Permission Bits in Base64 String

We’ve been kicking around some ideas of how to revamp user permissions in our application, and I was reflecting on how I’ve done it in the past. Previously, I worked on a client/server application where each user had a permission string that tracked all the rights they’d been granted, and global enumerations were used to identify which permissions and rights. I was explaining the approach to colleagues, and there was enough interest that I decided to recreate it.

Here’s the summary:

  • Each user has a Base64-encoded permission string
  • There’s an enumeration for the different modules; this identifies which byte in the permission string contains the rights
  • There’s an enumeration for the different rights which can be granted for a given module; these are used in bitwise operations to check or modify a user’s rights to a module

Enumerations

public enum Modules
{
    ModuleOne = 0,
    ModuleTwo = 1,
    ModuleThree = 2
}

public enum Permissions
{ 
    Create = 1,     // 0000 0001
    Read = 2,       // 0000 0010
    Update = 4,     // 0000 0100
    Delete = 8,     // 0000 1000
    Execute = 16    // 0001 0000
}

Granting Permission

Granting a permission is a simple as specifying the module and permission to grant. The module is used to identify the correct byte, and then a bitwise OR is performed to enable the corresponding permission bit.

string GrantPermission(string permissionString, Modules module, Permissions permission)
{
    if (permissionString == null)
    {
        permissionString = string.Empty;
    }

    var bytes = Convert.FromBase64String(permissionString);
    
    if (bytes.Length <= (int)module)
    {
        Array.Resize(ref bytes, (int)module + 1);
    }

    bytes[(int)module] |= (byte)permission;

    return Convert.ToBase64String(bytes);
}

Checking Permission

Checking a permission is very similar to granting except that we AND the permission mask. If the result isn’t zero, that means the user has the specified permission.

bool HasPermission(string permissionString, Modules module, Permissions permission)
{
    if (string.IsNullOrWhiteSpace(permissionString))
    {
        return false;
    }

    var bytes = Convert.FromBase64String(permissionString);

    if (permissionString.Length < (int)module)
    {
        return false;
    }

    var b = bytes[(int)module];

    return (b & (byte)permission) != 0;
}

Revoking Permission

Revoking a permission is similar as well. This time, we’ll invert the bits on the permission mask and AND it to the module permission byte so that all non-zero bits except the specified permission will remain the same.

string RevokePermission(string permissionString, Modules module, Permissions permission)
{
    if (permissionString == null)
    {
        permissionString = string.Empty;
    }

    var bytes = Convert.FromBase64String(permissionString);

    if (bytes.Length <= (int)module)
    {
        return permissionString;
    }

    bytes[(int)module] &= (byte)~permission;

    return Convert.ToBase64String(bytes);
}

Conclusion

This was just a quick & dirty re-implementation of something from the past. I haven’t put this code through the wringer, so there may be some bugs, and you could probably make it more developer-friendly by extracting it to its own class or moving this logic into some nice extension methods. It’s an efficient way to store and check permissions for a collection of modules. Depending on your needs, it might be a good fit. I’m also wondering if this could be used in a hybrid system–for example, perhaps it would make sense for different applications or scopes to have their own permission string within a larger system.

Pull Image From Private Registry

In order to deploy an image into Kubernetes, the image must be available in a registry. I’m very much in the learning & experimenting phase of my Kubernetes journey, and I find myself using Docker Hub private registries for a lot of things. After using docker login I can docker push & docker pull images from a private registry just by naming them correctly with my Docker ID e.g. <my-docker-id>/some-image. However, kubectl doesn’t automatically inherit this knowledge and access, so what must be done to enable deployment of a locally-developed image into a locally-runing cluster? Let’s take a look!

The first thing we need to do is authenticate to the registry, which we can do using docker login. This will prompt for credentials and store an authorization token in ~/.docker/config.json. The lines below demonstrate how to do this and view the result.

docker login
cat ~/.docker/config.json

In order to make the authentication token accessible to the Kubernetes cluster, we can use Secrets. The following commands can be used to copy the credential from the Docker config.json into a Secret named regcred and inspect the result.

kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
    --type=kubernetes.io/dockerconfigjson
kubectl get secret regcred --output=yaml

Next, we’ll create a Deployment that includes our Secret. Create a new file my-app-deployment.yaml with the following contents:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: <my-docker-id>/my-app:latest
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: regcred

And we’ll need to expose the deployment with a Service, so create another file my-app-service.yaml with this for its contents:

apiVersion: v1
kind: Service
metadata:
  name: my-app-svc
  labels:
    app: my-app
spec:
  type: NodePort
  ports:
  - port: 80
    nodePort: 30080
  selector:
    app: my-app

Now we use these files to create the Deployment and Service in Kubernetes:

kubectl create -f my-app-deployment.yaml
kubectl create -f my-app-service.yaml

That should do the trick. You can inspect the Deployment and Service using kubectl get pods and kubectl describe service my-app-service respectively. Assuming everything deployed correctly, you should be able to access your app at http://cluster-host-ip:30080.

Run an ASP.NET Core App on Raspberry Pi With Docker

In my last article, I wrote about how to create a single-page Angular app using the .NET Core CLI, create a Docker image, and run it as a container in about 4 steps that take just minutes to execute. By modifying a single line in your Dockerfile, you can target the 32-bit ARM architecture needed to run the image as a container on a Raspberry Pi.

Here’s the one line that needs to change in the Dockerfile to make it runnable on ARM32 (old line is commented for reference):

# FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1.2-buster-slim-arm32v7 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY ["my-app.csproj", "./"]
RUN dotnet restore "./my-app.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "my-app.csproj" -c Release -o /app/build
RUN apt-get update && \
    apt-get install -y wget && \
    apt-get install -y gnupg2 && \
    wget -qO- https://deb.nodesource.com/setup_10.x | bash - && \
    apt-get install -y build-essential nodejs

FROM build AS publish
RUN dotnet publish "my-app.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "my-app.dll"]

Note that the official list of available tags for different architectures can be found here. Consult this list to determine if newer images are available.

That’s it, though. Create your image, push it to Docker Hub, pull it on your Raspberry Pi, and run it just as you would locally. If you haven’t used Docker Hub before, you’ll need to login and create a repository. Check out the Docker Hub Quickstart for help. You may also need to run docker login on both machines to access your new repo.

# dev machine
docker build -t <dockerID>/repo .
docker push <dockerID>/repo

# raspberry pi
docker pull <dockerID>/repo
docker run -d -p 5000:80 <dockerID>/repo
The default dotnet new Angular app running locally on Raspberry Pi.

10 Minutes to Create & Run .NET Core Angular SPA in Docker

In this article, I’ll demonstrate how to create an ASP.NET Core Angular single-page application using the .NET Core CLI, create a Docker image, and run it as a container. The entire process is just 4 steps, each of which takes about a minute to perform–although creating the Docker image takes a couple minutes to complete. Note, also, that these same steps work from both Linux and Windows.

  1. Create Angular application
  2. Create Dockerfile
  3. Create Docker image
  4. Run container

Before you start, make sure you have the following prerequisites installed.

  • .NET Core SDK
  • Visual Studio Code with Docker extension
  • Docker

Installation can be verified by running these commands:

dotnet --version
code --version
code --install-extension ms-azuretools.vscode-docker
docker --version

Create the Application

We begin by creating our Angular application using the dotnet new command and specifying the angular template. The -o argument will cause the new project to be created in a sub-folder named my-app. This will create a .NET Core ASP.NET project with an Angular app in its ClientApp folder. After running the command, go into the new directory and launch Visual Studio Code.

dotnet new angular -o my-app
cd my-app
code .

Add Docker Files

With the Docker extension for VS Code installed, you can add Docker files easily via the command palette. Open the command palette using ctrl+shift+P or View > Command Palette menu options, and run the command Docker: Add Docker Files to Workspace. (Tip: type “docker” to filter commands.)

Selecting the command will ask you a series of questions:

  • Application Platform: ASP.NET Core
  • Operating System: Linux
  • What port(s) does your app listen on? 80, 443

If you’re running Docker on Windows, it’s important to make sure Docker is configured to run the right type of containers (Windows vs Linux). I answered “Linux” above, and I can confirm that my Docker for Windows is configured to run Linux containers by clicking the Docker icon in my system tray, as shown in the screenshot below. It shows “Switch to Windows containers” which means it’s currently using Linux containers. It’s fine to use Windows containers, too, but you’ll need to adjust installation instructions for NodeJS in the Dockerfile further down.

Once you’ve answered the Docker extention’s questions, a Dockerfile is generated. One modification is needed to also install NodeJS for our client app. The lines needed to do this are highlighted in the complete Dockerfile below.

FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY ["my-app.csproj", "./"]
RUN dotnet restore "./my-app.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "my-app.csproj" -c Release -o /app/build
RUN apt-get update && \
    apt-get install -y wget && \
    apt-get install -y gnupg2 && \
    wget -qO- https://deb.nodesource.com/setup_10.x | bash - && \
    apt-get install -y build-essential nodejs
    
FROM build AS publish
RUN dotnet publish "my-app.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "my-app.dll"]

Build the Image

When you’re done editing your Dockerfile in VS Code, save changes and head back to the command line. Run the following command to build your image:

docker build -t my-app .

Verify that the image was created by running another command:

docker image ls my-app

Run a Container

Now we’ll use the docker run command to run a container using our image. We’ll specify two arguments: -d to run in detached mode and -p to map ports on the local machine to the container.

docker run -d -p 5000:80 my-app

Verify that the app is running by browsing to the localhost:5000:

Moq Quick Reference for Rhino Mocks Users

Behold! A quick reference guide for Rhino Mocks (AAA syntax) users making the switch to Moq.

Rhino MocksMoq
MockRepository.GenerateMock<T>new Mock<T>
MockRepository.GeneratePartialMock<T>new Mock<T> { CallBase = True }
.Stub(…).Return(…)
.Stub(…).WhenCalled(…)
.Stub(…).Do(…)
.Setup(…).Returns(…)
.Expect(…).Return(…)
.Expect(…)
.Setup(…).Returns(…).Verifiable()
.Setup(…).Verifiable()
Arg<T>.Is.AnythingIt.IsAny<T>()
Arg<T>.Matches(…)It.Is<T>(…)
Arg<T>.Is.Equal(foo)It.Is<T>(x => x == foo)
.AssertWasCalled(…).Verify(…)
.AssertWasNotCalled(…).Verify(…, Times.Never)
.VerifyAllExpectations().Verify()

In addition to the syntax translations listed in the table above, a key difference is that you use the instantiated mock object via the mock’s Object property. For example:

var mock = new Mock<SomeClass>();
SomeMethod(mock.Object);

Parse Emails With Power Automate

Last week, I wrote about how to use Power Automate to add automation to everyday tasks like emails. One of the examples I gave was to notify myself when vacation requests arrive so I can approve them as quickly as possible. Emails like these frequently have links like “click here to view the request” that take you to the item needing attention. It sure would be nice if we could extract that link and do something useful with it, right?

Regular expressions are a great way to parse text like this to extract useful details. Unfortunately, Power Automate doesn’t seem to have native support for regular expressions, but there are connectors from a third-party provider Plumsail. I took it for a test run today, and it worked pretty well. So, let’s take a look at the steps.

In order to use the Plumsail connectors, you’ll need a Plumsail account & API key. You can register for an account here, and create an API key here. Keep your API key handy, and head over to Power Automate.

In my workflow, I added the Plumsail Regular Expression Match connector as a new action after my “When a new email arrives” trigger action. If it’s the first time using a Plumsail connector, it will prompt you for your API key and a connection name.

After you’ve specified your connection name & API key, the connector UI changes to what you’d expect for a regular expression: Pattern & Text. The output of this control is a collection of matches, and the dynamic content will adjust based on the capture groups (parentheses) specified in your pattern.

In the screenshot above, my regular expression will search the email body for the “please click here” hyperlink and capture the URL. I can then dump this URL into the message to myself in Slack. Works great!

Build a Linux .NET Core Dev Machine in Under an Hour

I have a complicated relationship with Linux. Every few years, I get nostalgic about my Solaris days back in college. So I build a machine, struggle through getting all the hardware & whatnot working, and invest tons of time trying to get the Windows apps I know & love running on it. Then I give up and go back to Windows.

And that’s about where I’m at now, in the nostalgia/fascination stage with fantasies of leaving my familiar Microsoft pastures. At work, we’re moving more & more toward containerization and Kubernetes with the goal of reducing cost by hosting services on Linux. Maybe its relevance to work will give the effort more legs this time?

So I embarked on the journey (again) and have been pleased with how much the experience has matured. Doing a clean install of Ubuntu on my old laptop was completely painless. I didn’t need to do any special setup or troubleshooting to get hardware running. In fact, it was 100% as easy as installing Windows, which I was forced to do a few weeks earlier presumably due to some botched updates that had me blue-screening every few minutes.

Keeping the momentum going, I jumped right into installing .NET Core and setting up Visual Studio Code. The whole thing–from beginning to end; from formatting and installing the OS to running my first console app–took about an hour.

It was easy enough that just about anybody capable of doing a clean OS install should be able to manage it. In fact, let’s go through all the steps, right now! I’ll walk you through what’s needed from installing the OS, .NET Core, and VS Code all the way through to creating and running a new project.

Getting the operating system up & running is obviously step 1. I followed the instructions on the Ubuntu website:

  1. Create a bootable USB drive
  2. Boot off the device
  3. Follow install directions

Alternatively, you could use a virtual machine. Since I’m retracing my own steps as I write this, I’m using VirtualBox which is freely available to everybody–so no excuses about not having a spare computer laying around! If you’re going this route, download VirtualBox, fire it up, and create a new virtual machine. For reference, I picked Linux/Ubuntu (64-bit) and used all defaults*. You still need to download the Ubuntu ISO, and select it as the boot media the first time you start the VM.

*My VM kept hanging during install until I increased memory from the default 1024 MB to 2048 MB.

Alright, now we’ve got our Linux machine running, and it’s time to install .NET Core. Follow Microsoft’s instructions to install the .NET Core SDK, or open a terminal and run the following commands:

wget -q https://packages.microsoft.com/config/ubuntu/19.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get install dotnet-sdk-3.1

We’re almost there now. Install Visual Studio Code along with the C# extensions by running a couple more commands:

sudo snap install --classic code
code --install-extension ms-vscode.csharp

That’s it! Who’s ready to run some code? Use the dotnet CLI to create a new console app, open the code in VS Code, and run it using F5 or Debug > Start Debugging. (If it’s your first run with the C# extensions installed, you may need to wait while it downloads dependencies.) VS Code will ask you which environment to use; pick .NET Core to add a launch.json file which tells VS Code how to run your app.

dotnet new console -o HelloConsole
cd HelloConsole
code .

And there you have it. Reproducing the setup on a VM, I was able to download the Ubuntu ISO, create a clean install, install .NET Core SDK & runtime along with VS Code, and create & run a new C# console app in under an hour. Not bad!