JWT – JSON Web Token – Introduction


As we know, HTTP is a stateless protocol where each request is treated as an independent request. For rendering static web page, this could still be fine, but what if the web application needs to track a user across multiple requests.That is where Session and state management came to the picture. The server will authenticate the user and if it’s a valid request, the server will save the session id and return the same to the client. The client can pass this session-id for any subsequent request. The server will check for the session id and will process the request for the client.

With server-side session management, scalability can be a challenge, say we have a load-balanced scenario, the user sends a session id in the request which goes to a different server which knows nothing about the session causing failure. Now we can always save the session id in the database which will bring its overhead.

This is where JWT – JSON Web Token comes to rescue that comply with the stateless nature of the HTTP.

JSON is an open standard RFC 7519, that defines a compact and self-contained method for securely transferring information between parties.

The format of JSON Web Token

header.payload.signature

payload is the part of transmitted data that is the actual intended message in computing.

The header will typically contain

  • typ – the type of media, JWT in this case.
  • alg – the algorithm used for signing and/or decryption the JWT

The payload contains information about the client or set of claims. There are seven registered (public) claims and we can define private (custom) claims also.

iss issuer The party that issued the JWT
sub subject The party that this JWT carries information
aud audience Intended recipient
exp expiration Exact moment from which the JWT is considered invalid in ‘seconds since Epoch’ format
nbf from not before Exact moment from which the JWT is considered valid.
Iat Issued at time Time when the JWT was issued
jti JWT ID Unique identifier for this JWT

The third part signature is computed as follows:

Header and Payload are encoded using Base64url encoding and are concatenated with a period separator.

This is then run through the algorithm specified in the header.

HS256(secret, base64URLEncoding(header) + “.” + base64URLEncoding(payload))

The signature is also encoded using Base64urlEncoding

Finally, the token will be

token= base64urlEncoding(header) + ‘.’ + base64urlEncoding(payload) + ‘.’ + base64urlEncoding(signature)

We can encode or decode JWTs at

https://www.jsonwebtoken.io

Here changing the Payload will change the JWT String.

The flow will look something like below

Get the free comprehensive guide on JWT

https://auth0.com/resources/ebooks/jwt-handbook/

Hope it helps..

“The application requires one of the following versions of the .NET Framework” or “.NET Framework 4.7.1 or later is already installed this computer” error while running application


While trying to run an application we were getting the below message

It was taking us to Microsoft Download site for downloading the framework.

We downloaded the 4.7.1 Framework but while trying to install it we got the below message that said the framework or a later update is already installed on this computer.

Tried uninstalling all the .NET Framework version installed including 4.7.

That also didn’t work.

Few of the forums talk about making changes in the registry, that also didn’t help.

Eventually we commented the supportedRuntime element in the configuration file of the application to get through this issue.

https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/startup/supportedruntime-element

https://stackoverflow.com/questions/21566528/what-happens-if-i-remove-the-auto-added-supportedruntime-element

Hope it helps..

Literal Improvement in C# 7.0


C# 7.0 now allows using underscore _ to be used a digit separator.

This adds more readability.

Similarly, we now have Binary Literals, so instead of specifying hexadecimal pattern we can specify bit patterns.

Hope it helps..

Using Out Variables (C# 7.0) instead of Out Parameters


Out Parameters must need to declared before they are used in the method which doesn’t seem intuitive.

Now with C# 7.0 we can now make use of Out variable.

Here in our second call to the method we have used out variable named outVariableString which we didn’t have to declare like output parameter.

Hope it helps..

Tuple Types and Tuple Literals in C# 7.0


Tuple are used when we need to get more than one value returned from the method.

C# 7.0 introduces Tuple Types and Tuple Literals to Tuples

We need to add System.ValueType Nuget Package to add the required assemblies to Visual Studio.

Below sample code shows usage of Tuple type and literal. In our second method, we have named the part of the tuple i.e. name and number.

Now to access the first method we use Item1 and Item2 field, however for our second method as we have named the part we can use those names to access them i.e. name and number.

Output in both the case

Hope it helps..

New Feature – Local Functions in C# 7.0


C# 7.0 adds a new feature called local functions.

Local functions allow us to define function within a function. It can be used to write helper methods that we need to use inside that function’s scope.

Here in the below sample code we have defined one main function (MainFunction) that has one local function(MultiplyBy10LocalFunction) defined inside it. And that local function has one more local function(Add10LocalFunction) defined inside it.

Hope it helps..