Saturday, August 16, 2014

System.Net.CredentialCache supports Digest Auth

In my last post I talked about implementing Digest Authentication in WebAPI. That was a server side implementation, but how do you make requests to that server? Good news: .NET's built in CredentialCache supports Digest Authentication!

PreAuthenticate

Be sure to enable PreAuthenticate, otherwise each request will require a new digest token have to make an additional two requests to get it! Do not worry, the request will not send your credentials without having a token first.

PreAuthenticate = false

PreAuthenticate = true

Test Code

[Fact]
public void DigestCredentials()
{
    var requestUri = new Uri("http://localhost/DigestAuthDemo/");
 
    var credCache = new CredentialCache
    {
        {
            new Uri("http://localhost/"), 
            "Digest", 
            new NetworkCredential("UserName", "Password", "/")
        }
    };
 
    using (var clientHander = new HttpClientHandler
    {
        Credentials = credCache,
        PreAuthenticate = true
    })
    using (var httpClient = new HttpClient(clientHander))
    {
        for (var i = 0; i < 5; i++)
        {
            var responseTask = httpClient.GetAsync(requestUri);
            responseTask.Result.EnsureSuccessStatusCode();
        }
    }
}

Enjoy,
Tom

Sunday, August 3, 2014

Basic and Digest mixed authentication with WebAPI

In my last post I talked about using both Basic and Digest authentication with WebAPI, but not at the same time. So what do you do when you want to used mixed authentication with both?

In principal you can support both Basic and Digest authentication at the same time, but your server has to issue the 401 challenge with Digest. This is because basic requires no token or server information to authenticate, where as digest requires a nonce from the server.

I have updated Rick's Basic authentication and Badri's Digest authentication implementation to work together as a pair of AuthorizationFilterAttributes. Here is the source:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.Filters.Add(new BasicAuthorizationFilterAttribute(false));
        config.Filters.Add(new DigestAuthorizationFilterAttribute());
 
        config.MapHttpAttributeRoutes();
 
        config.Routes.MapHttpRoute(
            "DefaultApi",
            "{controller}/{id}",
            new { controller = "data", id = RouteParameter.Optional }
        );
    }
}

Enjoy,
Tom

Thursday, July 31, 2014

WebAPI and Chrome Authentication Types

Google Chrome supports four HTTP authentication types:

  1. Basic
  2. Digest
  3. NTLM
  4. Negotiate

ASP.NET WebAPI has AuthorizationFilterAttributes which can be used to implement both Authentication and Authorization for your APIs. If you want to use Basic or Digest authentication, there are already several open source implementations available to help you out!

Do you need to used mixed authentication and support both Basic and Digest?
If so, be sure to check out my next blog post...

Enjoy,
Tom

Sunday, July 27, 2014

RavenDB 2.5 vs 3.0 Write Performance (so far)

Is Voron out performing Esent in RavenDB 3.0?

...not yet, at least in terms of write speed. I ran a few tests on my home machine to compare the write and indexing speeds of Raven 2.5 (build 2908) against Raven 3.0 (build 3358). Unfortunately the results were not encouraging. However it is worth pointing out that the Raven team did save their performance updates for last when releasing Raven 2.5, so I do expect that this will improve before we see an RC.

Test Results

Here are the results of my (little) performance tests:

Document Count RavenDB 2.5 RavenDB 3.0 Difference
Elapsed Import Time Elapsed Index Time Elapsed Import Time Elapsed Index Time Import Percent Index Percent
0 - 100k 0:57.48 1:41.45 1:08.59 1:25.39 -19.33% 15.82%
100k - 200k 1:02.68 1:34.85 1:10.87 1:35.65 -13.08% -0.84%
200k - 300k 1:00.34 2:17.84 1:12.94 1:47.20 -20.89% 22.22%
300k - 400k 1:00.85 1:38.59 1:13.46 1:45.61 -20.73% -7.12%
400k - 500k 1:02.03 1:38.70 1:12.03 1:58.51 -16.12% -20.07%

Saturday, July 19, 2014

Python 2.6 and HTTP Basic Authentication

I recently encountered an issue where adding basic authentication to some HTTP calls was breaking a Python application.

Come to find out there is a bug in Python 2.6 that appends a newline character to base 64 encoded strings. That newline character then causes your HTTP request to be malformed, so that the body does not match the content length. When consuming these malformed requests in an ASP.NET sever the body content would cut off early, and in the case of JSON content this made it so that the JSON string was incomplete and could not be parsed.

So what's the fix? You can either update Python, or fix your string after encoding.

Enjoy,
Tom

Sunday, July 13, 2014

Use RavenDB to power Data Driven xUnit Theories

I love xUnit's data driven unit tests, I also really enjoy working with RavenDB, and now I can use them together!

Data driven unit tests are very powerful tools that allow you to execute the same test code against multiple data sets. Testing frameworks such as xUnit makes this extremely easy to develop by offering an out of the box set attributes to quickly and easily annotate your test methods with dynamic data sources.

Below is some simple code that adds a RavenDataAttribute to xUnit. This attribute will pull arguments from a document database and pass them into your unit test, using the fully qualified method name as a key.

Example Unit Tests

public class RavenDataTests
{
    [Theory]
    [RavenData]
    public void PrimitiveArgs(int number, bool isDivisibleBytwo)
    {
        var remainder = number % 2;
        Assert.Equal(isDivisibleBytwo, remainder == 0);
    }
 
    [Theory]
    [RavenData]
    public void ComplexArgs(ComplexArgsModel model)
    {
        var remainder = model.Number % 2;
        Assert.Equal(model.IsDivisibleByTwo, remainder == 0);
    }
 
    [Fact(Skip = "Only run once for setup")]
    public void Setup()
    {
        var type = typeof(RavenDataTests);
 
        var primitiveArgsMethod = type.GetMethod("PrimitiveArgs");
        var primitiveArgs = new object[] { 3, false };
        RavenDataAttribute.SaveData(primitiveArgsMethod, primitiveArgs);
 
        var complexArgsMethod = type.GetMethod("ComplexArgs");
        var complexArgsModel = new ComplexArgsModel
        {
            IsDivisibleByTwo = true,
            Number = 4
        };
        RavenDataAttribute.SaveData(complexArgsMethod, complexArgsModel);
    }
 
    public class ComplexArgsModel
    {
        public int Number { get; set; }
        public bool IsDivisibleByTwo { get; set; }
    }
}

Monday, June 30, 2014

LearnerJS: Back to Basics Presentation

Thanks to everyone who came out for the inaugural meeting of LearnerJS!

Topic

Back to Basics: The importance of testable modular JavaScript components.

Summary

What do jQuery Plugins, Angular Directives, Knockout Components, and Ext JS classes all have in common? Modular Components! In this session we will discuss the importance of modular and reusable JavaScript components, define goals for abstraction and test-ability, and get into some demos showing how to achieve those goals.

Downloads

Enjoy,
Tom

Real Time Web Analytics