Rewriting URLs to redirect HTTP requests

This post is a quick guide to start dealing with Azure BLOB Storage Services. I will create a simple .Net Console Application to upload and download a simple file within BLOB Storage Services. Before going ahead, I highly recommend take a look to How to create an Azure Storage Account. It is not complex but mandatory before interacting with BLOB Storage Services.

[More]

Row Level Security in SQL Server

Row-Level Security let us control access to data at row level for any SQL Server table based on users, roles, membership or working context. It tremendously simplifies and improve the options we have to secure, filter, implement restrictions or eventually deal with our data over certain scenarios. What is most relevant for me is that all the security policy can be set centrally at a database level preventing developers from taking care of adding custom where clauses to enforce security. It makes the management of data much more reliable and maintainable.

[More]

Roles for User property in HTTP Current Context

While I was dealing with some potential vulnerability issue affecting to some of "my" MVC 5.0 application in .Net Framework 4.5 and coming from a wrong management of user roles, it turns out that I didn't remember clearly how role management was related to User principal or even, where roles came from in order to IsInRole method were able to work properly to check roles for users. So, let me add this post as a reminder to clarify and shed light on this.

[More]

Provider design pattern at a glance

In a nutshell, the provider model is a design pattern largely used by Microsoft components for allowing an application to make use and choose from multiple implementations of a given contract based on the settings of a configuration file. So, for instance, management of user membership or roles are usually carried out by means of classes based on this pattern (see MemberShipProvider or RoleProvider classes). This way, the application can choose the default provider for dealing with membership or roles, add or remove providers, etc. in a declarative way. It brings a lot of benefits for developers as they can plug new components easily without refactoring code.

[More]