Lachlan B's Blog

ASP.NET Two Factor Auth with Google's Authenticator App part 2

This is part two in a series of posts. For the introduction post on how to do it all with a NuGet package, see asp.net two factor auth with google authenticator app. This article is about how to implement it manually and how it works behind the scenes. A lot of this code is based on an article by Jerrie Pelser titled Using google authenticator with asp.net identity.

If you already have an application that is utilising ASP.NET's identity service, you can made a few modifictions to include the Two Factor authentication code.

To show how this can be done, first off create a new ASP.NET application, choose "MVC", and set authentication to "Individual User Accounts". In this example we are creating a new application for managing our own movie DVD collection, so we will name it MovieManager.

Read More ->

ASP.NET Two Factor Auth with Google's Authenticator App part 1

So you want to add two factor authentication to your site?

auth 1 screenshot

I have created a NuGet package that will get it running in 10 minutes. Alternatively, I have also written an article on how you can implement it manually without using the NuGet package.

This method is using ASP.NET’s Identity and Google’s “Authenticator” app. The authenticator app is simple, very widely used (GitHub and Slack, to name two) and works very well.

If you are adding two-factor authentication to an existing site or codebase, I would suggest that you start by creating a brand new project and adding the already-prepared NuGet package that I have prepared. This will ...
Read More ->

Fixing oWasps CSS

This week I heard about the .NET Security Cheat Sheet written by the owasp guys. So I opened it up on my mobile and saw this:



Eish. The text is tiny and you need to scroll around the screen to be able to read a sentence. Someone needs a mobile friendly CSS! So I tweeted them and got this response:



Fair enough.

So I fixed it... how's this?




The "main" culprit was the TABLE tag inside the HTML:



Removing that got us 50% of the way there... then we just needed a bit more CSS to clean it up:

...
Read More ->

Update for android app for East Timor

The last couple of months we have made some nice progress on our app. It's got a cool name, "Local Linguist", and it's had a facelift and a workover by some UI guys:

Each screen is much simplier and it will also include a section for listening to audio and providing a translation in your own language.

There's also a great interview with Katrina Langford, the "change maker" (eg, product owner) for the application. I could point out that so far we've won the Rhok Hackathon ahem *twice* but there's not a lot of point other than boasting, the value is in the results, not the kudos awarded on the way - though that definitely helps keep the motivation going, we're all human after all.

Plus here is a photo of the LocalLinguist team at the recent hackathon winning the trophy!! I'm not in the photo, I wasn't there on the day, but I've somewhat contributed to the project! But even still, great job guys.



While I'm here I might as well briefly mention that I recently gave a talk on "How to change things at your company" at DDD night, which was great fun. Here's a blurry photo of me doing my thing:


<...
Read More ->

How I could have saved Carlo from HumanKode lots of money

You might have read the story how Carlo lost $6,500 thanks to a bug in Visual Studio GitHub's plugin.

It turns out that the issue was caused by a checkbox not working.

So what was the problem? The issue was that it's super-easy to accidently completely break a WPF control when you're just trying to change it's color. Why? Because if you want to change it, you have to completely override the entire control. So you end up having to copy and paste the code for the entire control, and then change what you need. So to fix the issue for Carlo they had to fetch the right control template code and then put it back in. But really, that's just a bandaid over a much, much more complicated problem.

I came across this problem in 2014 and suggested a (horrible) workaround. As you can see it's not simple, but it's better than nothing.


Read More ->

Async, await and ASP.NET

Today I came across a brilliant explanation of c#'s await keyword. I've been trying to figure it out for a couple of weeks now and every time I read it the explanation gets too complicated too quickly. The essential problem is as follows:


Marking a method as Async doesn't make it Asynchronous


And therein lies the confusion.

(BTW I'm not sure which genius came up with this. Probably the same person who came up with "Visual Studio Online" - because.. you know.. it's not actually an online version of visual studio.)

So anyway marking a method as async doesn't make it asynchronous. What the heck does it do?


Async releases the thread from the server pool


Huh? Well, normally each request in IIS takes up a thread. While IIS has a bewildering number of performance tuning options it essentially has a fixed number of threads available to process simultaneous requests. Each request uses a thread. So normally, the maximum number of simultaneous requests possible comes down to the maximum number of threads. So, if suddenly 1000 users hit your app at the same time, the 1001st user's request is going to be put into a queue, and they will have to wait. Now if your queue size is say 5000, and you then suddenly get 5000 more users h...
Read More ->

DDD Conference 2015 wrap up

ddd conference

Two weeks ago I spoke at the DDD Melbourne conference on the topic "How to be the best developer in the world". The talk went ok, and so I have turned it into an epic blog post:

How to be the best developer in the world

Big thanks to Troy Hunt for his super-helpful Speaker Style Bingo article, and also mad props to Lars Klint for his willingness to give me a go!


Read More ->

How to be the best developer in the world

To kick off this blog, I think that I need to state the following:

I am not the best developer in the world.

I know a lot of the things that you need to learn in order to become a great developer, but just knowing these things doesn’t make it happen. Head knowledge is good, but that’s the easy part. Putting it all into practice… that’s what’s difficult. I'm still a work in progress!

So in order to become the best developer in the world you're going to have to ask yourself a pretty serious question:

"what level am I at?"

To work this out, you might compare yourself to a couple of job ads. If you start poking around the internet for software developer jobs, you’ll find things like this:




Notice how they advertise "3 years XP"? Unlike other crafts, software development does not have a well-defined methodology for working out how good a programmer is. All we go by is “years of experience” which is a pretty bad methodology - you can sit on your bum for five years, not learn anything, and you're suddenly a mid-level developer. It doesn't really mean anything. Instead of years of experience, what we need to know is competency.

Have you seen the programmers competency matrix? It's a great list, but I feel like it's missing a bunch of things.

A...
Read More ->

Securing your pc after online abuse

So you're the target of online abuse? You need to secure yourself from being hacked. Here's what you need to do immediately:

  • Enable two factor authentication for every account that you can - especially your main email account. Your main email account can be used to get access to all of your other accounts via a password reset, so it's very important that you protect it. You need to enabled it for your google account (called "two-step") and also for you facebook account (called "login approvals"), twitter (called "login verification"), banking, and any online account that supports it (as of writing, instagram doesn't).
  • Put a lock code onto your mobile so that if you lose it, people can’t access your accounts.
  • Back everything up - onto a USB drive, AND use an online service (I have heard that BackBlaze is good).
...
Read More ->

Speaking at DDD Melbourne 2015

Next weekend I'll be talking at DDD Melbourne on "How to be the best programmer in the word". This will be my first full length talk at a conference so I'm excited, nervous and happy all at the same time!

Trying to cover such a massive topic in 45 minutes is quite ambitious... to say the least. Obviously I won't be able to cover anything in any substantial detail, but I can hopefully point some people towards the right direction in where their next steps should be to improve their skills.

In the spirit of trying to be as organised as possible here's all of the links that I will mention in my talk:

And the most ...
Read More ->