IVAN SIVAK
  • About
  • Blog
  • CV
  • Contact

ASP.NET Core: Angular2 Template Using Gulp

11/11/2016

2 Comments

 
As we're slowly moving towards Angular2 development in our new production systems using the new ASP.NET Core it's time to come up with a ready-to-go template. As you know from my previous articles I am not a fan of default .NET bundles hence my new Angular2 template uses Gulp as well.
The template: https://github.com/IvanSivak/ASP.NET-Core-Gulp-Angular2-Template.

Feel free to clone and try.
2 Comments

Stream Ciphers: One Time Pad And the Same Key vs. CBC

10/24/2016

0 Comments

 
This article is just for fun as a result of some of my Stanford classes and is related to the One Time Pad cryptographic encryption and related issues with two time pad and recommended solutions to these issues.
As stated in Wikipedia
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is kept completely secret, then the resulting ciphertext will be impossible to decrypt or break
..which is correct. Unless you use the same key more than once and attacker knows it or perhaps tries it. This is what this article is about. Let's first start by implementing really trivial JavaScript example. Since the OTP is about XOR we'll use a simple construction as follows:

    
..note that ^ is the XOR operator.
The whole testing code can be found on my GitHub repository as well as simple Plunker project,

Breaking the Two Time Pad

OK so now that we have some basis example we can actually see what is the issue with the same key being used more than once. Imagine we will encrypt two different messages with the same key:

    
The problem is that by definition if you XOR the two ciphers you will in fact get the XOR of both plain texts: e(a) ⊕ e(b) = a ⊕ b
So in order to exploit the ciphers you basically need to guess a possible word and XOR it with the XOR of two ciphers. Now, how to guess a word? The best is to use the Frequency Analysis and use statistically most common words. In the English language the most used word is not surprisingly "the". Actually a nice list of words can be found on Wikipedia. This is exactly an idea behind the guessDictionary in my example:

    
..hence if we XOR the XOR of two cipher texts with our dictionary we will learn plain text message.

    
..and the result:
Picture
As you can see we have just exploited "This" to be contained within one of the messages. 

Solution

So can we possibly achieve the secure ciphering with the same key and if so how? The answer is Nonce Based Encryption also known as Many Time Key. Well known application of this method is e.g. Cipher Block Chaining (CBC):
Picture
The key thing to notice here is the Initialization Vector, so called "IV". This acts as a random nonce for the same key. It can be either an arbitrary counter or some random number. If it is a counter you just need to make sure it's not predictable (which you also have to ensure for random number in fact). One drawback of CBC is that it is sequential. Means you can't use parallel processing. To be able to use parallel processing use the CBC In Counter Mode instead. The counter mode turns the CBC into Stream Cipher.

Final Notes

I'm not an expert on cryptography but it is clear that cryptography can be very fragile. Whether it was VENONA project where Soviets did use the same keys for multiple messages or TLS 1.0 bug with issue of predictability of IV or many other cases. Cryptography needs a proper implementation and should always be implemented by existing/official algorithms. Do not reinvent a wheel.

CONFIDENTIALITY vs. Integrity

The last but not least - never implement these mechanism alone. While these are very important concept they don't protect you against tampering the ciphers. As such they provide a great confidentiality of a message but no integrity. To provide an integrity you have to introduce a message authentication (MAC) or introduce a public key cryptography concept. This will perhaps be a topic for my next article related to the cryptography. 
As usual, links to GitHub, Plunker available.
0 Comments

ASP.NET Core: MVC6 Gulp Template

9/24/2016

0 Comments

 
As discussed in the previous ASP.NET Core article the purpose of this article is to show you how set up a basic gulp template instead of default .NET Core bundles which I personally don't prefer. In my eyes the gulp is far more powerful and simply becomes a must if you deal with larger JavaScript project.
The whole empty template can be downloaded from my GitHub page: ​https://github.com/IvanSivak/ASP.NET-Core-MVC6-Gulp-Template.

Gulp

The best way to get familiar with my template is just by opening the project and see the changes. Let me just briefly clarify. 
  • There is no bundleconfig.json.
  • The whole JavaScript application is outside the wwwroot folder within the JsApp folder.
  • The same with CSS files - outside the wwwroot in the Styles folder.
  • Everything related to build process is inside the gulpfile.js
  • Every change to JavaScript or CSS files triggers gulp to rebuild the project (gulp watcher - don't forget to run it).

    
  • Everything is set up to reflect the current environment. Gulp does not minify or bundle if you're in development environment. 
  • _Layout.cshtml contains all the logic related to which environment files should be downloaded (using the new <environment> tag helper). For both the JavaScript and CSS.

    
  • Everything is simple and clean. Nicely just on one place in _Layout.cshtml and gulpfile.js.
Let me know if you have any issues with my template or recommendations. Unfortunately I was unable to export the project into a template (issue has been discussed on stack overflow) but since the project is very simple and clean you should be able to just download and rename the project or use it as a reference to set up your own new project.
0 Comments

ASP.NET Core: Overview & CHANGES

9/11/2016

0 Comments

 
After spending a couple of weeks experimenting with the new ASP.NET Core I am confident to say it's the best ASP.NET ever released. There are many reasons why the new version of ASP.NET is better from the previous versions. This article is focused on basic differences,  improvements and shows the basic project set up example using gulp.

.NET vs. mono vs. NuGet

Before we start let's just remind the basic principles and basic options of .NET.
In order to run traditional .NET application there always needs to be a version of .NET Framework installed on a machine where program runs. Whether it's EXE or DLL it always contains so called intermediate language (IL). The IL itself needs to be compiled by just-in-time (JIT) compiler which is included in .NET Framework itself and is part of Common Language Runtime (CLR). In short, just before the program executes the JIT kicks in, compiles the IL and CLR runs the program. Hence, the CLR is responsible for almost every .NET functionality and FCL (Framework Class Library) contains all .NET types and classes.
Mono is open source project developed by community. It is compatible with .NET framework and uses the same principle as MS CLR. It offers distributions for Linux, Mac and Windows which makes it a cross-platform alternative for .NET applications. Mono also stands on basis of Xamarin. 
As every packaging system the NuGet exists to make things easier. Since .NET framework itself is a very large set of classes, types, libraries etc. (the FCL and CLR) it is difficult to make updates. With every new FCL version Microsoft needs to distribute new .NET Framework version. This is what makes the NuGet so useful. You can deliver or update only particular libraries. Great example is MVC or WebAPI. These libraries are NuGet packages. They do not exist in FCL. This is what allowed these libraries to evolve so rapidly. Rapid updates of single NuGet packages not tied to .NET Framework allowed them to be developed and updated much faster. 

ASP.NET Core

There are many advantages and changes in ASP.NET Core over the previous ASP.NET. Here is a list to name the most important ones
  • While it is true that .NET Core has also an equivalent of CLR and FCL called CoreCLR and CoreFX, these are fully distributed as NuGet packages itself. This is a tremendous advantage as stated above.
  • Cross platform. One of the biggest advantages. Since the .NET Core CLI (Command Line Interface) exists in three distributions for the Linux, Mac and Windows, the .NET Core applications can hence run on these platforms as well. It is the .NET Core CLI that executes the intermediate language (IL). You don't need Windows anymore. 
  • .NET Core is much more efficient and lightweight. CoreFX does not include complete frameworks such as FCL does for WPF, WebForms etc. Traditional .NET Framework contains plenty of things you don't need in your application. The CoreFX contains only basic features such as collections etc. Everything else is distributed by the NuGet. The .NET Core is also much smaller.
  • Web Forms do not exist in ASP.NET Core anymore.
  • No need for web.config (required only if hosted on IIS).
  • No global.asax (instead application events are handled in the main method).
  • Contains various optimizations and performance improvements, is open source, can run as stand-alone application and many more details...

WebAPI vs. mvc vs. system.web

  • The system.web library is tied to IIS server.
  • In classic ASP.NET the MVC is tied to system.web which is quite constricting in terms of multi platform capabilities.
  • WebAPI is not tied to system.web library and as such it gives the project the ability to be self hosted.
  • The "old" MVC and WebAPI have been unified into one single framework called MVC for ASP.NET Core. Both share the same set of types and of course don't depend on system.web.

Example asp.net core project

Let's get started with an example. First of all, if you don't use at least Visual Studio 2015 Update 4 you will need to download the ASP.NET Core template into your visual studio. Everything is nicely described on the official documentation page here: https://docs.asp.net/en/latest/ or you can simply go straight to the download link at: ​https://www.microsoft.com/net/core.

No CSPROJ file & global.json

One thing I really like among others is that there's no csproj file anymore. It makes it easier for source version control. How many conflicts of project file we already had in GIT? The ASP.NET Core simply reflects the file system. There's no need for "include in the project" function and so on. Instead the global.json is presented. 

project.json

The project.json contains various meta data of a project, settings such as publishOptions and very important - references to NuGet packages. Note that NuGet packages are not installed into the packages folder anymore. Instead all NuGet packages are inside your user folder, e.g. c:\users\ivan\.nuget
Picture

wwwroot

In classic ASP.NET everything was pretty much contained within the project root. The new wwwroot folder brings more clarity into web publishing as only what stays in wwwroot folder is accessible by a web server. This can be changed in project.json/publishOptions though, e.g. we want Views folder to be exposed as well hence we can add it as follows:

    

Dependencies & Bower

Dependencies folder is about client side development. In principle the Bower is the same as NuGet. The difference is that Bower is focused on client side libraries and frameworks (such as jQuery, Bootstrap, Angular etc.) and runs under Node.JS. NPM (Node Package Manager) is the same thing but aims at Node.JS libraries, such as Gulp etc. 
Picture

.Net Core Bundles vs. Gulp

When you create a new ASP.NET Core Web Application the default template uses built-in .NET Core bundles mechanism which takes care of JavaScript and CSS files bundling and minification. The same can be achieved using well known Gulp and both have their pros and cons.
Personally, I prefer the Gulp over the built-in .NET Core bundles. My projects usually tend to be JavaScript very rich and it is mostly the JavaScript part that grows a lot. As the development goes by sooner or later you will end up using various gulp plugins such as nunjucks for templates processing and many others. Having it all (the minification and bundling) nicely managed by gulp since the beginning brings more clarity to the project and in my eyes is a way more powerful.
There are alternatives, for example ASP.NET MVC Boilerplate template that uses gulp. The whole story behind .NET Core default web template and why it doesn't use gulp is described here. Since Boilerplate is quite heavy template I decided to create my own lightweight ASP.NET Core MVC6 Gulp Template. This will be described in my next article about such lightweight template.
0 Comments
<<Previous

    About

    Blog about my programming experiments, tests and so on.

    View my profile on LinkedIn

    Categories

    All
    Algorithms
    Angular 2
    ASP.NET
    ASP.NET Core
    Aurelia JS
    Cryptography
    Data Structures
    Gulp
    JavaScript
    Math
    MVC6
    .NET Core
    React JS
    Security
    SQL Server

    Archives

    November 2016
    October 2016
    September 2016
    May 2016
    March 2016
    February 2016
    January 2016
    December 2015
    October 2015

    RSS Feed

Ivan Sivak


Stack overflow

Stack overflow profile

LinkedIn

LinkedIn profile

Email

ivansivak@outlook.com

GitHub

GitHub repository
  • About
  • Blog
  • CV
  • Contact