Home>
OAuth2>
Common frameworks, libraries and design patterns I use

Common frameworks, libraries and design patterns I use

Published April 1, 2022 in .NET core , Angular , Architecture , Azure , Azure Active Directory , Azure ADB2C , Design Patterns , OAuth2 , OpenID Connect

In this short post, I share some of the core frameworks, libraries and design patterns I worked with on a regular basis.

Clean architecture and CQRS for backend

I have worked with projects that use the multi-layer architecture, as well as the clean architecture. I like the the clean architecture better because it naturally helps to reduce the couplings between the layers and has more emphasis on the domain. If you are not familiar with the clean architecture, checkout some of the links under the Reference section.

I have worked on projects that use or started with generic, multi-purpose services. For example, in one of the recent project, we initially had a single service class in which we wrote codes for talking to the database and also communicating with a downstream API. Clearly, the design violates the Single Responsibility Principle. Later, we separated the responsibilities in the generic service into multiple classes, following the CQRS pattern. At first,I was hesitate to refactor the service into multiple classes, following CQRS pattern because the project is not complex, and I read somewhere that CQRS may not be appropriate for simple projects. However, I’m glad I did the refactor because the overall structure became easier to add features and maintain since each class has a single, clear responsibility.

Angular and Bootstrap for front-end

Angular provides a standard way to reuse codes and layouts through components and modules. For example, suppose I need to style the headers of a page. In angular, I can implement the styling and rendering logic as part of a component. I can reuse the component wherever I need to display the headers.

Bootstrap aids with creating responsive layouts that work across different screen sizes. One of the core features of Bootstrap is its grid system. You can arrange items on a row based on the idea that a row consists of 12 columns. Bootstrap also has built-in templates and CSS classes to build complex layouts without having to write much CSS codes. For example, bootstrap provides built-in style classes for flex layouts such that I can reference directly in HTML templates without having to write additional css codes.

Entity Framework Core (EF Core) and Dapper for data access

In projects i have worked on, EF Core is the standard library we use for accessing data in a relational database. Using EF Core, you can model the tables and relationships in the database in C#, and the framework takes care of converting the data from the database into objects and vice versa. EF Core and LINQ enable you to build database agnostic applications. In other words, you don’t need to do change much of your codes when migrating from one database provider to another. This is assuming you don’t use vendor specific query languages like Oracle SQL or Microsoft T-SQL.

Besides EF Core, Dapper is another popular ORM I have worked with. I use Dapper to read data from an SQL database and convert into models which I serialize as JSONs for returning to the front-end application. I choose Dapper for read queries because I don’t need to keep track of the entity states, and using Dapper is sufficient and more performant as the framework is more lightweight than EF Core. However, for write queries, I use EF Core which allows me to update the entities in C# and persist the entities into the database without having to write SQL.

Oidc-client-js and MSAL for .NET for security

Oidc-client-js is a javascript library for front-end, browser based applications to obtain access tokens to call backend APIs. I have used the framework to provide sign in functionalities in angular applications using both the implicit flow and authorization code flow with proof key for code exchange (PKCE). I have written a few blog posts sharing my experience using the library. However, this library is no longer being maintained. In a project I’m working on, I’m switching to MSAL for angular.

For backend, I use MSAL for .NET to validate the access tokens coming from client applications. Microsoft has made it extremely easy (and sometimes magical) to validate access tokens. For instance, to validate tokens issued from an azure ADB2C tenant using JwtBearer middleware, I just need to provide a few configs in appsettings and a line of codes as shown in below snippets. The middleware performs all the validations including checking the signature, token expiration date, issuer, audience, sub etc …

Below show the codes in the Startup class for validating access tokens. The code references the config section “AADB2C” in appsettings file.

      // security configs for validating an access token coming from the 
      // client application. 
      services.AddMicrosoftIdentityWebApiAuthentication(Configuration, configSectionName: "AADB2C");

Below shows the configurations in appsettings for token validation.

  // for validating B2C token coming from angular app.
  "AzureAdB2C": {
    "Tenant": "*******",
    "ClientId": "b9deba45-****-****-****-************",
    "Policy": "B2C_1_a_signup_signin",
    "Scope": "AccessAsUser"
  },