Sunday, 23 December 2018

Understand and Implement Roles Vs Claims Based authentication in MVC Web API

In this blog, you will learn on how to Implement Roles and claims based authentication.

You will also understand what is the difference between roles and claims on implementation and also understand which use cases you should use claims and roles.

  1. First Step is to create a new ASP.Net identity Project from the MSFT Doc link. https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project
  2. Add a new folder called App_Start.
  3. Add a class file called  WebApiConfig.cs to the App_Start folder. 
  4. Copy the below code to WebApiConfig.cs, this where your routing url definition is done. Below code represents what url is navigated by default to access your web api.
  5. Right click on project, select ADD=>New Item=>Search for Global.
  6. Click on add, remove all method except Application_Start in Global.asax.cs and add the below code to the Global.asax.cs . Incase System.web. Http is not found, then Install-Package Microsoft.AspNet.WebApi
  7. Now add new controller to test the whether routing we have implemented is working or not. Right click on project => Add => "Web API Controller Class" and name the controller.
  8. Name the controller as ProductController
  9. Open the chrome browser and enter URL: http://localhost:{yourportno}/api/product
  10. Now start adding authorization to the contoller. Add [Authorize] to the ProductController. 
  11. Now when you try to navigate the same product url without logging in, you will get 404 error.
  12. Now let us add code to make it Roles based access application.
  13. Add the below code to startup.cs. Inside the same namespace.
  14. Now we will add roles to register web page, so we can access the product controller based on the roles.
  15. Add below code to register.aspx as below between username and password. You can find the code here
  16. In Register.aspx, change the code as below. 
  17. Now create user with name admin with adminstrator role and another user with name productowner with product owner role. 
  18. Change the Authorize atribute to Authorize(Roles = "productowner")
  19. Now close the browser and login into the app using admin user, you should error page. 
  20. Now close the browser and login into the app productowner user, you should see value1 and value2, with success response. 
  21.  Major problem with the roles, if we want to give one of the product owner say sam who dont have access to create a product then you might have to add another role. This is huge problem because you cannot keep adding role for every action that needs to denied or access given. 
  22. This is why claims comes into picture where you can give action based access to the controller than the roles based access to the controller. A claim is a name value pair that represents what the subject is, not what the subject can do.
  23. Now we will start implementing claims by making changes in the register.aspx as below. 
  24. Let us add ClaimsAuthorizeAttribute class to authorize based on claims.
  25. Now add attribute to the product controller as below. [ClaimsAuthorize("createproduct", "1")].
  26. Now add a user named productaccess which will add createproduct claims based on the step 23. 
  27. Now login with productaccess and test the product controller, you can access the product controller. 
  28. Now login with productowner user and test the product controller, you will not get unauthorizedexception
When you compare the role based access authorize attribute and custom claim filter attribute, you can see, when you want to change the access to one user, you just need to add or remove the claims from the user alone and will not affect any other roles that are defined. That is advantage of using claims instead of roles

Friday, 20 April 2018

Run and deploy in Azure ML Studio - Part 2

  1. Run the Model.

      
  1. After completing the model run. You can visualize the data by right clicking on the Score model and navigating to the Visualize as below.  


  1. After visualizing the data, you can see the Scored labels(output). This is the predicted value that comes out of the tested dataset. It will lie between -3 to 3 
  1. Close the visualize popup and Select Setup Web Services and click onUpdate Predictive Experiment 
  1. This will create the predictive experiment canvas as a tab next to training experiment. Then selectSelect Column in Datasetand then click onLaunch Column Selector”.   
  1. Remove the symboling (safety factor) feature so it will not be part of input from the external api call. And Click save 
  1. Run  the model. 
  1. Search forSelect columns in Datasetmodule and add the module in the predictive experiment canvas and then connect them to score model and Web Service output as below 
  1. Remove all columns except Scored Labels feature on clicking on theLaunch Column Selectoras below. 


  1. Run the model again 
  1. Then SelectDeploy Web Service 
  1. Once the Deploy web service is executed, it navigates to predictive experiment dashboard, where you can test the web service. Easiest way to test the web service is to click on theTestlink show below. 
  1. After clicking the test link it moves to “Microsoft Azure Machine Learning Web Services”. For easier testing enable the Sample data feature. 
  1. On enabling you will see the data being filled automatically and then click on Test. 
  1. You can see the predicted result on how safe the car is. 

Build Bot using LUIS