Delivering solid user friendly software solutions since the dawn of time.


Categories: Security

JWT - Json Web Token

  • The claim Names within a JWT must be unique.
  • JWTs with duplicate claim names must be rejected.

Reserved Claim Names

  • "iss" (Issuer) claim: case sensitive string containing a name or uri value.
  • "sub" (Subject) claim: string with principal that is the subject of the JWT.
  • "aud" (Audience) claim: an array of case sensitive strings, each containing a StringOrURI value.
  • "exp" (Expiration Time) claim: value must be an epoch. Use of this claim is OPTIONAL.
  • "nbf" (Not Before) claim: for issuing future tickets. Value is epoch.
  • "iat" (Issued At) claim: the time at which the JWT was issued.
  • "jti" (JWT ID) claim: a unique identifier for the JWT. Can be used to prevent the JWT from being replayed. Case sensitive string.
  • "typ" (Type) claim: to declare a type for the contents of this JWT claims set.

More: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

See 'EntityValidationErrors' while debuging 

Categories: EF

For the lazy ones that did not put a try-catch:

Press ctrl+alt+q and re-evalute this expression.


For the less lazy ones:

catch (DbEntityValidationException dbEx)
    foreach (var validationErrors in dbEx.EntityValidationErrors)
       Trace.TraceInformation("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:", validationErrors.Entry.Entity.GetType().Name, validationErrors.Entry.State); foreach (var validationError in validationErrors.ValidationErrors)
            Trace.TraceInformation("Property: {0} Error: {1}", validationError.PropertyName, validationError.ErrorMessage);

And if you don't like exceptions:

var validationErrors = model.GetValidationErrors();
var h = validationErrors.SelectMany(
x => x.ValidationErrors.Select(
f => "Entity: " +(x.Entry.Entity) + " : " + f.PropertyName + "->" + f.ErrorMessage

Disable cors on IIS 

Categories: IIS

Add following to HTTP Response Headers in case you get cross origin issues (for testing only ofcourse). eg. when you get Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

  • Access-Control-Allow-Origin: *
  • Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept

Simulating webform POST with Fiddler 

Categories: Network

Request Headers
User-Agent: Fiddler
Host: localhost:44300
Content-type: application/x-www-form-urlencoded
Content-Length: 51

Request Body
IdentityReference= 'username'&Password= 'thesecret' 

Page 20 of 41 << < 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 40 > >>