According to the RFC 7515 standard, JWS (JSON Web Signature) is a small, URL-safe technique for securely conveying claims between two parties. It gives you the ability to digitally sign documents and guarantees that they weren't altered in transit. A particular kind of message authentication code (MAC) called HMAC (Hash-based Message Authentication Code) uses a secret cryptographic key along with a cryptographic hash function. When JWS is used, computing the JWS Signature with a secret key and a hash function is known as employing HMAC.

Why Use JWS HMAC?

• Integrity and Authenticity: JWS with HMAC provides both data integrity and authentication. The signature ensures that the data has not been altered, and since the HMAC key is secret, it can verify that the sender (or signer) of the JWT is who they claim to be.
• Security: HMAC is considered a strong method of ensuring data integrity because it involves a secret key, which makes it difficult to forge compared to non-keyed hashes.
• Compactness: JWS provides a compact way to securely transmit information via URLs, HTTP headers, and within other contexts where space is limited.

How to Use JWS HMAC in an ASP.NET Web Application?
You'll usually be working with JWT (JSON Web Tokens), where JWS forms the signed and encoded string, in order to employ JWS HMAC in an ASP.NET application. Here's how to put this into practice:

Step 1. Install Necessary NuGet Package
A JWT-capable library is required. System is a well-liked option.IdentityModel.Coins.JWT. NuGet can be used to install it.
Install-Package System.IdentityModel.Tokens.Jwt

Step 2. Create and Sign a JWT with HMAC
Here's how you can create a JWT and sign it using HMAC in your ASP.NET application.
using System;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System.Security.Claims;

public class TokenService
{
    public string GenerateToken()
    {
        var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-256-bit-secret"));
        var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);

        var tokenOptions = new JwtSecurityToken(
            issuer: "https://yourdomain.com",
            audience: "https://yourdomain.com",
            claims: new List<Claim>(),
            expires: DateTime.Now.AddMinutes(30),
            signingCredentials: signinCredentials
        );

        var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);

        return tokenString;
    }
}

Explanation

• Secret Key: This is a key used by HMAC for hashing. It should be kept secret and secure.
• Signing Credentials: Uses the secret key and specifies the HMAC SHA256 algorithm for signing.
• JwtSecurityToken: Represents the JWT data structure and allows setting properties like issuer, audience, claims, expiry time, etc.
• JwtSecurityTokenHandler: Handles the creation of the token string.

Step 3. Validate the JWT in ASP.NET
When you receive a JWT, you need to validate it to ensure it's still valid and verify its signature.
public ClaimsPrincipal ValidateToken(string token)
{
    var tokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = "https://www.hostforlifeasp.net",
        ValidAudience = "https://www.hostforlifeasp.net",
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-256-bit-secret"))
    };

    var tokenHandler = new JwtSecurityTokenHandler();
    SecurityToken validatedToken;
    var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out validatedToken);
    return principal;
}

Note. Please change www.hostforlifeasp.net to www.yourdomain.com

This function uses JwtSecurityTokenHandler to validate the token and sets up the parameters (issuer, audience, lifetime, and signature key) that require validation. It throws an exception if the token is invalid and returns a ClaimsPrincipal with the token's claims.

Conclusion
A secure method for managing tokens for information exchange and authentication in ASP.NET is to use JWS HMAC. It gives you piece of mind and security for your online applications by making sure the tokens are authentic and unaltered.

Using a dedicated object instance of the System, developers may now improve performance and security in their multithreaded applications with the release of.NET 9 and C# 13.Threading.type of lock. The advantages of utilizing this new feature, the newly introduced compiler warnings, and the best practices for locking in earlier.NET and C# versions are all covered in this article.

System.Threading.Lock: Why Use It?
Locking a dedicated object instance of the System, starting with C# 13 and.NET 9.Threading.It is advisable to choose a lock type for best results. In multithreaded contexts, this particular lock object is intended to reduce overhead and enhance concurrency.

Warnings from compilers for increased safety
The compiler now raises warnings if a known Lock object is cast to a different type and locked in order to improve code safety. By ensuring that locks are utilized correctly and preventing potential misuse, this lowers the possibility of deadlocks and contention problems.

Best practices for Locking in Older versions

If you're working with an older version of .NET and C#, it's essential to follow best practices to avoid common pitfalls in multithreading. Here are some guidelines.

• Use a Dedicated Object Instance: Always lock on a dedicated object instance that isn't used for another purpose. This helps prevent unintended side effects and conflicts.
• Avoid Using Common Instances as Lock Objects

• Avoid this: Locking on this can lead to issues as callers might also lock the same object, causing deadlocks.
• Avoid Type Instances: Type instances obtained via the type operator or reflection can be accessed from different parts of the code, leading to unintended locks.
• Avoid string Instances: Strings, including string literals, might be interned, causing different parts of the application to inadvertently share the same lock object.

• Minimize Lock Duration: Hold a lock for the shortest time possible to reduce lock contention. This practice ensures that other threads are not blocked for extended periods, improving overall application performance.

Example of using System.Threading.Lock
Here's an example of how to use the new System.Threading.Lock in .NET 9 and C# 13.

public class MyClass
{
    private readonly System.Threading.Lock _lock = new();
    public void CriticalSection()
    {
        lock (_lock)
        {
            // Critical code here
        }
    }
}

Example
The following example defines an Account class that synchronizes access to its private balance field by locking on a dedicated balance lock instance. Using the same instance for locking ensures that two different threads can't update the balance field by calling the Debit or Credit methods simultaneously. The sample uses C# 13 and the new Lock object. If you're using an older version of C# or an older .NET library, lock an instance of an object.
using System;
using System.Threading.Tasks;
public class Account
{
    // Use `object` in versions earlier than C# 13
    private readonly System.Threading.Lock _balanceLock = new();
    private decimal _balance;
    public Account(decimal initialBalance) => _balance = initialBalance;
    public decimal Debit(decimal amount)
    {
        if (amount < 0)
        {
            throw new ArgumentOutOfRangeException(nameof(amount), "The debit amount cannot be negative.");
        }
        decimal appliedAmount = 0;
        lock (_balanceLock)
        {
            if (_balance >= amount)
            {
                _balance -= amount;
                appliedAmount = amount;
            }
        }
        return appliedAmount;
    }
    public void Credit(decimal amount)
    {
        if (amount < 0)
        {
            throw new ArgumentOutOfRangeException(nameof(amount), "The credit amount cannot be negative.");
        }

        lock (_balanceLock)
        {
            _balance += amount;
        }
    }
    public decimal GetBalance()
    {
        lock (_balanceLock)
        {
            return _balance;
        }
    }
}
class AccountTest
{
    static async Task Main()
    {
        var account = new Account(1000);
        var tasks = new Task[100];
        for (int i = 0; i < tasks.Length; i++)
        {
            tasks[i] = Task.Run(() => Update(account));
        }
        await Task.WhenAll(tasks);
        Console.WriteLine($"Account's balance is {account.GetBalance()}");
        // Output:
        // Account's balance is 2000
    }
    static void Update(Account account)
    {
        decimal[] amounts = { 0, 2, -3, 6, -2, -1, 8, -5, 11, -6 };
        foreach (var amount in amounts)
        {
            if (amount >= 0)
            {
                account.Credit(amount);
            }
            else
            {
                account.Debit(Math.Abs(amount));
            }
        }
    }
}

A centralized user authentication system called Single Sign-On (SSO) enables users to log in just once and access numerous apps. By eliminating the need for several passwords and lowering the possibility of password fatigue, SSO improves user comfort and security. This article explores utilizing IdentityServer4 to provide SSO in an ASP.NET Core application.

Comprehending SSO
A central identity provider (IdP) is given authentication duties by SSO. The service sends the user to the IDP for authentication when they try to access it. The IDP provides a token that the service uses to confirm the user's identity after successful authentication.

Why Use SSO?
Improved User Experience: Users log in once to access multiple applications.
Enhanced Security: Centralized authentication reduces password-related risks.
Simplified Management: Administrators manage a single authentication system.
Compliance: Easier to enforce security policies and compliance requirements.

Implementing SSO with ASP.NET Core and IdentityServer4
Step 1. Setting Up IdentityServer4
Create a new ASP.NET Core project
dotnet new mvc -n SSOApp
cd SSOApp

Add IdentityServer4 NuGet package
dotnet add package IdentityServer4
dotnet add package IdentityServer4.AspNetIdentity

Configure IdentityServer4 in Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryIdentityResources(Config.IdentityResources)
    .AddInMemoryApiResources(Config.ApiResources)
    .AddInMemoryClients(Config.Clients)
    .AddAspNetIdentity<ApplicationUser>();
services.AddAuthentication()
    .AddGoogle("Google", options =>
    {
        options.ClientId = "your-client-id";
        options.ClientSecret = "your-client-secret";
    });
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute();
});
}

Define Identity Resources, API Resources, and Clients in Config. cs
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
    new List<IdentityResource>
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile(),
    };
public static IEnumerable<ApiResource> ApiResources =>
    new List<ApiResource>
    {
        new ApiResource("api1", "My API")
    };
public static IEnumerable<Client> Clients =>
    new List<Client>
    {
        new Client
        {
            ClientId = "client",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },
            AllowedScopes = { "api1" }
        }
    };
}

Step 2. Setting Up a Client Application
Create a new ASP.NET Core MVC project
dotnet new mvc -n ClientApp
cd ClientApp

Add necessary NuGet packages
dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
dotnet add package Microsoft.AspNetCore.Authentication.Cookies

Configure authentication in Startup. cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
    options.Authority = "https://localhost:5001";
    options.ClientId = "client";
    options.ClientSecret = "secret";
    options.ResponseType = "code";
    options.SaveTokens = true;
    options.Scope.Add("api1");
    options.Scope.Add("offline_access");
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute();
});
}

Step 3. Testing the SSO Implementation
Run the IdentityServer4 and Client applications.
dotnet run --project SSOApp
dotnet run --project ClientApp

Access the Client application: Navigate to the Client application URL (e.g., https://localhost:5002).
Initiate Login: Click the login button to redirect you to the IdentityServer4 login page.
Authenticate: Provide your credentials, and upon successful authentication, you will be redirected back to the Client application with the SSO session established.

Conclusion
Implementing Single Sign-On in ASP.NET Core applications using IdentityServer4 significantly improves user experience and security. By centralizing authentication, you streamline user management and enhance overall security. This article provides a comprehensive guide to setting up SSO in your ASP.NET Core applications, paving the way for a more efficient and secure authentication process.

This is a brief guide for people who use IIS and.NET Core. Two.NET Core applications operating on the same instance of IIS must each have its own Application Pool in order for the issue to be raised. Multiple apps in the same app pool are not supported by ASP.NET Core, according to HTTP Error 500.35. Take these actions.

1. Make a fresh pool

2. If you are adding a new application, select the created Application Pool, in this example, NewPool.

3. If the application is already deployed, alter the Basic Settings to the new Application Pool.

I hope these tips help you.

The Random class's GetItems() method is one of the potent new features introduced in.NET 8. Working with randomness should be simpler, more effective, and intuitive with this approach. This post will go over the uses, functionality, and improvements that the GetItems() method may provide to your.NET projects.

Table of Contents

1. Introduction to the GetItems() Method
2. Basic Usage
3. Practical Applications
4. Comparing Traditional Methods with GetItems()
5. Best Practices
6. Conclusion

Overview of the GetItems() Procedure
The Random class in.NET 8 now has a new method called GetItems(). It lets you choose a predetermined number of objects at random from a collection. This can be very helpful in situations where you need to add some unpredictability to your application or shuffle data or create random samples.

Standard Usage
Using the GetItems() function is simple. This is the fundamental syntax:

public static T[] GetItems<T>(this Random random, IList<T> list, int count);

• random: An instance of the Random class.
• list: The collection from which items are to be selected.
• count: The number of random items to select.

Here’s a simple example to illustrate its usage.
Random random = new Random();
List<int> numbers = new List<int> { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int[] randomNumbers = random.GetItems(numbers, 3);
foreach (var number in randomNumbers)
{
    Console.WriteLine(number);
}

In this example, GetItems() selects three random numbers from the numbers list.

Practical Applications
Random Sampling in Surveys
Suppose you're conducting a survey and need to randomly select participants from a list. The GetItems() method makes this easy:
List<string> participants = new List<string> { "Alice", "Bob", "Charlie", "David", "Eve" };
string[] selectedParticipants = random.GetItems(participants, 2);
Console.WriteLine("Selected Participants:");
foreach (var participant in selectedParticipants)
{
    Console.WriteLine(participant);
}

Random Shuffling of Cards
In game development, shuffling a deck of cards is a common requirement. Using GetItems(), you can shuffle cards effortlessly:
List<string> deck = new List<string> { "2H", "3H", "4H", ..., "KS", "AS" };
string[] shuffledDeck = random.GetItems(deck, deck.Count);
Console.WriteLine("Shuffled Deck:");
foreach (var card in shuffledDeck)
{
    Console.WriteLine(card);
}

Comparing Traditional methods with GetItems()
Before GetItems(), achieving similar functionality required more verbose and less readable code. Here’s how you might have done it traditionally:
Random random = new Random();
List<int> numbers = new List<int> { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
List<int> selectedNumbers = new List<int>();
HashSet<int> usedIndices = new HashSet<int>();
while (selectedNumbers.Count < 3)
{
    int index = random.Next(numbers.Count);
    if (usedIndices.Add(index))
    {
        selectedNumbers.Add(numbers[index]);
    }
}
foreach (var number in selectedNumbers)
{
    Console.WriteLine(number);
}

Using GetItems(), the same task is simplified.
int[] randomNumbers = random.GetItems(numbers, 3);
foreach (var number in randomNumbers)
{
    Console.WriteLine(number);
}

Best Practices

• Validate Parameters: Ensure the count parameter does not exceed the size of the list to avoid exceptions.
• Seed Control: For reproducible results, initialize the Random class with a fixed seed.
• Performance Considerations: For very large collections, be mindful of performance implications when using GetItems() frequently.

Conclusion
The GetItems() method in .NET 8 is a welcome addition for developers who frequently work with random data selections. By providing a concise and efficient way to select random items from a collection, it simplifies code and enhances readability. Whether you’re developing games, conducting surveys, or implementing any feature requiring randomness, GetItems() is a tool that can significantly streamline your development process.