Factory Method - Real Time Use

 Making it simple silly...

Ques: When to use factory pattern?

Answer: -

By Name: - When we want to create a factory, which will produce different objects based on some parameters.

By Use : - When specific object is required to be instantiated after certain conditions/algorithm/logic we put that object creation logic in a method (called factory method) to reuse it from multiple places. Object instantiation requires certain parameters to process those conditions/algorithm/logic and return the desired object.

By Example :-

interface IMobile { void CreateMobile(); } public class Samsung : IMobile { public void CreateMobile() { Console.WriteLine("Samsung Mobile Created"); } } public class OnePlus : IMobile { public void CreateMobile() { Console.WriteLine("OnePlus Mobile Created"); } } // 1. This MobileFactory can be reusable. // 2. There is actally a processsing logic only after which it creates a required mobile object. // 3. The intention is to hide the complexity of this processing logic from calling classes. internal class MobileFactory { internal IMobile CreateMobile(String objectKey) { switch (objectKey) { case "samsung": //Some processing logic return new Samsung(); case "onePlus": //Some processing logic return new OnePlus(); default: throw new KeyNotFoundException(); } } } class Program { static void Main(string[] args) { MobileFactory myFact = new MobileFactory(); OnePlus onePlus = myFact.CreateMobile("onePlus") as OnePlus; onePlus.CreateMobile(); Console.ReadKey(); } }

SAML Token – With Self Signed Certificate

SAML is nicely explain in the various internet sites and YouTube videos, so my job here is to make you understand with simple example of generating SAML Token with Self Signed Certificate. 

So lets start with realizing the need of SAML which will help you to recollect your previous knowledge on SAML or to fill the empty brains with basic understanding...

So let’s imagine the below system:

Scenario 1

There’s a CRM system consisting of multiple application and an employee of the company wants to connect to one of the app. The CRM has a big database which will validate if the user has logged in with right credentials and if positive will grant access to the application. Simple – Isn’t it?

But here is the problem of different entities -

Problem of company’s admin – Oh! Employee left the company. I have to make sure he has no more access to company’s different applications in the CRM (he might have access to the social media applications). My routine job -

1.       Go to CRM check what applications user has access to. May be Admin also directly no access to CRM database?
2.      Set the flag to no access for company’s applications
3.      Set the flag for some applications to read only in case of role change
4.      Etc.etc.

Problem of Employee – Damn! I have to remember hell lot of usernames and password. Is someone can really fish my account?

Problem of CRM Admin – Ah! The population is increasing day by day and so my database is. I am tired of maintaining it.

Got An IDEA - Single Sign On or Internet SSO.




Here are different SSO configurations:

• Kerberos-based.
• Smart-card-based.
• Integrated Windows Authentication.
• Security Assertion Markup Language.
• Mobile devices as access credentials.

And different ways of implementing it. (Believe me its a never ending ocean...so will see later :P) Now lets talk about SAML and SAML Token.

What is SAML?

➤ Security Assertion Markup Language, its a secure XML based communication mechanism, basically used for communicating identities between organization.

Per Wiki - 

➤ SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions.

HOW SAML helps further?

1. Security - saving one from identity theft, fishing by eliminating the number of times user need to login over the internet with different credentials for different applications.

2. Access - User has to no longer type in the password. They just have to click on the app link and simply get into application. Interesting??

3. Administrator work - No need of resetting the lost password, no help desk work.

Okay, enough of theory, Just tell me how to generate SAML Token - 

For generating a SAML token you need a certificate from certificate authority (CA) or you may generate a self signed certificate. There are different way of generating a self signed certificate, here I have used power shell command to get one for me.The SAML token I have generated is self signed.

Run power-shell as an administrator and type below command with desired parameters - 

New-SelfSignedCertificate -Type Custom -Provider "Microsoft RSA SChannel Cryptographic Provider" -Subject "CN=CSNB0466.ap.mydomain.local" -KeyExportPolicy Exportable -KeySpec KeyExchange  -KeyUsage DigitalSignature -KeyAlgorithm RSA -HashAlgorithm sha256 -KeyLength 4096 -CertStoreLocation "Cert:\LocalMachine\My" -FriendlyName "X509_Latest"

Refer https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps

to specify more parameters.

or you may use - https://www.samltool.com/self_signed_certs.php

This will generate the self signed certificate in store (Run -> MMC -> Add snap ins -> certificate -> Computer Account -> Local Compuyter -> ok). 

Once you get the certificate, you are all set to generate a SAML token and signed it.

So here is my Dot Net Code -

Note - Thumbprint in the certificate can uniquely identify the certificate or its the combination of serial number and issuer distinguish it.

So lets say you got your serial and issuer and some other parameters to pass it an input - 

                CertificateIssuer = "CSNB0466.ap.mydomain.local",
                CertificateSerial = "13cabac0deffd69146f5fe0c1863f7de",
                ServiceProviderNameQualifier = "http://localhost:8080/Portal/Local/",
                SubjectId = "2299091d61e8d9e43cc1e26abf7fe769f1991f8e",
                SubjectNameQualifer = "https://idp.fpehealth.rzv.de/idp/shibboleth",
                SubjectRole = "Physician",
                TokenRecipientUrl = "http://localhost:8080/Portal/"

	internal string GetSAMLToken(SAMLTokenRequestDTO sAMLTokenRequest)
	{
	var organisationVal = "urn:oid:" + GetDBParameterValue("SYSTEM_OBJECT_IDENTIFIER", string.Empty);
	var issuerAddress = "http://" + Dns.GetHostName() + "/" + IPGlobalProperties.GetIPGlobalProperties().DomainName + "/idp";
	#region Create SAML Assertion Object
	Saml2NameIdentifier nameIdentifier = new Saml2NameIdentifier(issuerAddress);
	var gc = "_" + Guid.NewGuid().ToString();
	Saml2Assertion assertion = new Saml2Assertion(nameIdentifier)
	{
	Id = new Saml2Id(gc.ToString()),
	Issuer = new Saml2NameIdentifier(issuerAddress)
	};
	#endregion
	#region Get Signed Certificate from store
	X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
	store.Open(OpenFlags.ReadOnly);
	object _certificateIssurer = sAMLTokenRequest.CertificateIssuer;
	X509Certificate2Collection certificate2Collection = store.Certificates.Find(X509FindType.FindByIssuerName, _certificateIssurer, false);
	X509Certificate2Collection certificate = null;
	if (certificate2Collection.Count > 1)
	{
	certificate = certificate2Collection.Find(X509FindType.FindBySerialNumber, sAMLTokenRequest.CertificateSerial, false);
	if (certificate.Count < 1) //within this collection there should be unique serial number
	throw new ArgumentException(String.Format("Unable to locate certificate for {0} and {1}", sAMLTokenRequest.CertificateIssuer, sAMLTokenRequest.CertificateSerial));
	}
	else if (certificate2Collection.Count == 1)
	certificate = certificate2Collection;
	else
	throw new ArgumentException(String.Format("Unable to locate certificate for {0} and {1}", sAMLTokenRequest.CertificateIssuer, sAMLTokenRequest.CertificateSerial));
	X509Certificate2 signingCert = certificate[0];
	store.Close();
	#endregion
	#region Add Subject, Condition, Statement, Attributes
	AddAssertionSubject(assertion, sAMLTokenRequest.CertificateIssuer,sAMLTokenRequest.SubjectNameQualifer, sAMLTokenRequest.ServiceProviderNameQualifier, sAMLTokenRequest.TokenRecipientUrl);
	AddAssertionCondition(assertion, sAMLTokenRequest.TokenRecipientUrl);
	AddAuthnStatement(assertion);
	AddAttributeStatement(assertion, sAMLTokenRequest.CertificateIssuer, sAMLTokenRequest.SubjectRole, organisationVal);
	#endregion
	Saml2SecurityToken securityToken = new Saml2SecurityToken(assertion);
	Saml2SecurityTokenHandler handler = new Saml2SecurityTokenHandler();
	var sb = new StringBuilder();
	handler.WriteToken(new XmlPrefixTextWriter(new StringWriter(sb), "saml2"), securityToken);
	return SignXmlWithCertificate(sb.ToString(), signingCert, assertion);
	}
	private static string SignXmlWithCertificate(string assert, X509Certificate2 x509Certificate2, Saml2Assertion assertion)
	{
	XmlDsigDocument doc = new XmlDsigDocument();
	doc.LoadXml(assert);
	SignedXml signedXml = new SignedXml(doc);
	using (x509Certificate2.GetRSAPrivateKey()) { }
	signedXml.SigningKey = x509Certificate2.PrivateKey;
	signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
	Reference reference = new Reference()
	{
	Uri = "#" + assertion.Id
	};
	reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
	reference.AddTransform(new XmlDsigExcC14NTransform());
	signedXml.AddReference(reference);
	KeyInfo keyInfo = new KeyInfo();
	keyInfo.AddClause(new KeyInfoX509Data(x509Certificate2));
	signedXml.KeyInfo = keyInfo;
	signedXml.ComputeSignature();
	XmlElement xmlsig = signedXml.GetXml();
	doc.DocumentElement.AppendChild(doc.ImportNode(xmlsig, true));
	var xmlstring = new XmlPrefixTextWriter(new StringWriter(new StringBuilder()), "ds:");
	return doc.InnerXml;
	}
	//this is some Organization ID I am fetching from Database.
	internal virtual string GetDBParameterValue(string parameterName, string hospitalUnit)
	{
	string isusValue = string.Empty;
	if (parameterName != string.Empty)
	{
	IConfigurationManager baseSettings = GetConfigurationManager<IConfigurationManager>();
	if (hospitalUnit.IsNotNullOrEmpty())
	isusValue = baseSettings.GetHospitalSettings(parameterName, hospitalUnit);
	else
	isusValue = baseSettings.GetHospitalSettings(parameterName);
	}
	return isusValue;
	}
	private static void AddAttributeStatement(Saml2Assertion assertion, string name, string role, string organizationVal)
	{
	Saml2AttributeStatement attributeStatement = new Saml2AttributeStatement();
	Saml2Attribute attributeXSPASubject = new Saml2Attribute("urn:oasis:names:tc:xacml:1.0:subject:subject-id")
	{
	FriendlyName = "XSPA Subject",
	Name = "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
	NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
	};
	attributeXSPASubject.Values.Add(name);
	attributeStatement.Attributes.Add(attributeXSPASubject);
	Saml2Attribute attributeXSPARole = new Saml2Attribute("urn:oasis:names:tc:xacml:2.0:subject:role")
	{
	FriendlyName = "XSPA Role",
	Name = "urn:oasis:names:tc:xacml:2.0:subject:role",
	NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
	};
	attributeXSPARole.Values.Add(role);
	attributeStatement.Attributes.Add(attributeXSPARole);
	Saml2Attribute attributeXSPAOrganization = new Saml2Attribute("urn:oasis:names:tc:xspa:1.0:subject:organization")
	{
	FriendlyName = "XSPA Organization",
	Name = "urn:oasis:names:tc:xspa:1.0:subject:organization",
	NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
	};
	attributeXSPAOrganization.Values.Add(organizationVal);
	attributeStatement.Attributes.Add(attributeXSPAOrganization);
	Saml2Attribute attributeXSPAOrganizationId = new Saml2Attribute("urn:oasis:names:tc:xspa:1.0:subject:organization-id")
	{
	FriendlyName = "XSPA Organization Id",
	Name = "urn:oasis:names:tc:xspa:1.0:subject:organization-id",
	NameFormat = new Uri("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
	};
	attributeXSPAOrganizationId.Values.Add(organizationVal);
	attributeStatement.Attributes.Add(attributeXSPAOrganizationId);
	assertion.Statements.Add(attributeStatement);
	}
	private static void AddAuthnStatement(Saml2Assertion assertion)
	{
	Saml2AuthenticationContext authenticationContext = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
	Saml2AuthenticationStatement authenticationStatement = new Saml2AuthenticationStatement(authenticationContext)
	{
	AuthenticationInstant = DateTime.UtcNow,
	SessionIndex = assertion.Id.Value
	};
	authenticationStatement.SubjectLocality = new Saml2SubjectLocality() { Address = Dns.GetHostEntry(Dns.GetHostName()).AddressList[1].ToString() };
	assertion.Statements.Add(authenticationStatement);
	}
	private static void AddAssertionCondition(Saml2Assertion assertion, string recepientAudience)
	{
	Saml2Conditions conditions = new Saml2Conditions()
	{
	NotBefore = DateTime.UtcNow,
	NotOnOrAfter = DateTime.UtcNow.AddMinutes(5),
	};
	Saml2AudienceRestriction audienceRestriction = new Saml2AudienceRestriction(new Uri(recepientAudience));
	conditions.AudienceRestrictions.Add(audienceRestriction);
	assertion.Conditions = conditions;
	}
	private static void AddAssertionSubject(Saml2Assertion assertion, string issuerName, string nameQualifier, string spNameQualifier, string recepient)
	{
	Saml2SubjectConfirmationData subjectConfirmationData = new Saml2SubjectConfirmationData()
	{
	Address = Dns.GetHostEntry(Dns.GetHostName()).AddressList[1].ToString(),
	NotOnOrAfter = DateTime.UtcNow,
	Recipient = new Uri(recepient)
	};
	Saml2SubjectConfirmation subjectConfirmation = new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"), subjectConfirmationData);
	Saml2NameIdentifier nameIdentifierSubject = new Saml2NameIdentifier(issuerName)
	{
	Format = new Uri("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
	NameQualifier = nameQualifier, //specifies the security or administrative domain that qualifies the name.
	SPNameQualifier = spNameQualifier //specifies the name of a service provider or affiliation of providers that is used to further qualify a name
	};
	Saml2Subject subject = new Saml2Subject(subjectConfirmation)
	{
	NameId = nameIdentifierSubject
	};
	assertion.Subject = subject;
	}
	public class XmlPrefixTextWriter : XmlTextWriter
	{
	public string LocalPrefix { get; set; }
	public XmlPrefixTextWriter(TextWriter w, string localPrefix) : base(w)
	{
	this.LocalPrefix = localPrefix;
	}
	public override void WriteStartElement(string prefix, string localName, string ns)
	{
	base.WriteStartElement(LocalPrefix, localName, ns);
	}
	}
	internal class XmlDsigDocument : XmlDocument
	{
	/// <summary>
	/// Override CreateElement function as it is extensively used by SignedXml
	/// </summary>
	/// <param name="prefix"></param>
	/// <param name="localName"></param>
	/// <param name="namespaceURI"></param>
	/// <returns></returns>
	public override XmlElement CreateElement(string prefix, string localName, string namespaceURI)
	{
	// uncomment code if "ds" prefix within 'SignedInfo' and descendants is causing siganture to fail.
	if (string.IsNullOrEmpty(prefix))
	{
	// List<string> SignedInfoAndDescendants = new List<string>();
	// SignedInfoAndDescendants.Add("SignedInfo");
	// SignedInfoAndDescendants.Add("CanonicalizationMethod");
	// SignedInfoAndDescendants.Add("InclusiveNamespaces");
	// SignedInfoAndDescendants.Add("SignatureMethod");
	// SignedInfoAndDescendants.Add("Reference");
	// SignedInfoAndDescendants.Add("Transforms");
	// SignedInfoAndDescendants.Add("Transform");
	// SignedInfoAndDescendants.Add("InclusiveNamespaces");
	// SignedInfoAndDescendants.Add("DigestMethod");
	// SignedInfoAndDescendants.Add("DigestValue");
	// if (!SignedInfoAndDescendants.Contains(localName))
	// {
	prefix = GetPrefix(namespaceURI);
	}
	// }
	return base.CreateElement(prefix, localName, namespaceURI);
	}
	/// <summary>
	/// Select the standard prefix for the namespaceURI provided
	/// </summary>
	/// <param name="namespaceURI"></param>
	/// <returns></returns>
	private string GetPrefix(string namespaceURI)
	{
	if (namespaceURI == SignedXml.XmlDsigNamespaceUrl)
	return "ds";
	else if(namespaceURI == "http://www.w3.org/2001/10/xml-exc-c14n#")
	return "ec";
	return string.Empty;
	}
	}

view raw gistfile1.txt hosted with ❤ by GitHub

C# delegates - Importance & Usage

The purpose of this article is to drive you through c# delegates in very simple terms and with very simple examples. 
 

Understanding gap - People find it difficult because...

  1.   It’s confusing to read 
  2. Not sure of the real world usage of delegates.

I have gone through lot of sites, searching #simple #real_world #examples of delegate and found useful results but the only problem is I use to forget after sometime. It generally happens when you don’t know the need of delegates in your day to day work. Let’s take one oath here – 

“Whenever I need to communicate between lower class to upper class I will think of DELEGATES”

Now the point is; when there is such kind of requirement you need to communicate from lower to upper class. -

Example: Let’s say you have a car and engine class (upper and lower class respectively). For starting the car, engine needs to be started and car wants the live status of the engine start process.

                            

Start engine can be called by creating an engine class object in car class and call its start method (something like engine.start()) but how we will notify about the engine-start-process run-time to the car class … #Delegates help me out here!!

Below example shows how it works. Don’t miss the communication between Car, delegate and engine mentioned on comments... :D

 

                      -----------------------------------------------------------------------------------
Output:

Lets put the above code like;



 Now we understood one most important usage of Delegates i.e.

1. Communication between two classes (specifically from lower to upper class) at run time (e.g. run time notification)

 Let's understand the 2nd most important usage. Below example is to promote an employee whose rank is greater than 4. We can achieve this by passing the employee details and check if its rank>4, Promoted. (Congratulations :D)



output:


 Now think of Employee as a framework class, which means it should not only define the generic (main) properties of the employee but also the methods should be generic and not specific. If we provide the above employee class to any company, this will work fine if company only wants to promote there employee on the basis of Rank. What if later on they change their mind and decided to promote employee on the basis of salary? I think changing in the framework class every time is a bad idea?
Again, DELEGATES can help us out here.

Note: I have tried to simplify the below example. Source - Kudvenkat delegate video series  

Lets make employee class such that, client will decide how to promote employee, framework class will just do the main processing over it and return the result to client.



output:


I hope you realize the 2nd important usage i.e.

2. To help creating framework method which is reusable and more generic.
  
In the above example, the promotion logic is written at the client side and can be change as per their requirement, but the main processing of promotion is only done in the framework class which will then confirm the employee is promoted.

I hope you understand the basic of delegates and help me learn more by providing your valuable suggestions and basic topics you want me write on...

Happy learning and Tip of the day...
"Lamda expression in c# internally creates a method for your delegate." 

which means you can get rid eligibleEmployee method from above example, the same can be written as;