Here’s another “auth is hard in .NET” thread reddit.com/r/dotnet/comme… #dotnet #aspnetcore
To help the team contextualize why it is hard outside of the domain itself being hard, it would be great to see some code samples. Samples from other frameworks that are runnable. Most of these threads conflate everything under the auth banner and require 20 questions understand
the problem. It’s fine to rant but we want to make real improvements. After the rant please show the code. We need to understand the scenario, the exact scenario. Sharing code leaves less room for ambiguity.
As an example, in this thread, SPA could be an application where the front end is hosted by asp.net core or one where there’s 2 servers, the front end server and backend server. Those could be on the same domains or different domains.
There might be reasons why that’s the case but “auth is hard on .NET but is easier elsewhere” doesn’t help when there are no specifics. I have a hard time parsing the feedback because it’s hard to get clarity on what the *exact* scenario and requirements are.
We love the rants but we (the community) can be better about coming together and solving hard problems. Many of the engineers on this thread have solved many auth scenarios in their day jobs. We should be able to have the broader community benefit from that experience.
More docs , more samples, more features (potentially). I’m hoping to see more of this happen organically in the ecosystem.
To be clear, my rant isn’t denying that it’s hard, I just don’t know *what exactly* is hard and why it’s hard. I know we need “better docs”, but we don’t have specific enough feedback to make threads like these go away. I’d love to measure success by seeing the sentiment improve.
There’s no shame is taking long to understand this stuff, it’s complex. I still don’t understand all of it. I haven’t looked into the specifics of the OIDC protocol and all of the flows. That doesn’t make me think everything is terrible 😅 (maybe it is?).
. @dodyg we need an auth samples repo.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with David Fowler 🇧🇧🇺🇸

David Fowler 🇧🇧🇺🇸 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @davidfowl

Jun 27
COVID will be “over” when people stop posting tests results on Twitter. It’s not “normal” or “endemic” yet socially. It feels pretty inevitable at this point, there’s still a guilt associated with having it (you could have spread it unknowingly).
It’ll be “like the flu” and “normalized” socially when people stop doing that. So, IMHO Covid isn’t “over” yet…
As an example of what this “new normal” feels like: Hanging out with people and then waiting for 3-5 days to pass to see if you have any symptoms. Knowing you have to travel in a week and trying to reduce the possibility of getting it by reducing too much human infraction before.
Read 5 tweets
Jun 27
This thread was good because it helped clarify my thinking. There are 2 phases (for simplicity) where ClaimsPrincipal shows up:
- The authentication flow
- The authorization flow

Claims are typically used to store authentication data. #dotnet #aspnetcore 🧵👇🏾
That data is then used to look up more user information (profile data) usually store in a database/cache. This profile data usually also contains permissions and authorization rules are then run over this user for different types of application "resources".
These resources typically include (but are not restricted to):
- The HTTP endpoint
- Some business object

The authorization process usually needs access to all user profile information including permissions to do authorization checks.
Read 11 tweets
Jun 26
The oral history of Dave Cutler is a real gem:
Part 1:
Part 2:
Windows NT is a marvel of an operating system and his work has been immensely impactful on the industry at large. I also love that he's an engineer through and through.
Some gems:
- Engineers should care *deeply* about the quality of the code they write (he hated when he had bugs assigned to him).
- Coding != Software engineering. They brought strong engineering culture to Microsoft from DEC.
- Go interview elsewhere to know your worth😉.
Watching these luminaries, I see a pattern of small teams of highly capable people building largely impactful software projects.
Read 4 tweets
Jun 15
New feature that came out with minimal APIs in .NET 7 preview 5 (devblogs.microsoft.com/dotnet/asp-net…), the ability to declare parameter list surrogates: #dotnet #aspnetcore
You can refactor long argument lists into structs as a "zero cost abstraction". The struct's members will be bound as if they were parameters declared on the method.
It's not all or nothing, you can also do this with a subset of the parameters:
Read 5 tweets
Jun 15
Let me take you on my @msftorleans journey. Let's say you wanted to define a class that let callers subscribe to an event C#. It could look like this: #dotnet
This implementation uses C# events, but let's be a little more verbose and define the contract for subscribing and unsubscribing callbacks:
Now we store a list of Action for subscribers, and we mutate this list when there's a new subscriber or if one is being removed. Calling DoThing will call each subscriber sequentially.

Now lets make this a little more object oriented and Java like (no shade my java people):
Read 7 tweets
Jun 14
I thought this was common knowledge by now, but software engineers at “big tech” and in some of the major tech hubs in the US makes lots of money. I’d encourage you to look at levels.fyi to see the potential earnings at these companies. #techtwitter #BlackTechTwitter
That said this is about potential. This site doesn’t show how many people exists at these levels, let alone how many underrepresented people exist at some of these levels.
At Microsoft about 5.6% (query.prod.cms.rt.microsoft.com/cms/api/am/bin…) of the population is black and I know, just by looking around that there are a lot fewer in the upper echelons of levels. The percentages are more abysmal the further up the chain you go.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(