I was trying to get a global .NET Core tool working on my development machine, which just so happens to be running macOS. I also work wit....NET macOS
We’ve moved around CSS frameworks in the past few years, Semantic UI for our application layer, and Bootstrap for our static sites. As ou...SASS
New to the frontend at RIMdev, or looking for more about our Frontend team? Here’s a quick overview of our team, tools, and culture! As ...Team RIMdev Frontend
We’re in the process of scaffolding out our Microsoft Azure environments using Terraform. We’re looking at deploying consistently from ma...Azure Terraform
Requirement ASP.NET Core 2.2 or 3.0 Why can’t I do this in earlier versions? Read ASP.NET Core 2.2 First Look – Endpoint Routing ...ASP.NET Core Routing Middleware
Health checks in ASP.NET Core are useful for reporting the health of your ASP.NET Core web application. But, this functionality can’t dir....NET
As I’ve walked through upgrading a number of solutions to target a new version of the .NET Framework, I’ve compiled a list of helpful ste....NET
What is WSL? Windows Subsytsem for Linux (aka WSL) is an excellent tool for running Linux-based binaries natively in Windows. With the i...WSL git ASP.NET MVC
Updated Solution! Thanks for the post!If you don't want to create a web.config, you can also drive this through the <AspNetCoreHo...asp.net asp.net core
I, Khalid Abuhakmeh, recently wrote about my [Razor Pages first impressions][khalid] and am mostly positive about the addition to the ASP...asp.net asp.net core razor
We’re in the process of scaffolding out our Microsoft Azure environments using Terraform. While Terraform does an excellent job creating ...Terraform OSS
TL;DR Explicitly using SqlBulkCopy might never cause this problem since mapping is done manually, but NPoco’s usage does automatic map...NPoco SqlBulkCopy
As you’re building out an API it’s important to keep response times in check. In many cases slowness is due to database calls, web reques...Benchmarking OSS
We’ve accomplished so much this year thanks to @VueJS that we wanted to give back to the Vue community in some way. Ritter IM is sponsor...VueJS
Security is an essential part of any application ecosystem, but it can also be a nebulous concept for an organization to grasp. During our system rewrite, the team has had discussions on the topic of securing a system.
What we’ve found is there are five levels of security an application might have in regards to user access, and each access level is a prerequisite to continuing to the next.
We must first identify the individual. Identity can be a simple login process or a stringent authentication process with questions, two-factor authentication, or more.
At level 2, we need to recognize what actions a user can take within the system. Can they edit a resource, or can they just read it? Permissions can make the user experience narrow or broad.
This level identifies resources that the current user has access to directly. While the user may be able to modify records, we want to limit which resources they can change. It is also essential to constrain the view of the user to only relevant resources within their responsibility.
Resource permission, a level at which point we have identified the user, they can perform actions, they have responsibility on a particular resource, but a system may need to constrain the kind of responsibility.
Can the user read a resource? Can they affect this particular resource? All crucial questions answered at this level.
Note: Some systems may not need this level of granularity.
Business rules tend to be the most complex level of securing a system. This layer is dependent on the current working domain. Validating a user’s actions as correct is essential. A business rule can be as simple as verifying a single resource, or as complex as validating the state of the system.
Security is serious business and a complex one at that. Building systems are a balancing act between a secure one and a manageable one. An unmanageable security system is a lousy security system, while one that is naive may expose sensitive data.
What are your thoughts? Did we miss a critical level or are we excessive? I’d love to hear your thoughts in the comments.