I need to store two strings as one secret value in key vault.
account="aa" key="1254"
But all SetSecretAsync syntaxes accept one string as secret value..
I am not sure if tags can be revelevant here.
Please help!
You could use Newtonsoft Json.NET to serialize an object to a JSON string:
var account = new Account { account = "aa", key = "1254" };
string json = JsonConvert.SerializeObject(account);
This string will contain this:
{"account":"aa","key":"1254"}
which can be stored as the secret.
When you subsequently load the secret, you could then use Json.NET to deserialize the string back into an object:
var account = JsonConvert.DeserializeObject<Account>(json);
As for tags, you could use a tag to indicate what's contained within the secret, and this could be useful if you'll be storing different object types within secrets (not just accounts, for instance). Tags are just key-value pairs, so you could create a tag like so:
secret.Tags = new Dictionary<string, string>
{
["Type"] = "Account"
};
But if you're always going to be storing accounts, then this isn't strictly necessary.
Related
can someone explain me this please? It's about AspNetUser, when we create a table, it generates an id in string, but how good is it? Isn't it bad in terms of security? Because if I want to show something only with one user, I need to compare my id (int) with id (string), I know it's simple and possible but I just need to convert the int to string, but is this method safe?
I was trying this and it worked but i'm comparing a string.
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var plans = _unitOfWork.Games.GetAll().Where(p => p.UserId.Equals(userId));
return View(plans);
The AspNetUser is a part of ASP.NET Identity, which is a framework that provides authentication and authorization services. The Id column of the AspNetUser table is typically generated as a string (GUID) to ensure that it is unique across all users. Comparing the user ID as a string with another string value (such as the value from ClaimTypes.NameIdentifier) is not a security issue. The string comparison is a simple and efficient way to retrieve the data for a specific user. Converting the user ID to an integer would not provide any additional security benefits, but it may impact performance if the integer comparison involves a large number of operations.
Refrence link:
https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.claims.claimtypes.nameidentifier?view=netframework-4.8.1
Also :
What are the best practices for using a GUID as a primary key, specifically regarding performance?
How do I populate a controller field from user claims ? We use claims based authentication and I'm intrested in one of claim values say "Internal Id" which is send along with the user claims.
I'll need to extract this claim value and make it available for all my web api's. I know I can extract the value from the user claims using a loop within each of the action methods.
Is there is better way to do this ? Somthing like a attribute / value provider
you can use an extention method on IIdentity to extract claims, this is how i do it:
public static int GetInternalId(this IIdentity identity)
{
var storedClaim = ((ClaimsIdentity)identity).FindFirstValue("InternalId");
if (string.IsNullOrEmpty(storedClaim)) return 0;
var value = Convert.ToInt32(storedClaim);
return value;
}
and you can call it everywhere you have access to Context object like Controller or ApiController
User.Identity.GetInternalId();
You can create a custom value provider that read the claims from the current user identity, then have a class that represent the list of key/value pair which is the claim/value in your action method.
This will make cause the value provider to fill the key/value pair and you won't have to write any additional code to have the user claims in any action method
i have a MVC application that contains an ASPX page that will be called in single sign on mode.
How can i set the user that is passed by a request call?
I tried to use "Identity" with no fortune.
example:
string username = "MyUsername";
string userid = Guid.NewGuid().ToString("N"); //could be a constant
List<Claim> claims = new List<Claim>{
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", username),
new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", userid)};
var genericIdentity = new GenericIdentity(username);
genericIdentity.AddClaims(claims);
var genericPrincipal = new GenericPrincipal(genericIdentity, new string[] { "aaa" });
Context.User = genericPrincipal;
The second problem is that i have some data regarding the user but i can't set to session (like expected by signalr design).
How can solve it?
Update:
After some search i understand what i really need. When the page is called i check validation of user on database and if it's verified i need to store this information in a way that is reachable everywhere. It's what i would have done with SESSION object.
For me a user is not a simple string, but it's a complex object that contains useful information for the behaviour of the program.
I hope i am clearer.
You can add state on the client proxy.
If your data is too complex for that, you need to pass it at apprpriate times using hub methods.
I have created a pair of private/public keys using SecKeyGeneratePair. I am successfully able to use the public key to encode and private key to decode. However, I need to save the public key and pass it to another user. That user then needs to create a SecKeyRef object using that public key to encode a text and send it back. I can then use the private key to decode it.
This all works within a single application where the public key and private keys are already loaded in SecKeyRef. I have used the Apple recommended code to get publicKeyBits. But, no matter which I call I have tried, I haven't been successful in creating a SecKeyRef to do my encoding/decoding.
My questions are:
How do I save my public key and how do I pass it on?
How do I create a new SecKeyRef object using that public key in a new instance of a client?
I'm using breeze with EF and doing server side validation in the ContextProvider in BeforeSaveEntity and BeforeSaveEntities. That's working but I'm looking for a way to do this validation at a higher level, preferably before the request hits the controller.
I already have a custom http module where all requests are going through. I'm doing some logging and authentication in the custom http module. My goal is to also add some authorization validation at the same time/place.
Let's say I have a user that is updating his profile record. I have his identity in my auth cookie/token. The profile ID (Database PK) is embedded in the JSON passed in the request body. I can't assume the user didn't maliciously change this profile ID value to another value on the client before sending. So I want to pluck out this ID and validate that it is the ID for this user.
I'm getting the request input stream as a JSON string in my http module. In this string is all the breeze stuff: entities array, entity aspects, and of course, the ID I'm looking for.
Are there any helper utilities that can assist me in parsing this json string? either by pulling out specific values based on entity and property name? Or even reconstructing the objects contained in the bundle?
Thanks
Took a look at the breeze SaveChanges code. It uses a public class called SaveWorkState which is constructed using two arguments: a ContextProvider and a JArray. The content of the JArray is the "entities" property in the JSON sent to the server during the savechanges.
Once the SaveWorkState is constructed you can access the EntityInfo objects via the EntityInfoGroups property.
Here's the relevant code:
var serializerSettings = BreezeConfig.Instance.GetJsonSerializerSettings();
var jsonSerializer = JsonSerializer.Create(serializerSettings);
var saveBundle = ... JObject constructed from the JSON posted to your controller ...;
var dynSaveBundle = (dynamic)saveBundle;
var entitiesArray = (JArray)dynSaveBundle.entities;
var contextProvider = ... EFContextProvider<> ...;
var saveWorkState = new SaveWorkState(contextProvider, entitiesArray);
var entityInfoGroups = saveWorkState.EntityInfoGroups; // <- this is what you want.