </providers>
    </profile>
    <roleManager>
      <providers>
        <clear />
      </providers>
    </roleManager>
    <!-- other stuff -->
    </system.web>
  <system.webServer>
    <modules>
      <remove name="FormsAuthentication" />
    </modules>
  </system.webServer>

That’s some scary stuff right there.  Everything that I’ve known since ASP.NET was released in 2002 screams out: NOOOOOooooooo!  This is the necessary configuration to turn off all of the embedded and automatically activated security modules in ASP.NET  With that functionality shut off, the OAuth security module can step in.

OAuth Security Configuration

Instead, all of the security configuration goodness is kicked off in a new OWIN-compliant manner from within Startup.cs on the root of the application.

[assembly: OwinStartup(typeof(MyApplication.Startup))]

namespace MyApplication
{
  public partial class Startup
  {
    public void Configuration(IAppBuilder app)
    {
      ConfigureAuth(app);
      app.MapSignalR();
    }
  }
}

Check out that attribute at the top of the file, an OwinStartupAttribute that points to this class that contains the codified configuration of the application.  The class is required to have a Configuration method with the same signature in this snippet.  I’m not clear why the class does not adhere to an interface that enforces the presence of this method, but this is the requirement.  You can see from here, that it calls the ConfigureAuth method in the App_Start/Startup.Auth.cs file.  Its in there that we can find all of the configuration for managing the authentication of resources in the application.

public void ConfigureAuth(IAppBuilder app)
{
 
  // Stuff to configure the Identity data storage
  
  // Enable the application to use a cookie to store information for the signed in user
  // Configure the sign in cookie
  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login")
      // other stuff
  });
  
  // more stuff down here
}

This is where I was thrown for a loop.  How does ASP.NET know where my login page is?  Its defined right here with the LoginPage configuration property inside of the CookieAuthenticationOptions class.

How is Authorization Handled?

Finally, how is authorization to pages handled?  In the past, I would write blocks of XML with authorization elements that looked similar to the following…

  <location path="Admin">
    <system.web>
      <authorization>
        <deny users="?" />
        <allow roles="Admin" />
      </authorization>
    </system.web>
  </location>

The good news is that none of that has changed, and we can continue to code high-level authorization rules inside of web.config files in ASP.NET 4.5.

Summary

Its not a good idea to tinker with the default security configuration of ASP.NET unless you know where all of the moving pieces are.  In the past, I knew where everything was referencing from web.config through global.asax.cs to verify connections to my application where authenticated and authorized. In the new Owin enabled ASP.NET, those pieces have moved and are now very descriptive in their new locations.  Coming soon, I have a Pluralsight course that will discuss all of the cool things that you can do to configure ASP.NET OWIN security and other Advanced topics.  I look forward to delivering it for you in the very near future.

How to Automate ASP.NET Custom Controls with the Gulp JavaScript Task Runner

Here I am, writing a module for my next Pluralsight course and I ran into an interesting problem.  When I write a custom ASP.NET control, I now have lots of JavaScript and CSS libraries that I want to ship with it.  With the introduction of the Task Runner Explorer in Visual Studio, I decided to try my hand at writing a Gulp script that will combine and compress these static resources inside of my class library project.

Introducing Gulp for the ASP.NET Developer

Gulp is another task runner for use with NodeJS, similar to Grunt.  Unlike Grunt, Gulp runs based on a JavaScript file of instructions and can be run in an asynchronous manner.  This leads to Gulp being a bit easier to read as a series of functions that will run faster than the Grunt JSON configuration file.

To get started with Gulp and Visual Studio:

1. Install NodeJS from www.nodejs.org

2. Install Gulp with the NPM package manager as follows:

npm install gulp -g

This will install Gulp globally and make the gulp command-line executable available.

3. Create a package.json file in the root of your project.  This can be a file that contains just a pair of curly braces.

4. Configure gulp locally to the project by running the following script on the command line at the project root folder:

npm install gulp --save-dev

5. Install a handful of gulp plugins to manage the concatenation, renaming, minifying and notification processes:

npm install gulp-minify-css gulp-concat gulp-uglify gulp-notify gulp-rename --save-dev

With those command issued, we’re ready to build our gulpfile.js to contain the instructions for how to automate working with our static resources.

Create a file called gulpfile.js on the root of the project.  This file should be excluded from the project.  Begin by defining a series of variables using gulp’s built-in require commands:

var gulp = require('gulp'),
  concat = require('gulp-concat'),
  minifycss = require('gulp-minify-css'),
  rename = require('gulp-rename'),
  notify = require('gulp-notify'),
  uglify = require('gulp-uglify');

Next, we can define a simple gulp task to minify the bootstrap.css file that is in our project:

gulp.task('css', function() {

  return gulp.src('css/bootstrap.css')
    .pipe(rename('mycontrols.min.css'))
    .pipe(minifycss())
    .pipe(gulp.dest('css'))
    .pipe(notify({message: 'Styles minified'}));

});

The name of the task is “css” and it will trigger a function.  The function returns the result of operations on the css/bootstrap.css file.  The file is piped from one operation to the next with the pipe method.  First, the file is renamed to mycontrols,min.css so that the file matches the “mycontrols” project name.  Next, the contents of the CSS file are minified with the minifycss command and then piped to the css folder using the gulp.dest method.  Finally, a notification is triggered with the notify method and the message text specified.

The JavaScript processing is similar:

gulp.task('js', function() {
  
  return gulp.src(['scripts/jquery-1.10.2.js','scripts/respond.js','scripts/bootstrap.js'])
    .pipe(concat('mycontrols.js'))
    .pipe(gulp.dest('scripts'))
    .pipe(rename({suffix: '.min'}))
    .pipe(uglify())
    .pipe(gulp.dest('scripts'))
    .pipe(notify({message: 'Scripts merged and minified'}));

});

This time, I am passing an array of files in to be processed.  The collection are concatenated together with the concat method into the mycontrols.js file and written into the scripts folder with another gulp.dest method.  The filename is renamed with a suffix of .min and sent into the uglify processor for minification.  The results of the uglification are written back to the scripts folder and a notification is triggered with an appropriate message.

Finally, I wrote a default task to call the JS and CSS tasks.  I called this task default:

gulp.task('default', ['js','css'], function() {});

The second argument in this method call is the collection of dependent tasks that should be called before the function is executed.  In this way, the js and css tasks are called asynchronously.

Automating Gulp with Task Runner Explorer

With the Task Runner Explorer extension in Visual Studio, I can connect any and all of these tasks to various steps in the build process.  In my case, I right-clicked on the ‘default’ task and chose to bind it to the ‘Before Build’ run time.

Now, every time I build my MyControls project, the gulp default task will run and deliver appropriate CSS and JS files for my controls to use.

 

Custom Control Project Considerations

Importantly, for this project I marked my gulpfile, package.json, and all of my original CSS and JS files as  Build Action None and Do not copy to output directory.  I did mark the new mycontrols.min.js and mycontrols.min.css as Embedded Resources so that they would be delivered inside of the DLL I will distribute with my controls.

Summary

The new Task Runner Explorer combined with the NodeJS command line interface and Gulp have made automating packaging assets for my custom controls much easier than previously.  Now, visitors to my applications will download one script file and one css file for my controls.  This will provide a faster and easier experience for my visitors and my developers that use my custom ASP.NET controls

Connecting the dots with jQuery, JSONP, and WebAPI

No problem!

This morning, I jumped in to help out my friend Julie Lerman with a question about using jQuery with ASP.NET WebAPI.  In my mind, that’s easy… something I’ve wired up lots of times and shouldn’t be a problem. I offered to pair program for a bit and take a look at the code, after all… how hard could it be?

This was an interesting and simple block of jQuery that was expecting JSON from a service.  A simple WebAPI controller, similar to the one we were attempting to query looked a little like this:

  public class ValuesController : ApiController
  {
    // GET api/values
    public IEnumerable<string> Get()
    {
      return new string[] { "value1", "value2" };
    }
  }

That’s easy to get data from with jQuery, I can use an AJAX call to get the data from my server with JavaScript like the following:

$.ajax({
  url: "http://localhost:64948/api/values",
  type: 'GET',
  dataType: 'json'
}).done(function(data) { alert(data.length); });

When I run this page from the same server that is hosting my service, no problem.  I get a simple alert box with the number 2.

That wasn’t our problem.

In this scenario, Julie was querying a different server that was hosting WebAPI and needed the services of JSONP to make that cross-origin request.  The jQuery documentation indicates that you can simply switch the dataType of your AJAX call to “JSONP” and everything will just work.

No...

No dice… nothing.  We poked and prodded that JavaScript code and got nothing from it.  Then it hit us:  the problem isn’t the JavaScript, its the callback coming from the server.  WebAPI needs to know how to issue a command back to our script.

To complete the task and get WebAPI responding properly to a JSONP request, install the JSONP MediaTypeFormatter from NuGet.  Once that is installed, enter your App_StartWebApiConfig.cs and add to the bottom of the Register method the following line:

GlobalConfiguration.Configuration.AddJsonpFormatter();

Rebuild and re-run the JavaScript and now the done method of the AJAX call is being executed.

We were happy, and all was right in the world.  

What did we learn about this problem and how to write better software?

The short answer is: JavaScript development is REALLY HARD without proper error messages and with connections that fail silently.  There was no indication that the WebAPI was not attempting to call the Done callback method from jQuery.  Additionally, WebAPI wasn’t throwing any warning message to indicate that there were arguments passed in that it didn’t know what to do with.  This lack of verbose messaging in a debugging environment made it difficult for two experts to be able to track down a problem.

How would an average developer handle this?  We can do better…  I’ll write more about this approach to making debuggable (yea, I just invented that word…) software tools next time and how we can improve this experience.

 

Ultimate Guide to Mobile Web Icon Markup

I’ve been fighting a problem for the last few days, as I’ve been trying to identify why my blog (and a friend’s blog) are not formatting Windows Phone Live Tile content properly.  For those of you who don’t use a windows phone, this is one of the uber-cool features of the device where I can bookmark a website as a tile on the start screen and updates to the site are broadcast as new text that rotates across the “back of the tile”.  

In my Phone home screen, you can see that I have a number of websites pinned so that I can quickly get to them.  This is from the lower part of the screen, but you can see the sites:

You can immediately see headlines on a number of those site’s tiles.  Others, a simple and sometimes crappy looking screenshot of what the site looked like when I pinned the site.  

On Android and iPhone devices, you have a similar feature that creates an icon on the start screen.  The device will typically take a screenshot and shrink that down for use as an icon.  Other times, it will use the favicon with some simple formatting to create a home screen button.   Yuck…

In this article, I’m going to outline all of the tags to add to your site to make it look cool on your visitor’s home screens.

Get Started Easy – Android Icons

The easiest device to support is Android.  With thee simple tags and two simple images, we can support a custom icon on the start screen.  For my blog, I added these lines to my HTML header:

<meta name="mobile-web-app-capable" content="yes">
<!-- Hi-res photo -->
<link rel="icon" sizes="196x196" href="http://csharpfritz.github.io/icons/large_and.png">
<!-- Lo-res photo for less capable devices -->
<link rel="icon" sizes="128x128" href="http://csharpfritz.github.io/icons/small_and.png">

 

The meta tag is required in order for the phone to enable the “Add to Homescreen” button.  Now you can add a link to CsharpFritz.com to your home screen on Android and see the following:

Next Up:  Apple iOS

Apple’s mobile devices come in four different sizes, and the following meta link tags are needed to add icons for devices with white cables:

<!-- iOS Meta tags -->
<link rel="apple-touch-icon" href="http://csharpfritz.github.io/icons/small_ios.png">
<link rel="apple-touch-icon" sizes="76x76" href="http://csharpfritz.github.io/icons/small_ipad.png">
<link rel="apple-touch-icon" sizes="120x120" href="http://csharpfritz.github.io/icons/larse_ios.png">
<link rel="apple-touch-icon" sizes="152x152" href="http://csharpfritz.github.io/icons/large_ipad.png">

At this point, we now have six different shortcut icon sizes.  But wait!  That’s not all!!

Windows and Windows Phone – Internet Explorer Meta Tags

This is the pair that really drives some neat functionality in the mobile devices.  Microsoft provides a three-step wizard to build out some initial pinned tiles functionality for your website at: http://www.buildmypinnedsite.com 

This wizard will help you generate the following markup:

<meta name="application-name" content="CSharp on the Fritz"/>
<meta name="msapplication-TileColor" content="#2714cb"/>
<meta name="msapplication-square70x70logo" content="http://csharpfritz.github.io/icons/small_w.png"/>
<meta name="msapplication-square150x150logo" content="http://csharpfritz.github.io/icons/medium.png"/>
<meta name="msapplication-wide310x150logo" content="http://csharpfritz.github.io/icons/wide.png"/>
<meta name="msapplication-square310x310logo" content="http://csharpfritz.github.io/icons/large.png"/>
<meta name="msapplication-notification" content="frequency=30;polling-uri=http://notifications.buildmypinnedsite.com/?feed=http://www.csharpfritz.com/blog?format=rss&amp;id=1;polling-uri2=http://notifications.buildmypinnedsite.com/?feed=http://www.csharpfritz.com/blog?format=rss&amp;id=2;polling-uri3=http://notifications.buildmypinnedsite.com/?feed=http://www.csharpfritz.com/blog?format=rss&amp;id=3;polling-uri4=http://notifications.buildmypinnedsite.com/?feed=http://www.csharpfritz.com/blog?format=rss&amp;id=4;polling-uri5=http://notifications.buildmypinnedsite.com/?feed=http://www.csharpfritz.com/blog?format=rss&amp;id=5;cycle=1"/>

These tags should be fairly self-explanatory:

  • application-name is the name to present on the tile for your website
  • TileColor is the background color to present for your tile
  • the logo tiles are all location for four more images to possibly present as the tile content on the start screen.
  • notification is an service location for Windows to poll for updates to present

For more information about the API Internet Explorer, Windows and Windows Phone uses to present tiles for your website, check MSDN at: http://msdn.microsoft.com/en-us/library/ie/bg183312(v=vs.85).aspx

Summary

With a little bit of simple HTML header tags and 10 different sized images you can make your website appear like an application on the home screen of your mobile visitors.  Next thing we need to figure out is a standard button that can be placed on our web pages that, when clicked, forces the browser to make an icon or tile for our website on the device home screen.