-
Protecting a Self-Hosted Nancy API with Microsoft.Owin.Security.ActiveDirectory
This post is the Nancy version of Vittorio's "Protecting a Self-Hosted API with Microsoft.Owin.Security.ActiveDirectory". Since I'm lazy, I may even be lifting some parts of it verbatim, if you don't mind, Vittorrio ;)
I'm going to skip the intro to Owin etc, if you are reading this, you probably know all about it by now. (Except for you Phillip; Get yout s**t together man!). This tutorial will be using Nancy.MSOwinSecurity that I introduced in the previous post.
What I am going to show you is how you can set up a super simple Nancy HTTP API in a console app and how you can easily secure it with Windows Azure AD with the exact same code you use when programming against IIS Express/full IIS.
-
Uniqueness in a DDD-CQRS-ES application
A while back I blogged that set based based concerns, i.e. duplicates, that when analyzed aren't really a problem. An example of this could a be a duplicate product in a catalogue. The worst that can happen is the user sees the item twice when browsing / searching. Everything still works - the customer can still purchase it, you can still ship it. It's low risk, low impact and life goes on.
There are situations though where global uniqueness is a real requirement, for example, choosing a username during a new user registration process. The problem here is that if a duplicate occurs you may have a security issue, or maybe neither user can log in. It depends on your application of course, but this may be considered high risk.
-
Ensuring that Dispose() gets called on your IDisposable types
Here is a neat trick to make sure you IDisposable classes have their dispose method called. In the finalizer, call Debug.Fail and only include it in Debug builds:
public class DisposableClass : IDisposable { public void Dispose() { //The usual cleanup #if DEBUG GC.SuppressFinalize(this); #endif } #if DEBUG ~DisposableClass() { Debug.Fail(string.Format("Undisposed {0}", GetType().Name)); } #endif }
This will give you an in-your-face dialog to let you know of your fail:
I can't claim that I came up with this, but I can't remember where I saw it either.
-
Questions to ask whenever set based business concerns come up in a DDD-CQRS-ES based application
One of the biggest brain speed bumps for people who come from a centralized data-model first \ RDMBS world is the issue of duplicates. "What if we have duplicate names?" "What if we have duplicate accounts?" etc. This can be of special concern in distributed systems, where your aggregate roots may be created in different places.
Before I engage in any sort of implementation, I have several business questions that must be answered first: