ASP.NET Core 2.0 OIDC Authentication Using AWS Cognito

AWS Cognito has two parts: User Pools and Federated Identities. With Cognito User Pools, you can add sign-up and sign-in functionality to your ASP.NET Core 2.0 web apps. Although the blog posts such as this one illustrates the use of AWS SDK, you can use Cognito without SDK. Cognito User Pools allow you to integrate your apps using OpenID Connect (OIDC). This will be handy especially when you want to use Cognito with an app such as a third-party product for which you don’t have the source code to tinker with. Of course, the app must support OIDC and that attributes related to OIDC are configurable. Anyways, the objective of this post is to show Cognito integration with ASP.NET Core 2.0 app and that you have the source code, which you can modfiy to your heart’s content.
Continue reading

snake_case JSON with ASP.NET Core MVC

ASP.NET Core MVC uses camel-cased JSON by default. The property with a name “FirstName” gets serialized into “firstName”. Same, on the way in. There is another style: Snake case. Twitter, for example, uses snake-cased JSON. See this. It is possible to get ASP.NET Core MVC deal with snake-cased JSON. You will just need to change the ConfigureServices method of Startup as follows.
Continue reading

The 201 on Building Web API with ASP.NET Core MVC – Kindle Books

The Kindle version for the paperback book “The 201 on Building Web API with ASP.NET Core MVC” is available now, as two separate books.

The 201 on Building Web API with ASP.NET Core MVC – Book 1: Application Core is a collection of core application related topics selected from the paperback book. By the term “application core”, I mean the basic MVC concepts such as action selection, model binding, serialization, etc. that are fundamental to a web API application.

The 201 on Building Web API with ASP.NET Core MVC – Book 2: Application Infrastructure is a collection of application infrastructure related topics selected from the paperback book. By the term “application infrastructure”, I mean the software infrastructure that supports a web API application – things that are outside the fundamental MVC concepts, such as logging, DI, etc.

The 201 on Building Web API with ASP.NET Core MVC

Happy to announce the availability of my new book “The 201 on Building Web API with ASP.NET Core MVC” in Amazon.

The 201 on Building Web API with ASP.NET Core MVC

The 201 on Building Web API with ASP.NET Core MVC, is an intermediate-level guide on using ASP.NET Core and ASP.NET Core MVC’s extensibility points to solve problems, as you build a web API using ASP.NET Core MVC. ASP.NET Core MVC is a powerful framework and out of box, it gets you far. But there are scenarios where you will want to go even farther to get things done. If you are one of those who has gone through the framework 101 and has a need to see farther, this book is for you. This book employs a problem-solution format so that you can read the topics that are of interest to you, in any order.

  • Action constraints
  • Action results
  • Application model conventions
  • Application parts
  • Authentication middleware
  • Batching messages
  • Binding source value providers
  • Filter factories
  • Filter providers
  • Formatters
  • Localization
  • Loggers and logger Providers
  • Middleware
  • Model binders
  • Request validation
  • Resource, Result, Exception, Action Filters
  • Value providers


1     HTTP 101
1.1  Exposing API over Web
1.2  Returning a Resource Representation
1.3  Querying for Resources
1.4  Creating/Replacing a Resource
1.5  Adding a New Resource to a Collection
1.6  Deleting a Resource
1.7  Using POST to Tunnel other HTTP Methods

2.1  Using Configuration for Action Selection
2.2  Using Convention for Action Selection
2.3  Using a Controller Resource
2.4  Designing Hierarchical URI
2.5  Controlling Route Template Parameter Matching
2.6  Selecting Action Based on Request Content Type
2.7  Disambiguating between Action Methods
2.8  Using Plugin-based Design
2.9  Differentiating 404 – Not Found

3.1  Binding Different Parts of the Request Message
3.2  Filling in the Missing Part of the Model
3.3  Providing a Value to Model Binder on Priority
3.4  Handling XML Requests
3.5  XML Input Formatting on a Per-Request Basis
3.6  Binding the Model from Nonstandard Payloads
3.7  Using Factory Pattern for Model Binding
3.8  Validating Requests
3.9  Using Matrix Parameters

4.1  Enabling Content Negotiation
4.2  Disabling Content Negotiation Selectively
4.3  Selecting Content Type on a Per-Request Basis
4.4  Detecting Modifications to the Response Body
4.5  XML Output Formatting on a Per-Request Basis

5.1  Preventing Action Method from Running
5.2  Preventing Duplicate HTTP POSTs
5.3  Handling Exceptions
5.4  Specifying Order for the Filters
5.5  Creating a Dynamic Filter Pipeline
5.6  Overriding Filters

6.1  Logging Request Body for All Requests
6.2  Logging Request Body Selectively
6.3  Logging Response Body
6.4  Structured Logging
6.5  Logging to Amazon DynamoDB
6.6  Logging Additional Fields in JSON Request Body

7.1  Injecting Dependencies
7.2  Resolving Dependencies by Convention
7.3  Proxying Dependencies
7.4  Sharing Data among ASP.NET Components
7.5  Sharing Context among ASP.NET Components
7.6  Sharing Data across Different Application Layers

8.1  Returning a Partial Resource Representation
8.2  Using a Composite Resource
8.3  Caching Responses
8.4  Returning a Representation Only on Changes
8.5  Using a Binary Message Format
8.6  Streaming JSON Response
8.7  Going Asynchronous
8.8  Batching Request Messages

9.1  Sending Custom Response Headers
9.2  Implementing Custom Authentication
9.3  Creating Middleware versus Filter
9.4  Establishing Current Culture
9.5  Localizing Based on Current Culture
9.6  Using ASP.NET Core MVC Core

Specifying Environment from the Command Line in ASP.NET Core

ASP.NET Core picks up the environment from the environment variable ASPNETCORE_ENVIRONMENT. If you want to set it from Visual Studio, you can do so by double clicking “Properties” in Solution Explorer > Debug > Environment Variables. Just add an entry with a name of “ASPNETCORE_ENVIRONMENT” and a value desired.

If you want to set the environment from the command line, you have to modify the Main method like this.

public static void Main(string[] args)
    var config = new ConfigurationBuilder().AddCommandLine(args).Build();

    var host = new WebHostBuilder()


With that, you can pass the environment, like so.

dotnet run --environment "UAT"

You can also specify server URL using command line.

dotnet run --environment UAT --server.urls http://*:5001

That will set the environment to “UAT” and let Kestrel use port 5001.

Reading Katana Cookie Authentication Middleware’s Cookie from FormsAuthenticationModule

I saw a question in stackoverflow about using the cookie created by FormsAuthenticationModule (FAM) from the Katana Cookie Authentication Middleware. I thought it was a one-off question. But then, here is one more question, similar, but it is about reading the cookie created by CAM from FAM. Though we cannot change FAM’s behavior, it is technically possible to write an HTTP module to read the ticket. So, thought of writing some code to illustrate how to read the CAM cookie.
Continue reading