Delivering solid user friendly software solutions since the dawn of time.


Categories: Security

JWT - Json Web Token

  • The claim Names within a JWT must be unique.
  • JWTs with duplicate claim names must be rejected.

Reserved Claim Names

  • "iss" (Issuer) claim: case sensitive string containing a name or uri value.
  • "sub" (Subject) claim: string with principal that is the subject of the JWT.
  • "aud" (Audience) claim: an array of case sensitive strings, each containing a StringOrURI value.
  • "exp" (Expiration Time) claim: value must be an epoch. Use of this claim is OPTIONAL.
  • "nbf" (Not Before) claim: for issuing future tickets. Value is epoch.
  • "iat" (Issued At) claim: the time at which the JWT was issued.
  • "jti" (JWT ID) claim: a unique identifier for the JWT. Can be used to prevent the JWT from being replayed. Case sensitive string.
  • "typ" (Type) claim: to declare a type for the contents of this JWT claims set.

More: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

See 'EntityValidationErrors' while debuging 

Categories: EF

For the lazy ones that did not put a try-catch:

Press ctrl+alt+q and re-evalute this expression.


For the less lazy ones:

catch (DbEntityValidationException dbEx)
    foreach (var validationErrors in dbEx.EntityValidationErrors)
       Trace.TraceInformation("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:", validationErrors.Entry.Entity.GetType().Name, validationErrors.Entry.State); foreach (var validationError in validationErrors.ValidationErrors)
            Trace.TraceInformation("Property: {0} Error: {1}", validationError.PropertyName, validationError.ErrorMessage);

And if you don't like exceptions:

var validationErrors = model.GetValidationErrors();
var h = validationErrors.SelectMany(
x => x.ValidationErrors.Select(
f => "Entity: " +(x.Entry.Entity) + " : " + f.PropertyName + "->" + f.ErrorMessage

Disable cors on IIS 

Categories: IIS

Add following to HTTP Response Headers in case you get cross origin issues (for testing only ofcourse). eg. when you get Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

  • Access-Control-Allow-Origin: *
  • Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept

Simulating webform POST with Fiddler 

Categories: Network

Request Headers
User-Agent: Fiddler
Host: localhost:44300
Content-type: application/x-www-form-urlencoded
Content-Length: 51

Request Body
IdentityReference= 'username'&Password= 'thesecret' 

Azure Adventure 

Categories: Azure

Things to happen when trying to use Azure for the first time... (even though it seems negative, I am pro)

  • Needed to sign-up 4 times, I guess it was an issue with the i in my name vs I on my msdn.


  • First creation of website dissappeared.
  • Was not able to rename my second creation.
  • Deployed website from template (And now uploading extra files? Ftp? Git?)
  • You need to add deployment user.
  • Uploading with FTP is pretty slow. Probably because I was uploading to US. Ok first test works on azure only on wrong location.
  • gmail sending was blocked and suspiciously coming from USA while site should be in west europe?


  • My strong password was not accepted because some of the start letters where the same.
  • When trying to manage firewall issues. The current IP address is not included in existing firewall rules. Do you want to update the firewall rules in order to manage... (Log on to the Windows Azure Management Portal. In the navigation pane on the left, expand your subscription, and then select your SQL Database server by clicking it. In the center pane, view the server-level firewall settings for the selected SQL Database server by clicking Firewall Rules.)
  • Import DB needs storage account, and the azure documentation links to Azure MMC module that is not longer maintained (http://wapmmc.codeplex.com) but the other projects still seems to be there: http://azurestorageexplorer.codeplex.com/
  • A bacpac file is not a sql .bak file (http://sqldacexamples.codeplex.com/)
  • BACPAC files are Data-Tier Applications (aka DAC) packages which are essentially ZIPs that contain an XML representation of the schema and the actual table data stored in JSON format: Tasks -> Extract Data-tier Application -> Gives a dac not a bac  (http://blog.dotsmart.net/2012/10/09/backing-up-appharbor-databases-using-bacpacs/)
  • Use Management Studio 2012 (Uploading with wizard gives plenty of errors. All tables need clustered indexes. eg. ws_discount)

Virtual Machines

  • Signing up for virtual machines, networks and mobile services is separate.
  • Linux VM with meteor - Putty install: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html - sudo curl https://install.meteor.com | /bin/sh - meteor create --example leaderboard - cd leaderboard - meteor (will init mongo database on startup of application)
  • Virtual Machines –> Meteor –> Endpoints section in the Azure management portal, and add a TCP end point for port 3000 (myproject.cloudapp.net:3000)


And then internet hit me... no more internet connection... not even 3G I could thetter over to my laptop... nothing... not at my place not at the neighbours and friends... for hours and no support from customer service... the whole internet grid of flanders kaboem :) ... (edit: it turned out there were some major prodiver issues in flanders, belgium) 

Page 20 of 41 << < 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 40 > >>