How to parse a SAML token

21 במרץ 2014

A customer asked me how to manually parse a saml token. Well I found this blog post with a detailed answer. To get the SAML token request from a request and decode it I do the following:// spec says "SAMLResponse=" string rawSamlData = Request; // the sample data sent us may be already encoded, // which results in double encoding if (rawSamlData.Contains('%')) { rawSamlData = HttpUtility.UrlDecode(rawSamlData); } // read the base64 encoded bytes byte samlData = Convert.FromBase64String(rawSamlData); // read back into a UTF string string samlAssertion = Encoding.UTF8.GetString(samlData);   Enjoy.
no comments

SignalR Message Format

12 במרץ 2014

I looked around for documentation about the message format of Asp.Net SignalR but I could not find any so I had to explore myself and produce the following summary about Asp.Net message format. Messages are serialized as JSON objects and contain metadata about the handlers and the connection as well as payload (i.e. the data to transfer) The following information is included in the messages: - Hubs (H): Handlers (i.e methods) on the server as well as on the clients are grouped in "Hubs".- Method (M): The name of the Handler that will process the message.- Groups: Clients can...
no comments

WAAD, OAuth and Javascript

4 במרץ 2014

As you probably know Microsoft released AAL (Windows Azure AD Authentication Library for .NET) which is a great API for interacting with WAAD and implement the OAuth code flow. This API is extremely easy to use yet it works only for single threaded (STA) clients. It means that you can use it in a console application or windows store app but not in a browser. The scenario in which a client wants to call a web api in a SPA (Single Page Application) looks very interesting so I searched for an JavaScript SDK for WAAD but I could not...
no comments

How To Parse a JWT token

2 במרץ 2014

I had to create a test that retrieves a JWT token from WAAD so I created a little class that parses and displays the token content. Here is the code:class TokenHelper { public static Encoding TextEncoding = Encoding.UTF8; private static char Base64PadCharacter = '='; private static char Base64Character62 = '+'; private static char Base64Character63 = '/'; private static char Base64UrlCharacter62 = '-'; private static char Base64UrlCharacter63 = '_'; public static void DisplayAccessToken(string accessToken) { ...
no comments

Is OAuth 2.0 Secure ?

4 בפברואר 2014

When ever I introduce OAuth to my clients they ask. “Is it secure? We heard that …” There is doubt that there is a lot controversy about OAuth yet there is also no doubt that OAuth 2.0 is the leading authorization standard / framework in the web today. Eran Hammer one of OAuth original creators published lots of criticism on the final OAuth 2.0 specification in which he claims that OAuth 2.0 is not a specification but a framework. In his view the spec is not specific enough and leave to much room for variations in the implementations. He...
no comments

Seven-Steps for Designing a web API

2 בינואר 2014

This is the procedure described by Leonard Richardson in his book : RESTful Web APIs . The procedure consist of seven steps. Doing some preparatory workup front will help you choose a representation format and keep your profile as simpleas possible. 1. List all the pieces of information a client might want to get out of your API or putinto your API. These will become your semantic descriptors.Semantic descriptors tend to form hierarchies. A descriptor that refers to a realworldobject like a person will usually contain a number of more detailed, moreabstract descriptors like givenName. Group your descriptors...
no comments

Basic rules for building REST web APIs

We have a client-server Internet protocol, HTTP, which assigns very general meanings to different kinds of requests: GET, POST, PUT,and so on.We have the idea of hypermedia, which allows the server to tell the client which HTTP requests it might want to make next. This frees the client from having to know the shape of the API ahead of time.We have the idea of application semantics, which extend hypermedia controls with information about what specifically will happen, to application or resource state, if the client makes a certain HTTP request.And finally we have a whole lot of standards for...
no comments

How does “Exports” work in Node JS

1 בינואר 2014

If you wandered how does “NodeJS exports” works under the covers here in the answer. The trick is simple: wrap your function (object definition) with a wrapper function that accepts the exports object from the global scope. This makes exports global, allows you to attach your code to it and prevents your code from reaching the global scope. Code Snippet //wrapper function (function (exports, require, module, __filename, __dirname) {     //your code     var calculator = function() {         return {             add: function(a, b) { return a + b; }         };     };     exports.add = calculator; }); ...
no comments

How does “Exports” work in Node JS

If you wandered how does exports works under the covers here in the answer. The trick is simple: wrap your function (object definition) with a wrapper function that accepts the exports object from the global scope. This makes exports global, allows you to attach your code to it and prevents your code from reaching the global scope. 1: //wrapper function 2: (function (exports, require, module, __filename, __dirname) { 3: //your code 4: var calculator = function() { 5: ...
no comments

Facebook Presto Vs Cloudera Impala

25 בדצמבר 2013

If you want to know what is the difference between these two MPP databases I recommend reading the following post. currently both are using Hive query language HQL and use its metadata store. They have great performance yet they do not support user defined functions. In the near future all the current limitations will disappear (more serializations will be supported as well as UDFs) and there will be no REAL use case for using Hive. I know that there is working going on to improve Hive’s performance (X100) but we have to wait and see. Enjoy Manu
no comments