In the previous post, I covered the steps to get going with a simple ASP.NET MVC application with ASP.NET vNext. This post adds cookie-based authentication to it.
There are already posts out there explaining how to setup ASP.NET vNext. The first and the foremost source, ASP.NET vNext Home in Github has all the steps clearly documented. Then, there is a ton of videos and good stuff out there. The objective of this post is to show the steps involved in setting up ASP.NET vNext and create a “complete” MVC application (remember MVC in vNext means MVC + Web API). Of course, we will not need to install VS 2014 but I don’t think it will be practical to do any serious development without VS. But then, just to get a taste of what vNext is, it is okay. Here are the steps (Windows only).
If you use Visual Studio and want to add Google sign-in to your ASP.NET MVC app by using an out of box template, you get code that uses ASP.NET identity and three Katana authentication middleware: (1) the cookie authentication middleware running in active mode, (2) another instance of cookie authentication middleware but running in passive mode, and (3) Google authentication middleware. That will be like so.
Event Tracing for Windows (ETW) is cool. There is nothing like it, for instrumenting your app. ETW is interesting because at this time, it is not easy to find your way around. There is an excellent Pluralsight course by Kathleen Dollard and several blog posts and videos by Vance Morrison. .NET 4.5 has made ETW so easy. All you need to do is to create a custom event source by inheriting from the System.Diagnostics.Tracing.EventSource class. You can use the PerfView tool or logman command to start and stop a session and create an ETL file. ETL file is binary and contains pretty much all the info one would ever need but then getting the info out is not an easy task.
Authorization filters and action filters have been around for a while in ASP.NET Web API but there is this new authentication filter introduced in Web API 2. Authentication filters have their own place in the ASP.NET Web API pipeline like other filters. Historically, authorization filters have been used to implement authentication and there is ton of samples out there with all kinds of authentication implemented in authorization filters. Web API 2 introduces the authentication filter so that authentication concerns can be separated out of authorization filter and put into an authentication filter.
This post is related to binding in ASP.NET Web API. Binding (parameter binding, to be exact) is the mechanism through which request body is bound to the action method parameter. Say you are using a DTO class as parameter and if you want to ensure a field is present in the request, you can apply Required attribute at the property level like so.