Recording: Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity

In case you missed it or would like to see it again, a recording of my presentation “Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity” is now available. I hope you enjoy watching it!

Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity at Logical Advantage Charlotte Tech Talks

Thanks to everyone who attended my presentation “Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity” at the Logical Advantage Charlotte Tech Talk on Tuesday, September 15, 2015. I really enjoyed sharing some of the things I’ve learned while struggling for countless hours/days/weeks/months to get this working. Security is not simple! Please click the link to view the abstract as well as to find links to other downloads, resources, recordings, etc.


Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity at CodeStock 2015

Thanks to everyone who attended my presentation “Authentication Using Tokens for AngularJS, OWIN, ASP.NET Web API & Identity” at CodeStock on Saturday, July 11, 2015. This was my first time presenting at CodeStock. I have to admit it was a lot of fun and a great honor. Please click the link to view the abstract as well as to find links to other downloads, resources, recordings, etc.

User Group Website Feature List

MousetrapLast week, I talked about the need and desire to build a better mousetrap. And by mousetrap, I mean user group website. If you think about it, a website is a good kind of mousetrap. You want people to easily find it. You want it to be enticing so that they want to learn more and get involved. And you want it to provide quality information so that they keep coming back.

Of course, having a good website alone will not guarantee the success of the user group. That requires a strong leadership team putting on interesting and challenging meetings and events every month. If you build upon this foundation month after month, the world will beat a path to your door. And a quality user group website helps accomplish this.

I’ve been thinking a lot about what features our user group website requires. As I mentioned previously, there are five very basic yet critical goals that I think are a must:

  1. Showcase who, what, where, when.
  2. Build a membership list containing names and email addresses.
  3. Easily communicate with members.
  4. Track meeting registration so you know how many people to expect.
  5. Build an online history.

These goals require the following high-level features:

  1. Clean, minimal site design viewable on “three screens”.
  2. Search engine friendly.
  3. Reduced user interface friction.
  4. Member management.
  5. Communication management.
  6. Event management.
  7. Event registration including both tracking attendance as well as support for cancellations.
  8. Searchable event archive.

I invite you to leave a comment if there is a feature you would like to add to the list above. The next step will be to design a database schema capable of supporting the data required for these features. And as always, leave a comment if you would like to participate.

Basic HttpWebRequest/Response

A friend recently asked how do you make a call to a web page via code. For example, the web page might be designed to return some data in a text-based format and filtered by query string parameters. (While this is more commonly done using a web service, it can also be accomplished by controlling the output of the HttpResponse object.) The following is a basic demonstration of how you might go about coding this in Visual C#:

/// Makes a request to a Uniform Resource Identifier (URI) for accessing data from the Internet.
/// </summary>
///The URI that identifies the Internet resource.
///The URI of the proxy server.
/// Returns a response to an Internet request.
/// Returns a message that describes the current exception.
///     GetWebResponse("", null);
private static System.String GetWebResponse(System.String requestUriString, System.String proxyAddress)
    System.Net.WebResponse webResponse = null;
    System.IO.StreamReader stream = null;
    System.String result = null;

        /* Initialize the web request. */
        System.Net.HttpWebRequest webRequest = (System.Net.HttpWebRequest)System.Net.HttpWebRequest.Create(requestUriString);
        /* Optionally specify the User Agent. */
        webRequest.UserAgent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)";
        /* Optionally create a proxy for the request object to use if you sit behind a firewall. */
        if (System.String.IsNullOrEmpty(proxyAddress) == false)
            System.Net.WebProxy webProxy = new System.Net.WebProxy(proxyAddress);
            webRequest.Proxy = webProxy;

        /* Make a synchronous request and convert the response into something we can consume. */
        webResponse = webRequest.GetResponse();
        stream = new System.IO.StreamReader(webResponse.GetResponseStream());
        result = stream.ReadToEnd();
    catch (Exception ex)
        //TODO: Log and handle the exception rather than just pass it back.
        result = System.String.Format("Error: {0}", ex.ToString());
        /* Clean-up system resources. */
        if (stream != null) { stream.Close(); }
        if (webResponse != null) { webResponse.Close(); }

    return result;

The first step is to initialize the web request by calling the Create method in the System.Net.HttpWebRequest class. It is preferred to use this method rather than the HttpWebRequest constructor. The method takes one parameter which is the URI for the web page you want to call including any query string parameters. For example, you could use the URI for my Twitter profile: “”. In the example above, the object that is returned from the method is cast as a System.Net.HttpWebRequest rather than the default generic System.Net.WebRequest object since I can control scheme of the URI. You can also optionally specify the User Agent and/or Proxy based upon your particular requirements.

Now that the web request has been initialized, you can actually make a synchronous request to the web page by calling the GetResponse method. Up until now, you have not actually called any web page or resource. The method returns a WebResponse object that contains the actual response from the web page request. Once you have that, you can quickly stream the data returned out of the object and convert it into a string that can easily be consumed elsewhere. In the case where I have used this code before, we took the XML string that was returned from calling a third-party web page and loaded it into an XmlDocument that was then used to update a SQL Server database table.

Works on My Machine Certification ProgramAs this is my first code example, I must point out the “Works on My Machine Disclaimer”. All postings on this blog are provided “AS IS” with no warranties, confer no rights, and offer exactly zero support. If it deletes files or kills your family cat, you have been warned. It might work great, and it might not. It hasn’t been tested against the myriad of other products out there, but it works on my machine. Good luck!

Getting Started

Before we can start this journey together, I should take a moment to declare the foundation upon which everything will be built upon going forward. In other words, I need to tell you which languages and frameworks I currently make my living off of and will be blogging about. And I would like to do so without trying to intentionally fan the flames of the already overblown Microsoft vs. [fill-in-the-blank] wars. While I was in college, I thought I could do it all and be an expert in everything. After all, doesn’t every college grad think they will rule the world one day? Thus I took language courses in Assembly, C/C++, Pascal, COBOL, Visual Basic, Java, and HTML. While admittedly I was not an expert in any of them, I felt I had a good enough understanding of each to be successful coding almost any language after I graduated. However, not too long out of college, I quickly realized that I cannot be an expert in all things. (Shocking, huh?) I needed to quickly make a decision as to where I wanted to take my career. My decision was to focus on Microsoft-based solutions. Right or wrong, it was my decision and one that I have been extremely happy with. More on that another time. Today, I specialize in software development using the Microsoft .NET Framework, Visual C#, ASP.NET, and SQL Server.

With a solid foundation beneath us, I have two tips and tricks I’d like to share with those of you who may be new to software development and/or looking for a way to get a Microsoft-based development environment up and running quickly. Obviously, the first thing you will need is a computer. The more powerful and larger the computer, the better. If your computer has 2 GB of RAM or less, I would recommend using the Microsoft Web Platform Installer to setup your development environment.

The Microsoft Web Platform Installer is a free tool that makes it simple to download, install and keep up-to-date with the latest components of the Microsoft Web Platform, including Internet Information Services (IIS), SQL Server Express, .NET Framework and Visual Web Developer.

What is even more amazing is that not only will it download and install everything listed above, but it will also install popular ASP.NET and PHP applications! Everything you need to get your apps running in just a few clicks. Congrats to the Microsoft IIS and Web Platform teams for reaching out to the community and making something that just works!

If your computer has 2 or more GB of RAM, you might want to consider using a virtual machine to host your development environment. Microsoft Virtual PC and VMware Workstation are likely the most popular virtualization programs currently being offered. Both programs host virtual machines that can run their own operating system and applications just like a “real” computer. It’s a computer within a computer! By “virtualizing” your development environment, you can safely use beta tools and code without polluting – or worse, corrupting – your day-to-day computer. You can also safely format and reinstall your day-to-day computer without loosing your development environment.

What is even more amazing is that Microsoft makes it easy to get your hands on pre-installed and configured virtual machines! Better yet, they are free*! Simply go to the Microsoft Download Center and search for “VHD”. Then search through the results for the latest virtual hard disk image of the version of Microsoft Visual Studio that you want to use. After you download and extract the virtual machine, you will have everything you need to get your apps running in a virtual development environment.

*A word of warning before you start thinking a virtual machine is the cure for something it is not. For starters, with virtualization comes performance degradation. Virtual machines run slower than their “real” counterparts. Depending upon the specifications of your computer, you might not find working with a virtual machine enjoyable or worth your time. Secondly, virtual hard drive images are very, very large. We are talking several GBs in size. Downloading that many bites is not something you want to do on a dial-up Internet connection. It also means you need a lot of available disk space on your day-to-day computer. (I strongly recommended using an external USB hard drive if you only have one hard drive in your computer.) Finally, “free” usually means using a trail or time-restricted version that will expire. As a matter of fact, you can easily loose your entire development environment if you don’t backup your files before a time-bomb renders your virtual machine unusable. In other words, use at your own risk.

Now that we have a solid foundation and development environment up and running using Microsoft-based solutions, let’s keep moving forward.