One aspect of security which I find interesting is Client Certificate Authentication. It may sound a bit old school to send along a certificate with your request, with the JWT authentication methods that are in fashion for the past years. However I think it still has a valuable purpose to fulfill.
Category: Programming
All my blog posts about programming in general, often C# / .NET related.
Wouter Fennis
Distributing your API definition as a NuGet client
Creating APIs is quite simple nowadays. You can have a functional API up and running in the Azure cloud within minutes. By using an OpenAPI library like Swagger to publish your API’s definition, other systems can easily integrate and utilize its functionality. The real challenge, as with many programming aspects, lies in maintaining the software once other parties start using your API. To help your customers integrate with your API, but also to have some influence over the way the API is called. A client can be created on the maintainer side and distributed using a NuGet package.
Technorama Netherlands 2023 in review
Technorama is a “Deep knowledge IT Conference” as the event is described on the website. And that is definitely true, I wouldn’t describe the sessions as entry level. Most of the presentations given by the large list of speakers require knowledge and experience of working in the field. And for me, that makes it worth spending two days hopping between 14(!) different cinema rooms.
SQL Server Authentication and Authorization on Azure with Managed Identities
Deploying infrastructure to Azure is easy enough these days with Azure Powershell, CLI or Bicep. Making interactions between infrastructure components secure is also facilitated in Azure with Managed Identities for example. Databases however, often have their own authentication and authorization internally which is out of reach for Bicep and ARM templates. How can you secure your dynamically created SQL Server databases in Azure?
Snapshot testing with Verify
Have you ever programmed ugly unit tests that had to check file formats and structured content? With snapshot testing this actually has become manageable.