C# protecting Swagger endpoints

What if we do not want to open our OpenAPI schema to the world? We can choose some paths:

basic authorization
OpenId Connect authorization using identity server

In this article, I am going to show the second path.

Default tools

First of all, I tried to configure OAuth 2 authorization with integrated tools of swagger UI:

namespace App
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();

            services
                .AddAuthentication(options =>
                {
                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                })
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
                {
                    options.Authority = "https://demo.identityserver.io/";
                    options.TokenValidationParameters.ValidateAudience = false;
                });

            // Add OpenAPI/Swagger document
            services.AddOpenApiDocument(configure =>
            {
                configure.SchemaNameGenerator = new CustomSchemaNameGenerator();
                configure.TypeNameGenerator = new CustomTypeNameGenerator();
                configure.PostProcess = document =>
                {
                    document.Info.Version = "v1";
                    document.Info.Title = "App API";
                    document.Info.Description = "A simple ASP.NET Core web API";
                    document.Info.TermsOfService = "None";
                    document.Info.Contact = new OpenApiContact
                    {
                        Name = "Renat Sungatullin",
                        Email = string.Empty,
                        Url = "https://medium.com/dev-genius/nswag-csharp-client-with-generics-support-6ad6a09f81d6"
                    };
                };

                configure.AddSecurity("bearer", Enumerable.Empty<string>(), new OpenApiSecurityScheme
                {
                    Type = OpenApiSecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows()
                    {
                        AuthorizationCode = new OpenApiOAuthFlow()
                        {
                            Scopes = new Dictionary<string, string>
                            {
                                { "api", "" },
                            },
                            AuthorizationUrl = "https://demo.identityserver.io/connect/authorize",
                            TokenUrl = "https://demo.identityserver.io/connect/token"
                        },
                    }
                });

                configure.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor("bearer"));
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseStaticFiles();

            app.UseHttpsRedirection();
            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            // Add OpenAPI/Swagger middlewares
            app.UseOpenApi();
            app.UseSwaggerUi3(ConfigureSwaggerUi);

            app.UseEndpoints(endpoints =>
            {
                endpoints
                    .MapControllers()
                    .RequireAuthorization(new AuthorizeAttribute { AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme });
            });
        }

        private static Action<SwaggerUi3Settings> ConfigureSwaggerUi =>
            settings =>
            {
                settings.OAuth2Client = new OAuth2ClientSettings
                {
                    ClientId = "interactive.confidential.short",
                    ClientSecret = "secret",
                    AppName = "Weather",
                    UsePkceWithAuthorizationCodeGrant = true
                };
            };
    }
}

But it has some disadvantages.

if an access token expired then you cannot do anything, just logout login again — badly uncomfortable
API methods protected but swagger UI page is opened for all world

To solve these drawbacks swagger endpoints should be protected, and a client for OAuth 2 should work correctly.

#swagger-ui #swagger #openid-connect #csharp #identityserver4 #c++

How to Run C/C++ in Sublime Text?

C and C++ are the most powerful programming language in the world. Most of the super fast and complex libraries and algorithms are written in C or C++. Most powerful Kernel programs are also written in C. So, there is no way to skip it.

In programming competitions, most programmers prefer to write code in C or C++. Tourist is considered the worlds top programming contestant of all ages who write code in C++.

During programming competitions, programmers prefer to use a lightweight editor to focus on coding and algorithm designing. Vim, Sublime Text, and Notepad++ are the most common editors for us. Apart from the competition, many software developers and professionals love to use Sublime Text just because of its flexibility.

I have discussed the steps we need to complete in this blog post before running a C/C++ code in Sublime Text. We will take the inputs from an input file and print outputs to an output file without using freopen file related functions in C/C++.

#cpp #c #c-programming #sublimetext #c++ #c/c++

Clotilde Champlin

1597937354

Dicey Issues in C/C++

If you are familiar with C/C++then you must have come across some unusual things and if you haven’t, then you are about to. The below codes are checked twice before adding, so feel free to share this article with your friends. The following displays some of the issues:

Using multiple variables in the print function
Comparing Signed integer with unsigned integer
Putting a semicolon at the end of the loop statement
C preprocessor doesn’t need a semicolon
Size of the string matters
Macros and equations aren’t good friends
Never compare Floating data type with double data type
Arrays have a boundary
Character constants are different from string literals
Difference between single(=) and double(==) equal signs.

The below code generates no error since a print function can take any number of inputs but creates a mismatch with the variables. The print function is used to display characters, strings, integers, float, octal, and hexadecimal values onto the output screen. The format specifier is used to display the value of a variable.

%d indicates Integer Format Specifier
%f indicates Float Format Specifier
%c indicates Character Format Specifier
%s indicates String Format Specifier
%u indicates Unsigned Integer Format Specifier
%ld indicates Long Int Format Specifier

Image for post

A signed integer is a 32-bit datum that encodes an integer in the range [-2147483648 to 2147483647]. An unsigned integer is a 32-bit datum that encodes a non-negative integer in the range [0 to 4294967295]. The signed integer is represented in twos-complement notation. In the below code the signed integer will be converted to the maximum unsigned integer then compared with the unsigned integer.

Image for post

#problems-with-c #dicey-issues-in-c #c-programming #c++ #c #cplusplus

Jeremy Reilly

1599591420