How signature verification works at a low level — This is the final article in the “How Browsers Verify Digital Certificates” series. If you haven’t already, have a read of part 1 before proceeding. In this article, we will: Extract the “to be signed” (tbs) certificate from the R3 certificate. Extract the signature from the R3 certificate. Use .NET…

How signature verification works at a low level — This is part 1 of a 2 part series where we look at how a digital certificate’s signature is verified. In this article, we’ll look at how we can extract the public key from a root CA certificate, and in part 2, we’ll look at how we can use that…

A look at how constants work in the .NET Framework — What is const? When a variable is marked as const, its value cannot change. eg. const int BoilingTempCelcius = 100; A constant must be determinable at compile time, which means only the primitive types (bool, int, long, stringetc) can be marked as const. However, C# lets you declare a non-primitive type as const…

Some questions and answers about HSTS and preload — Here are some questions I came up with while learning HSTS, and the corresponding answers. What is HSTS? The Strict-Transport-Security header looks like this:

A look at the memory consumption of each in .NET 5.0 — Let’s compare iterating over an IList<T> and a List<T> using a foreach loop and see which one uses more memory. Here I’m using the BenchmarkDotNet NuGet package to view the allocated memory. Results

A comparison of the number of iterations in .NET 5 and .NET Framework — How many source “iterations” would happen when the below code executes? Hypothesis Most people think one of two things: The source is iterated just once, so three iterations/loops for a source with three items. Nine iterations (each extension method iterates the collection). Let’s find out the correct answer. What is an iteration?

A deep dive into the inner workings of Antiforgery tokens in .NET 5.0 — In this article I’ll talk about what values an antiforgery token can take on in .NET 5.0. You should already have a basic understanding of antiforgery tokens and how to use them in .NET 5.0. The First 26 Characters If you’ve read my first article on antiforgery tokens, you’ll know that out of the…

A look into whether or not antiforgery tokens can be stolen — Antiforgery Tokens Here are some questions I came up with while learning about antiforgery tokens and how they can protect against CSRF attacks. You should already know what a CSRF attack is, and what antiforgery tokens are. Read my article if you’re interested in how antiforgery tokens work behind the scenes. Login CSRF attack A…

How antiforgery tokens work in .NET 5.0 — In this article I’ll talk about how antiforgery tokens work behind the scenes by answering these questions: How does the cookie name get generated? How do the cookie and HTML form tokens get generated? How are the tokens verified? You should already know what antiforgery tokens are, and how to…