Why you should never use OAuth2 for authentication purposes

What OAuth2 (RFC6749 at https://tools.ietf.org/html/rfc6749) tries to solve is delegated access control to a protected resource. Typically a user (the resource owner) gives consent so that a client can access a protected resource (a REST API endpoint for example). However, it is/was common to abuse the protocol and introduce special ‘scopes’ like ‘signin’ or ‘authn’ Read More …

Using ASP.NET based applications on AWS – part 2

Packaging the application is really not harder than calling : msbuild <pathtoprojectfile>  /t:Package /p:DeployIisAppPath=”Default Web Site” But there is more…   Through configuration files in a subdirectory .ebextensions (at the level of web.config) you can add multiple .config files (in yaml format) that let you do all kinds of stuff, from running scripts, simple commands to downloading Read More …

Using ASP.NET based applications on AWS – part 1

AWS has a reputation of being “Microsoft” unfriendly, even arcane in general.  My impression is that this is certainly not true seeing the support they provide on the SDK level (.NET  NuGet packages), the possibility to host classic ASP.NET applications on Elastic Beanstalk (EB), publishing them from Visual Studio, even package and upload from your Read More …

Budget friendly and flexible microservice architectures on AWS

Designing a software architecture that scales well isn’t too hard, but designing an affordable/low budget one is the real challenge. Luckily AWS provides a myriad of services – when cleverly combined – can cut deep in the costs, provided you are willing to undergo some learning curves along the way. In this and next posts Read More …