Thoughts on Software Engineering

Integration testing is a technique employed to assert whether an end-to-end scenario is working - where all pieces of the software components (typically non-user-interaction interface) are being tested together. For the article today, I am going to talk about how we can achieve integration testing with the Web API we have created - that is secured by Azure AD OAuth. Let's start off being evaluating some sample Web API code we have written. [RoutePrefix("account")] public class AccountController : ApiController { ... [HttpPut, Route] public AccountDto Add(AccountDto accountDto) { ... } ... } When we think about integration testing on the Web API level, we are really interested in the response returned when an API is being invoked. For clarity, I have removed the code within the Add Account API for now, so we can concentrate on the signature. So, the first question is, should we simply in...

Welcome to the second part of the series on Android and iOS Mobile Application Development. Before we begin learning about how to setup Azure Active Directory for securing our Web API, let's first take a deep dive into why we have chosen Azure Active Directory and OAuth to secure our Web API. Why not use ASP.NET Forms Authentication Cookie? Securing our web application traditionally, typically involves validating a user's username and password against our database store, and creating our own ASP.NET forms authentication cookie if the credentials matches. With newer versions of ASP.NET, an identity database can be easily created and utilized with ASP.NET forms authentication cookie issued via the identity framework. This means we spend even less time writing our own custom database store and writing validation code. However, there are still some drawbacks with ASP.NET forms authentication cookie. The security disadvantage can be best explained by Microsoft here , which talk...