Monday, January 14, 2013

User Management for Mobile Worlds.

Simple App Management Model.

I always like to start things out simply.  So, I've been working on this User Management Service, for mobile applications.  There are some columns missing.  Like LastLogin on the User.. etc.  Probably some tables for Application, if I were building an auto-updating Mobile Application service.  *coughs* Don't really want to get too much into the things I've left out on here at points.

The great thing about cloud work, is that you have no infrastructure.  I've seen a whole pile of nerds go gabby over how many servers etc that they manage, but once you commit capital to those resources, in a lot of ways it's like buying a new car.. just driving them off the lot, you lose value.  Not even that, if you have capital for those assets, then even worse from a business aspect, you have to have nerds to take care of that new ferrari server you've got parked in that rack.  That rack probably has AC cooling.  Why do the rack if you aren't going to cool your hardware off and risk component damage?  Then you need a locked room.  Not a great idea to have a ferrari, if you can't stop who takes it for a spin, right?  That's the problem with infrastructure, it starts to own you.

By staying up in the cloud, my servers get cheaper, the more competition there is for pricing, which happens pretty dang often (Thank you microsoft and amazon for being in a world domination tour, oh, Amazon is winning, MS, you better start making stuff as cheap as the competition, or you'll find that only C# sharp survives).

I'm going to throw some examples up here for components. I frequently use :

SendGrid.  Great service in Azure.  It's pretty much an add-in for your Azure account, and once you add that service to your account, you'll have the credentials to send your emails for your applications.

            SendGrid myMessage = SendGrid.GenerateInstance();
            myMessage.AddTo(u.UserEmail);
            myMessage.From = new System.Net.Mail.MailAddress("youremail", "youremaildisplayname");
            myMessage.Subject = "Welcome to {System}";
            string greeting = string.Format("Hello, {0}", u.FirstName);

            myMessage.Text = greeting + "\r\n" + "We are glad to have you in {System}.";

            // Create credentials, specifying your user name and password.
            var credentials = new NetworkCredential("credentialsgiveninsignupprocess", "");

            // Create an REST transport for sending email.
            var transportREST = SendGridMail.Transport.SMTP.GenerateInstance(credentials);

            // Send the email.
            transportREST.Deliver(myMessage);

Next comes to security.  I can't afford to have passwords in my account management system.  I can afford a salt and a hash.  So, here is the code for that.

        private static byte[] Hash(string value, string salt)
        {
            return Hash(Encoding.UTF8.GetBytes(value), Encoding.UTF8.GetBytes(salt));
        }

       private static byte[] Hash(byte[] value, byte[] salt)
        {
            byte[] saltedValue = value.Concat(salt).ToArray();
            
            return new SHA256Managed().ComputeHash(saltedValue);
        }

Oh, the return on that SHA-256, I just saved as varbinary (32).  I'm sure there are many different types you could use, but I was up at 1am in the morning, and when I finally got it working properly, I just called it quits for the night.

Two more simple utilities that I've found necessary, and are working quite well for me.  Remember to post on https folks.