Chicago C# Web Developer's Group

NOTE: RSVP for this event will close 2 weeks before the event (Thursday 2/14 - 11:59pm), so please try to RSVP as soon as you can. Details Serverless C# on AWS Using Lambda and DynamoDB by Tim Howerton Running a serverless .NET Core API can be cost effective and easily managed using serverless tools and services in Amazon Web Services. In this talk, I will discuss the steps to get started with a serverless API and walk through the creation of a serverless cloud environment. For first time users, the AWS Visual Studio toolkit provides project templates that can help set up sample controllers and project configuration. After a project is ready to publish to AWS, CloudFormation templates are provided to provision and configure the necessary cloud resources. Projects can also be deployed from the command line using the AWS Serverless Application Model (SAM), or using the new AWS Toolkit for Visual Studio Code. After publishing, API Gateway handles http traffic and acts as a proxy, forwarding requests to Lambda. To facilitate handling these requests, the AWS .NET Core API provides classes to create an instance of IWebHostBuilder, and pass it to your Startup.cs file, where you can configure your site as needed. For data storage, DynamoDB provides a managed document data store that is more cost effective than a traditional RDBMS. Following the Object Persistence Model, client side classes can be used to map data to items in a DynamoDB table. The AWS .NET API provides attributes that can be used to map classes to tables, and properties to Hash and Range keys in DynamoDB. I will discuss how we can tie these together by injecting our DynamoDB client into a C# API Controller, allowing REST calls to serve our DynamoDB data. Agenda: 6:15 PM: Refreshments and networking 6:45 PM: Serverless C# on AWS Using Lambda and DynamoDB 7:45 to 8:00: Q&A and wrap-up 8:00 to 8:45: More networking

Microsoft's transition to a claims-based identity model, and policy-based authorization opens the door for new techniques to manage modern applications. I'll briefly explain the differences between Authentication and Authorization, and how you can implement Authorization in ASP.NET Core. Traditionally authorization to perform an action was based on a user, or a group they belonged to. Custom authorization policies allow you to apply rules about what a user can do based on the claims, or metadata, associated with that user. The design of Authorization in ASP.NET Core offers a more flexible method to specify which users can perform an action. I'll also discuss how authentication schemes, and authorization requirements can be combined to form authorization policies for actions in controllers. Applying boolean logic to multiple authorization requirements can get a bit confusing, so we'll spend some time going over how ANDs and ORs are applied. Sometimes the rules for determining if a user can perform an operation are dependent on a resource, or data. Resource-based authorization comes with some performance implications, so I'll tell you what to consider before implementing them. Of course, it's all well and good to have authorization applied to your code, but there is also the issue of the user's experience. View-based authorization is concerned with how authorization can affect the appearance of html elements and improve the user interface. We'll look at how these techniques can decouple authorization logic from business code and facilitate unit testing. Finally, I'll talk about the benefits of using an authorization server when trying to administer the services feeding your applications About the speaker Jeff Zuerlein is a Senior Software Engineer with over 25 years of experience writing application is .NET, SQL Server, and Rails. He has worked in both the public and private sector as an engineer and db administrator. Agenda 6:15 PM: Refreshments and networking 6:45 PM: Authorization in ASP.NET Core 7:30 PM to 8:30: Q&A and wrap-up and more networking

TBD