![\"Loginradius](\"/34d46da34bcf9a7d9957885c5ee180f4/LoginRadius-Standard-Login-Datasheet.webp\")
Single-page applications, or SPAs, are web applications that load a single HTML page and update it by dynamically rendering the browser's information as (and when) a user interacts with the app.
\nThe loading mechanism of SPAs is different from traditional page loads where the server had to re-render the entire webpage with every click and send it back to the browser—making the process time-consuming.
\nToday, with a new breed of users who expect data to be available instantly and accessible everywhere, developers use JavaScript libraries and tools like Jquery, Angular to create single, responsive HTML pages. Such pages can be broken down into smaller sections, and the JavaScript code running on the web browser calls the required APIs on a server that returns the data.
\nAdvantages..?
\nWell, Single-Page Applications make users' experience incredibly engaging and unique. The \"bits and pieces\" methodology makes load time much faster and fluid for users. Also, because the amount of information a server has to send back is a lot less, the application becomes cost-effective.
\nA classic example of single-page applications is Gmail. They have mastered SPA-approach. You may notice that we do not generally need to refresh Gmail when a new email comes; we are notified instantly. It's obviously communicating with the server, but the JavaScript code hides the inbox and brings the message body on the same screen.
\nOther notable examples of Single-Page Applications include:
\nAccording to Google's research, every time a page load goes from 1 sec to 3 sec, the probability of bounce rate increases by 32%. For 10 sec, the chance rises to a whopping 123%.
\nNo matter what, faster's always better.
\nOne of the major benefits of single-page applications is velocity. The majority of the resources that SPAs need—viz.HTML, CSS, and Scripts are loaded along with the application. They don't need to be reloaded throughout the entire session.
\nData is the only entity that is oscillated between the server and the webpage. This makes the application efficient and incredibly responsive to any query.
\nFast and responsive: Probably by now, that's a given. With SPAs, businesses can increase the loading speed of their webpages significantly. Because they only reload content requests asked by the user, the server load is much lighter. It is, in fact, half of the server load compared to multi-page applications.
\nBetter cache capabilities: Another advantage of single-page applications is that it can cache local data with utmost precision. It only takes one request to a server, and single-page applications effectively store all the data it receives. In the event of loss internet, this data can be put to use for seamless operation.
\nFrictionless user experience: If you are planning to build a single-page web application, rest assured, you will be offering frictionless user experiences to your consumers. Since it only loads the requested data, there is a significant improvement in performance as well.
\nSpeaking from the consumers' end, the apparent advantages of exposing them to single-page websites is the speed and ability to work with no connectivity.
\nThese applications offer continuous user experiences, meaning they are easy to explore. In addition, when businesses add options like parallax scrolling and transitions to the picture, they make the customer journey even better.
\nSingle-page applications can be the best bet for mobile users too. Users spend most of the time scrolling feeds on Facebook and Instagram. They can sit back, relax, and enjoy the show.
\n
Although there isn't much speculation around the fact that Single-Page Applications provide better experiences for developers and consumers, they have their own set of security shortcomings. For instance, SPAs cannot be adequately scanned by traditional scanners. This gives cybercriminals a broader scope for attack.
\nOther common security issues include:
\nUsually, browsers that run in single-page applications interact with two different systems-
\nIn some instances, web server sessions protect the APIs behind a single page application, but this means that all business APIs should be proxied by a web server. That typically involves session cookies which are quite vulnerable to cyber attacks.
\nCSRF or XSRF, or sea-surfing is one of the oldest web application attacks. Usually, CSRFs are performed through social engineering, for example, via forged emails or links that fool the user into sending a fake request to the server.
\nIt happens when a malicious website has a link that connects to another website that the user has already signed in to. The bad actors authenticate the unaware user, so it is nearly impossible to distinguish a legitimate request from a fake one.
\nHere's an instance of how a CSRF can take place:
\n![](\"/0a7bac27a93cae5ca8b519b3002a102c/single-page-app-2.webp\")
Now the questions arise, how do you safely authorize and authenticate your Single Page (SPA) users? Here, we are being particular about JavaScript web applications that run on the same domain as the API.
\nLoginRadius offers two options to cope up with the cybersecurity-related shortcomings.
\nLoginRadius uses popular token-based protocols like OAuth2 and OpenID Connect for federated logins. Examples include Login with Facebook, Google, or any other third-party sites.
\nUnlike the older SAML 2.0, which could be used only once as proof of identity, these new protocols can be used over and over again to access protected API resources.
\nOAuth 2.0: OAuth2 is an industry-standard protocol for token-based authentication and authorization. It supports multiple grant types, which means users can grant access to their resources from one application to another without exposing their credentials, every time.
\nIt functions by giving short-lived access tokens to the Single-Page Application, which in turn authorizes the SPA so it can access the protected API services. It is often conducted on behalf of the logged-in user.
\nOpenID Connect: LoginRadius also supports standard OpenID Connect, which is an identity layer on top of the OAuth 2.0 protocol. It is used to verify user identity depending on the authentication performed by an Authorization Server. With OpenID Connect, you can also retrieve basic profile information about the user.
\nWeb SSO is browser-based session management that uses cookies to manage sessions between applications. Cookies are created by the server and contain information that a browser sends to the server on request. LoginRadius IDX uses a centralized domain to perform the authentication and, when requested, shares the session with authorized applications.
\nIt helps users log into multiple applications, irrespective of the platform or domain, provided they are logged in to one application in the first place.
\nCybersecurity issues aren't unique to Single-Page Applications. The users make requests and not JavaScript. Also, the result is produced in HTML and not in JSON or any other format.
\nUnlike the traditional non-SPAs where you had to secure individual pages on the server, all you need is to secure the data endpoints in single-page applications. Going by the options above, dodging cybercriminals should not be a big deal.
\n![\"book-a-free-demo-loginradius\"](\"/788a6a84e389edac18728007099fdc1d/Book-a-free-demo-request-1024x310.webp\")
Earlier, we were only dealing with well-structured data, hosted in large data warehouses, and investing a cost in maintaining those data warehouses and hiring expert professional to maintain and secure information hosted in that data warehouse. Data was structured and can be queried anything as per the needs. But now, this exponential growth of data generates a new vision for data science along with some major challenges.
\nBig Data is something which is growing exponentially with time, and carry raw but very valuable information inside that can change the future of any enterprise. It is a collection, which represents a large dataset, may be collected from multiple sources, or stored in an organization.\nLet‟s understand a real-time example, Big companies like Ikea and Amazon are leveraging the benefit of big data by collecting data from customer‟s buying patterns at their stores, their internal stock information, and their inventory demand-supply relations and analyze all, in seconds even in real-time to add value to its customer experience.
\nSo, extracting information from a large dataset somewhat calls a concept of Data mining which is an analytic process originally designed to explore large datasets. The ultimate goal of data mining is to search for consistency in a pattern or systematic relationship between variables, which helps in predicting the next pattern or behavior.
\nNow, if we take concepts of data mining forward along with large data set, to some extent it becomes a blocker for our existing approach, because big data may contain structured or unstructured data even it may contain data in multiple formats also.
\nTesting is an art of achieving quality in your software product, in terms of perfection of functionality, performance, user experience, or usability. But for big data testing, you need to keep your focus more on the functional and performance aspects of an application. Performance is the key parameter in any big data application which is meant to process terabytes of data. Successful processing of terabytes of data using a commodity cluster with a number of other supportive components needs to be verified. Processing should be faster and accurate which demands a high level of testing.
\nProcessing may be of three types:–
\n![\"Batch,](\"/0ace96657eca224617e640c9361695c0/BigDataTesting-2.webp\")
And based on which, we need to integrate different components along with NoSQL data store as per the needs.
\nData plays a vital role in the testing of big data applications. Application is meant to process data and provide an expected output based on implemented logic. The logic needs to be verified before moving to production, as the implementation of logic is completely based on business requirements and data.
\n1. Test Data Quality
\nGood quality test data is as important as the test environment. In the big data world, data can have any format or size, it may be in the form of a document, XML, JSON, PDF, etc. at the same time data size may go up to terabytes of petabytes. Hence, test data should also have multiple formats and size should be large enough to ensure the handling of large data processing. In big data testing, it needs data with logical values as per the application requirement and format which is supported by the application.
\nAlong with it, data quality is another aspect of big data testing. Ensuring the quality of data before processing through application ensures the accuracy of the final output. Data quality testing itself is a huge domain and covers a lot of best practices which include – data completeness, conformity, accuracy, validity, duplication, and consistency, etc. It should be included in the big data testing and this ensures the level of accuracy application is supposed to provide.
\n2. Test Data Generation
\nThe generation of test data is again a challenging job, there are multiple parameters, which have to be taken care of while generating test data. It needs a tool, which can help to generate data and should have functions or logic can also be applied over it. Tools like Talend (an open studio) is the best candidate to fulfill the requirements of data generation.
\n3. Data Storage
\nAfter the generation of test data along with quality, it needs to host on a file system. For testing big data applications, data should be stored in the system similar to the production environment. As we are working in big data space, there should have a different number of nodes, and data must be in a distributed environment.
\nIn Big data testing, the test environment should be efficient enough to process a large amount of data as done in the case of a production environment. Real-time production environment clusters generally have 30-40 nodes of cluster and data is distributed on the cluster nodes. There must have some minimum configuration for each node used in the cluster. A cluster may have two modes, in-premise or cloud. For testing in big data, it needs the same kind of environment with some minimum configuration of node.
\nScalability is also desired to be there in the test environment of big data testing, it helps to study the performance of application with the increase in the number of resources. That data can be used to define SLA (service level agreement) for that particular application.
\nBig Data Testing can be categorized into three stages:
\n![\"Big](\"/ad5e12c53df7de9b8f66bcfe23dfa0ac/BigDataTesting-1.webp\")
Step 1: Data Staging Validation
\nThe first stage of big data testing, also known as a Pre-Hadoop stage, is comprised of process validation.
\nStep 2: “Map Reduce” Validation
\nValidation of “Map Reduce” is the second stage. Business logic validation on every node is performed by the tester. Post that authentication is done by running them against multiple nodes, to make sure that the:
\nStep 3: Output Validation Phase
\nThe output validation process is the final or third stage involved in big data testing. The output data files are created and they are ready to be moved to an EDW (Enterprise Data Warehouse) or any other such system as per requirements. The third stage consisted of:
\nBig data applications are meant to process a large amount of data, and it is expected that it should take minimum time to process maximum data. Along with it, application jobs should consume a considerable amount of memory and CPU. In big data testing, performance parameter plays an important role and helps to define SLA's. It covers the performance of the base machine and cluster. Also, for example, In the case of Hadoop, map-reduce jobs should be written with proper coding guidelines, to perform better in the production environment. Profiling can also be done on map-reduce jobs before integration, to ensure their optimized execution.
\n![\"Big](\"/af25c9e1cfd41df4aaa898de7b0a7745/BigDataTesting-3.webp\")
In big data testing, certain challenges are involved which needs to be addressed by the big data testing approach.
\n1. Test Data
\nExponential growth had been observed in the growth of data in the last few years. A huge amount of data are being generated daily and stored in large data centers or data marts. So, there is a demand for efficient storage and a way to process it in an optimized way. If we consider the telecom industry, it generates a large number of call logs daily and they need to be processed for better customer experience and compete in the market. The same goes with the test data, test data should be similar to production data and should contain all the logically acceptable fields in it.
\nThis becomes a challenge for testing big data application, generating test data similar to production data is a real challenge. Test data should also be large enough to verify proper working big data application.
\n2. Environment
\nThe processing of data highly depends on the environment and its performance. An optimized environment setup gives high performance and fast data processing results. Distributed computing is used for the processing of big data which has data hosted in a distributed environment. The testing environment should have multiple numbers of nodes and data should be distributed over the nodes. At the same time, it also needs to monitor those nodes, to ensure the highest performance with minimum CPU and memory utilization. Nodes should be monitored and there should have a graphical presentation of node performance. So, the test environment has two aspects – distributed nodes and their monitoring, which should be covered in the testing approach.
\n3. Performance
\nPerformance is the key requirement of any big data application, and of course because of which enterprises are moving towards NoSQL technologies, technologies that can handle their big data and process in the minimum time frame. A large dataset should be processed in a minimum considerable time frame. In big data testing, performance testing is a challenge, it requires monitoring of cluster nodes during execution and also time is taken for every iteration of execution.
\nBig Data is the trend that is revolutionizing society and its organizations due to the capabilities it provides to take advantage of a wide variety of data, in large volumes and with speed. Keeping the challenges in mind we have defined the approach of testing big data applications. This approach of big data testing will make it easy for a test engineer to verify and certify the business requirement implementations and for stack holders, it saves a huge amount of cost, which has to be invested to get the expected business returns.
\n","frontmatter":{"date":"September 02, 2020","updated_date":null,"description":"With the exponential growth in the number of big data applications in the world, Testing in big data applications is related to database, infrastructure and performance testing and functional testing. This blog guides what should be the strategy for testing Big Data applications.","title":"Big Data - Testing Strategy","tags":["Testing","Big Data","Big Data Testing"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/2997b1b5bea2cc94a828fae181ebf972/58556/big-data.webp","srcSet":"/static/2997b1b5bea2cc94a828fae181ebf972/61e93/big-data.webp 200w,\n/static/2997b1b5bea2cc94a828fae181ebf972/1f5c5/big-data.webp 400w,\n/static/2997b1b5bea2cc94a828fae181ebf972/58556/big-data.webp 800w,\n/static/2997b1b5bea2cc94a828fae181ebf972/99238/big-data.webp 1200w,\n/static/2997b1b5bea2cc94a828fae181ebf972/7c22d/big-data.webp 1600w,\n/static/2997b1b5bea2cc94a828fae181ebf972/25f09/big-data.webp 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Sudhey Sharma","github":"sudheysharma","avatar":null}}}},{"node":{"excerpt":"LoginRadius, a leader in cloud-based consumer identity and access management solution (CIAM) has released an industry report titled…","fields":{"slug":"/identity/loginradius-consumer-digital-identity-trend-report-2020/"},"html":"LoginRadius, a leader in cloud-based consumer identity and access management solution (CIAM) has released an industry report titled \"Consumer Identity Trend 2020\" for C-suite professionals and product managers of B2C companies that deal with consumer‘s identity data.
\nThe learning objective for this industry analysis is to determine the opportunities and threats that exist within the identity environment.
\nThe report offers a comprehensive overview of the Consumer Identity Trends of 2020. It aims to improve consumer experiences on a digital platform via extensive data analysis on consumer behavior and lifecycle.
\nThis research piece points out the increasing competition across all industry verticals and that consumer experience is a success key if businesses want to stand out in a highly competitive world.
\nTo achieve this, businesses need to identify their consumer behavior and pain points, including their preferred authentication methods, such as passwordless login or multi-factor authentication via email or SMS, or social sign-on.
\nThe data was collected from the LoginRadius Identity Platform, which serves and manages 1,17 billion consumer identities for thousands of websites and mobile applications. The research was conducted with data from 1 January 2019 until 10 May 2020.
\nThe key findings of the report have been outlined in the infographic below. It will help you understand:
\nThe report is available for download. Request your copy here.
\n![\"consumer-identity-trends-2020\"](\"/f9610dc1b98f1674a47b68199ffd595c/consumer-identity-trends-2020.webp\")
![\"book-a-demo-loginradius\"](\"/8fce571f703a5970dbb1359a2fe0e51a/book-a-demo-loginradius.webp\")
Authentication is the necessary implementation for secure and genuine access to resources of web and mobile applications. It helps to authorize the user and provide access control for applications based on the user’s credentials.
\nThere are various authentication mechanisms like Email, Phone numbers, Biometrics, etc. However, Email is still considered the primary means of authentication because other mechanisms are not as optimized or in approach to everyone.
\nSo it is safe to say that most of your application users used email for creating their accounts. With that, some users tend to use disposable email services for fake account creation. These fake accounts result in additional liability to your application resources and servers.
\nYou can effectively reduce such spams for your applications by analyzing the user’s email address during registration for the following aspects:
\nThere are some tools available that could help you analyze the above factors, and one such tool is EVA, an Email Verification API. It is a free API and analyzes the user’s email for all of the factors mentioned above.
\nThe details of Email Verification API (API) is as follows:
\n| Parameters | \nValue | \n
|---|---|
| URL | \nhttps://api.eva.pingutil.com/email | \n
| Query Param | \n{ email: test@mail7.io } | \n
| Response | \n{ \"status\": \"success\", \"data\": { \"email_address\": \"test@mail7.io\", \"domain\": \"mail7.io\", \"valid_syntax\": true, \"disposable\": true, \"deliverable\": true }} | \n
Valid_syntax, disposable, and deliverable are three attributes of this API, let’s see how these works:
\nvalid_syntax\nThis attribute verifies the syntax of the entered email address matches the standard email address format or not. It is useful in the cases where the end-user might misspell email addresses while typing.
disposable\nThis attribute verifies whether the entered email address domain belongs to the disposable email service. EVA checks the email address against a valid database of more than 4500 disposable email services. Thus, it can effectively help the developer to prevent users from registering using disposable email.
deliverable\nThis attribute verifies whether the email domain has valid MX records or not. The email address is considered deliverable if the valid MX record for the email domain is found.
\n\nNote: A mail exchanger record (MX record) specifies the mail server responsible for accepting email messages on behalf of a domain name. It is a resource record in the Domain Name System (DNS).
\n
The response received for the above three attributes of API can help you take further action. These attributes are not just limited to registration use cases, you can utilize them for other use cases like if you have an existing user base but would like to limit the spammers (who have registered using disposable emails) from commenting on the blog or accessing your application resources.
\nThis API tool has been developed and designed as a way of giving back to the developer community initiative by LoginRadius Developers. Your opinion is important to us. This way we can keep improving our product for the developer community. Please share your feedback here
\n","frontmatter":{"date":"August 31, 2020","updated_date":null,"description":"Email authentication, being the traditional way of authentication and used most widely. Increase in the spams has also increased the disposable email registrations. To reduce and identify such unwanted users, EVA(Email Verification API) is the tool, developed by LoginRadius developers.","title":"Email Verification API (EVA)","tags":["Free tool","Developer Resources ","Verification","Email"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/9674b13085ba4d36812d596ecc764c38/58556/eva.webp","srcSet":"/static/9674b13085ba4d36812d596ecc764c38/61e93/eva.webp 200w,\n/static/9674b13085ba4d36812d596ecc764c38/1f5c5/eva.webp 400w,\n/static/9674b13085ba4d36812d596ecc764c38/58556/eva.webp 800w,\n/static/9674b13085ba4d36812d596ecc764c38/99238/eva.webp 1200w,\n/static/9674b13085ba4d36812d596ecc764c38/135cd/eva.webp 1280w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Aman Agrawal","github":"aman-agrwl","avatar":null}}}},{"node":{"excerpt":"In this blog, we learn how to implement the AntiXssMiddleware in .NET Core. First, we will understand about the cross-site scripting. Cross…","fields":{"slug":"/engineering/anti-xss-middleware-asp-core/"},"html":"In this blog, we learn how to implement the AntiXssMiddleware in .NET Core. First, we will understand about the cross-site scripting.
\nCross-site scripting is a security vulnerability and a client-side code injection attack. In this attack, the malicious script is injected into legitimate websites.\nCross-site scripting allows an attacker to act like a victim user and to carry out the actions that the user can perform. The attacker can access the user's data as well.
\nStep 1: Create Asp.NET Core Web Application project in Visual Studio.
\nStep 2: Select type as API in the next step and create the project. You will find a default controller which is created in the controller folder named as WeatherForecastController.cs
\nStep 3: Now create a new folder named Middleware in the root directory.
\nStep 4 : Create a new file AntiXssMiddleware.cs in that Middleware folder.
\nStep 5: Now add the Newtonsoft.json package into your solution
\nBy doing the above steps you will have below structure in your solution.
\n![\"Solution](\"/ec5d8dffc77c280fb36713a6958744d9/SolutionArch.webp\"\n)
Step 6: Now edit the AntiXssMiddlewars.cs file and paste below code.
\nusing System;\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing System.Net;\nusing System.Text;\nusing System.Text.RegularExpressions;\nusing System.Threading.Tasks;\nusing Microsoft.AspNetCore.Builder;\nusing Microsoft.AspNetCore.Http;\nusing Newtonsoft.Json;\n\nnamespace AntiXssMiddleware.Middleware\n{\n public class AntiXssMiddleware\n {\n private readonly RequestDelegate _next;\n private ErrorResponse _error;\n private readonly int _statusCode = (int)HttpStatusCode.BadRequest;\n\n public AntiXssMiddleware(RequestDelegate next)\n {\n _next = next ?? throw new ArgumentNullException(nameof(next));\n }\n\n public async Task Invoke(HttpContext context)\n {\n // Check XSS in URL\n if (!string.IsNullOrWhiteSpace(context.Request.Path.Value))\n {\n var url = context.Request.Path.Value;\n\n if (CrossSiteScriptingValidation.IsDangerousString(url, out _))\n {\n await RespondWithAnError(context).ConfigureAwait(false);\n return;\n }\n }\n\n // Check XSS in query string\n if (!string.IsNullOrWhiteSpace(context.Request.QueryString.Value))\n {\n var queryString = WebUtility.UrlDecode(context.Request.QueryString.Value);\n\n if (CrossSiteScriptingValidation.IsDangerousString(queryString, out _))\n {\n await RespondWithAnError(context).ConfigureAwait(false);\n return;\n }\n }\n\n // Check XSS in request content\n var originalBody = context.Request.Body;\n try\n {\n var content = await ReadRequestBody(context);\n\n if (CrossSiteScriptingValidation.IsDangerousString(content, out _)) \n {\n await RespondWithAnError(context).ConfigureAwait(false);\n return;\n }\n await _next(context).ConfigureAwait(false);\n }\n finally\n {\n context.Request.Body = originalBody;\n }\n }\n\n private static async Task<string> ReadRequestBody(HttpContext context)\n {\n var buffer = new MemoryStream();\n await context.Request.Body.CopyToAsync(buffer);\n context.Request.Body = buffer;\n buffer.Position = 0;\n\n var encoding = Encoding.UTF8;\n\n var requestContent = await new StreamReader(buffer, encoding).ReadToEndAsync();\n context.Request.Body.Position = 0;\n\n return requestContent;\n }\n\n private async Task RespondWithAnError(HttpContext context)\n {\n context.Response.Clear();\n context.Response.Headers.AddHeaders();\n context.Response.ContentType = "application/json; charset=utf-8";\n context.Response.StatusCode = _statusCode;\n\n if (_error == null)\n {\n _error = new ErrorResponse\n {\n Description = "Error from AntiXssMiddleware",\n ErrorCode = 500\n };\n }\n\n await context.Response.WriteAsync(_error.ToJSON());\n }\n }\n\n public static class AntiXssMiddlewareExtension\n {\n public static IApplicationBuilder UseAntiXssMiddleware(this IApplicationBuilder builder)\n {\n return builder.UseMiddleware<AntiXssMiddleware>();\n }\n }\n\n\n /// <summary>\n /// Imported from System.Web.CrossSiteScriptingValidation Class\n /// </summary>\n public static class CrossSiteScriptingValidation\n {\n private static readonly char[] StartingChars = { '<', '&' };\n\n #region Public methods\n\n public static bool IsDangerousString(string s, out int matchIndex)\n {\n //bool inComment = false;\n matchIndex = 0;\n\n for (var i = 0; ;)\n {\n\n // Look for the start of one of our patterns \n var n = s.IndexOfAny(StartingChars, i);\n\n // If not found, the string is safe\n if (n < 0) return false;\n\n // If it's the last char, it's safe \n if (n == s.Length - 1) return false;\n\n matchIndex = n;\n\n switch (s[n])\n {\n case '<':\n // If the < is followed by a letter or '!', it's unsafe (looks like a tag or HTML comment)\n if (IsAtoZ(s[n + 1]) || s[n + 1] == '!' || s[n + 1] == '/' || s[n + 1] == '?') return true;\n break;\n case '&':\n // If the & is followed by a #, it's unsafe (e.g. S) \n if (s[n + 1] == '#') return true;\n break;\n\n }\n\n // Continue searching\n i = n + 1;\n }\n }\n\n #endregion\n\n #region Private methods\n\n private static bool IsAtoZ(char c)\n {\n return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');\n }\n\n #endregion\n\n public static void AddHeaders(this IHeaderDictionary headers)\n {\n if (headers["P3P"].IsNullOrEmpty())\n {\n headers.Add("P3P", "CP=\\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\\"");\n }\n }\n\n public static bool IsNullOrEmpty<T>(this IEnumerable<T> source)\n {\n return source == null || !source.Any();\n }\n public static string ToJSON(this object value)\n {\n return JsonConvert.SerializeObject(value);\n }\n }\n\n public class ErrorResponse\n {\n public int ErrorCode { get; set; }\n public string Description { get; set; }\n }\n\n}In the above file we have created the method for checking the Xss in QueryParam, RequestUri and RequestBody.
\nHere we have different methods which are as follows:-
\nReadRequestBody which is used for reading the RequestBody.
\nRespondWithAnError which is used for returning the error.
\nIsDangerousString which is checking if there is any dangerous string like any script in the given string.
\nStep 7: Edit the Startup.cs file and add below line in Configure method.
\napp.UseAntiXssMiddleware();Step 8 : After editing the Startup.cs file will look like below
\nusing System;\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Threading.Tasks;\nusing AntiXssMiddleware.Middleware;\nusing Microsoft.AspNetCore.Builder;\nusing Microsoft.AspNetCore.Hosting;\nusing Microsoft.AspNetCore.HttpsPolicy;\nusing Microsoft.AspNetCore.Mvc;\nusing Microsoft.Extensions.Configuration;\nusing Microsoft.Extensions.DependencyInjection;\nusing Microsoft.Extensions.Hosting;\nusing Microsoft.Extensions.Logging;\n\nnamespace AntiXssMiddleware\n{\n public class Startup\n {\n public Startup(IConfiguration configuration)\n {\n Configuration = configuration;\n }\n\n public IConfiguration Configuration { get; }\n\n // This method gets called by the runtime. Use this method to add services to the container.\n public void ConfigureServices(IServiceCollection services)\n {\n services.AddControllers();\n }\n\n // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.\n public void Configure(IApplicationBuilder app, IWebHostEnvironment env)\n {\n if (env.IsDevelopment())\n {\n app.UseDeveloperExceptionPage();\n }\n\n app.UseHttpsRedirection();\n app.UseAntiXssMiddleware();\n app.UseRouting();\n app.UseAuthorization();\n app.UseEndpoints(endpoints =>\n {\n endpoints.MapControllers();\n });\n }\n }\n}Step 9: Now build and run the solution.
\nAs we run the default API which is https://localhost:44369/weatherforecast we will get the below response.
[\n {\n "date": "2020-08-21T11:58:40.0289718+05:30",\n "temperatureC": 27,\n "temperatureF": 80,\n "summary": "Sweltering"\n },\n {\n "date": "2020-08-22T11:58:40.0289896+05:30",\n "temperatureC": 21,\n "temperatureF": 69,\n "summary": "Cool"\n },\n {\n "date": "2020-08-23T11:58:40.0289899+05:30",\n "temperatureC": -20,\n "temperatureF": -3,\n "summary": "Hot"\n },\n {\n "date": "2020-08-24T11:58:40.0289901+05:30",\n "temperatureC": 21,\n "temperatureF": 69,\n "summary": "Sweltering"\n },\n {\n "date": "2020-08-25T11:58:40.0289902+05:30",\n "temperatureC": 2,\n "temperatureF": 35,\n "summary": "Balmy"\n }\n]Now if we inject any script in the above url like https://localhost:44369/weatherforecast<script></script> we will get the response as
{\n "ErrorCode": 500,\n "Description": "Error from AntiXssMiddleware"\n}Note:
\nIn this blog, we learnt about how to implement AntiXssMiddlware in ASP.NET Core Web Application Project. We have implemented the AntiXssMiddleware in API's QueryParam, ReuqestUri and RequestBody. So if any script is injected in QueryParam, RequestUri or RequestBody then it will give the error.
\n","frontmatter":{"date":"August 26, 2020","updated_date":null,"description":null,"title":"Implement AntiXssMiddleware in .NET Core Web","tags":["C#","ASP.NET"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/f9d627c09d3f605797e2dff0f5974a61/58556/antixss.webp","srcSet":"/static/f9d627c09d3f605797e2dff0f5974a61/61e93/antixss.webp 200w,\n/static/f9d627c09d3f605797e2dff0f5974a61/1f5c5/antixss.webp 400w,\n/static/f9d627c09d3f605797e2dff0f5974a61/58556/antixss.webp 800w,\n/static/f9d627c09d3f605797e2dff0f5974a61/99238/antixss.webp 1200w,\n/static/f9d627c09d3f605797e2dff0f5974a61/7c22d/antixss.webp 1600w,\n/static/f9d627c09d3f605797e2dff0f5974a61/25f09/antixss.webp 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Hemant Manwani","github":"hemant404","avatar":null}}}},{"node":{"excerpt":"In this post, we will look at the step-by-step process for Kafka Installation on Windows. Kafka is an open-source stream-processing software…","fields":{"slug":"/engineering/quick-kafka-installation/"},"html":"In this post, we will look at the step-by-step process for Kafka Installation on Windows. Kafka is an open-source stream-processing software platform and comes under the Apache software foundation.
\nKafka is used for real-time streams of data, to collect big data, or to do real-time analysis (or both). Kafka is used with in-memory microservices to provide durability and it can be used to feed events to complex event streaming systems and IoT/IFTTT-style automation systems.
\nKafka requires Java 8 for running. And hence, this is the first step that we should do to install Kafka. To install Java, there are a couple of options. We can go for the Oracle JDK version 8 from the Official Oracle Website.
\nStep 1: Download Apache Kafka from its Official Site.
\nStep 2: Extract tgz via cmd or from the available tool to a location of your choice:
\ntar -xvzf kafka_2.12-2.4.1.tgzStep 3: Copy the path of the Kafka folder. Now go to config inside Kafka folder and open zookeeper.properties file. Copy the path against the field dataDir and add /zookeeper-data to the path.
\n![](\"/256df753510eececf57f6146cb9b9758/zookeeper.webp\")
\nStep 4: we have to modify the config/server.properties file. Below is the change:
fileslog.dirs=C:\\kafka\\kafka-logsBasically, we are pointing the log.dirs to the new folder /data/kafka.
\nStep 1: Kafka requires Zookeeper to run. Basically, Kafka uses Zookeeper to manage the entire cluster and various brokers. Therefore, a running instance of Zookeeper is a prerequisite to Kafka.
\nTo start Zookeeper, we can open a PowerShell prompt and execute the below command:
\n.\\bin\\windows\\zookeeper-server-start.bat .\\config\\zookeeper.propertiesIf the command is successful, Zookeeper will start on port 2181.
\nStep 2: Now open another command prompt and change the directory to the kafka folder. Run kafka server using the command:
\n.\\bin\\windows\\kafka-server-start.bat .\\config\\server.propertiesNow your Kafka Server is up and running, you can create topics to store messages. Also, we can produce or consume data directly from the command prompt.
\nkafka-topics.bat --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic testkafka-console-producer.bat --broker-list localhost:9092 --topic testkafka-console-consumer.bat --bootstrap-server localhost:9092 --topic test --from-beginningIf you see these messages on consumer console,Congratulations!!! you all done. Then you can play with producer and consumer terminal bypassing some Kafka messages.
\n","frontmatter":{"date":"August 25, 2020","updated_date":null,"description":null,"title":"Setting Up and Running Apache Kafka on Windows OS","tags":["Kafka","Windows"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/41484554ead7eb70ade1abe9498282b0/58556/messagelog.webp","srcSet":"/static/41484554ead7eb70ade1abe9498282b0/61e93/messagelog.webp 200w,\n/static/41484554ead7eb70ade1abe9498282b0/1f5c5/messagelog.webp 400w,\n/static/41484554ead7eb70ade1abe9498282b0/58556/messagelog.webp 800w,\n/static/41484554ead7eb70ade1abe9498282b0/99238/messagelog.webp 1200w,\n/static/41484554ead7eb70ade1abe9498282b0/7c22d/messagelog.webp 1600w,\n/static/41484554ead7eb70ade1abe9498282b0/a9f42/messagelog.webp 2700w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Ashish Sharma","github":"ashish8947","avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.webp"}}}},"pageContext":{"limit":6,"skip":744,"currentPage":125,"type":"///","numPages":164,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}