DEV Community: Ravi Ranjan Pandey

Setting Android Emulator in an AMD Powered Computer using Visual Studio 2022

Ravi Ranjan Pandey — Mon, 14 Feb 2022 05:09:33 +0000

If you are a xamarin mobile app developer and currently setting up android emulator on a windows 10 or windows 11 machine running on AMD Processor, then this article can help you to save some time and efforts while setting up the android emulator.

In a normal installation process we need to select tools for xamarin app development and install it. For launching the emulator create a project for android mobile app and go to
Tools->Android->Android Device Manager
Click on New Button and Create a Google Pixel Device with latest android version and Click Start.

If you don't get any errors and the Emulator runs smoothly then congratulations you have made it else don't worry this article can help you with few workarounds to keep emulator up and running.

First step is to check if Windows Hypervisor Platform option is checked in the Turn Windows Features on or off screen in control panel.

Now we need to enable Hardware acceleration for AMD Processor. Go to Android SDK Manager(Tools->Android->Android SDK Manager)
Click on Tools Tab and Extras Menu. Check Android Emulator Hypervisor Driver for AMD Processors(installer) and install it.

Restart the System and Try to launch the Android Emulator it should start smoothly. But in case you did not get success keep exploring further and create another article describing the fix.

Happy Coding!

Create a Web Api using Minimal Api in .NET 6

Ravi Ranjan Pandey — Sun, 13 Feb 2022 06:51:55 +0000

.NET 6 brings many language improvements in C# 10. Minimal Api is one such feature which allows to create a web api with less boilerplate code. Here is the example which uses Minimal Api for creating an AES Encryption and Decryption api.

using AESEncryptDecrypt;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();

app.MapPost("/encrypt", (string value) =>
{
    string key = app.Configuration["AES:Key"];
    string iv = app.Configuration["AES:AES_IV"];
    return Results.Ok(AESEncDec.AESEncryption(value, key, iv));
});
app.MapPost("/decrypt", (string value) =>
{
    string key = app.Configuration["AES:Key"];
    string iv = app.Configuration["AES:AES_IV"];
    return Results.Ok(AESEncDec.AESDecryption(value, key, iv));
});

app.Run();

Full Code can be found here on Github

How to securely send/receive key params in an .NET Core WebAPI and Javascript Application

Ravi Ranjan Pandey — Wed, 14 Jul 2021 08:05:41 +0000

In an api its common to have some identifier keys to identify user details and process data accordingly. Its also common to take these details from either query parameters or headers or route path from client side.
However these apis will be rejected in the security audit process as they expose user data and has insecure object reference vulnerability, which can be maliciously exploited to get information of other users by tweaking these api parameters.
There are many ways to handle this security issue, however in this tutorial i will explain how to handle this by encrypting these params together into a single key and sending that in a header. I will also explain how to handle it at the api level using a middleware in .NET Core Api. Encryption is done in javascript to use in a client application and decryption is done in C# at the API level.
I have used AES Key-Based Encryption algorithm to achieve encryption and decryption.

Lets assume we have an salaries api with employeeid as param

api/salaries/getbyemployeeid?employeeid=1031

in this api, we are exposing an important key identifier employeeid and hence its exposed because anyone with some basic authentication can check details of another employee to avoid this first we will remove the query parameter.

api/salaries/getbyemployeeid

next we will generate an encrypted key using AES Encryption and then we will send that key as header.

Encryption in JavaScript

install the package npm install crypto-js


const CryptoJS = require('crypto-js');
function Encrypt(str) {
                 var KEY = "12345678900000001234567890000000";//32 bit
                 var IV = "1234567890000000";//16 bits
        var key = CryptoJS.enc.Utf8.parse(KEY);
        var iv = CryptoJS.enc.Utf8.parse(IV);

        var encrypted = '';

        var srcs = CryptoJS.enc.Utf8.parse(str);
        encrypted = CryptoJS.AES.encrypt(srcs, key, {
            iv: iv,
            mode: CryptoJS.mode.CBC,
            padding: CryptoJS.pad.Pkcs7
        });

        return encrypted.ciphertext.toString();
    }
var encryptedEmployeeId = Encrypt("1031");
console.log(encryptedEmployeeId);
//result would be EF082204BF6F804099396A96CC7733F4

Decryption in C#


public class EncryptDecrypt
{
    public static string AESDecryption(string input)
    {
        string AES_IV = "1234567890000000";//16 bits 
        string key = "12345678900000001234567890000000"; //32 bits
        byte[] inputBytes = HexStringToByteArray(input);
            byte[] keyBytes = Encoding.UTF8.GetBytes(key.Substring(0, 32));
            using AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider();
            aesAlg.Key = keyBytes;
            aesAlg.IV = Encoding.UTF8.GetBytes(AES_IV.Substring(0, 16));

            ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
            using MemoryStream msEncrypt = new MemoryStream(inputBytes);
            using CryptoStream csEncrypt = new CryptoStream(msEncrypt, decryptor, CryptoStreamMode.Read);
            using StreamReader srEncrypt = new StreamReader(csEncrypt);
            return srEncrypt.ReadToEnd();
    }

private static byte[] HexStringToByteArray(string s)
        {
            s = s.Replace(" ", "");
            byte[] buffer = new byte[s.Length / 2];
            for (int i = 0; i < s.Length; i += 2)
                buffer[i / 2] = (byte)Convert.ToByte(s.Substring(i, 2), 16);
            return buffer;
        }
}

Send encrypted param in the header
I added a header named Request-Id
Request-Id : EF082204BF6F804099396A96CC7733F4

Adding a Request Middleware to grab the header value and Decrypt it.


public class RequestMiddleware
    {
        private readonly RequestDelegate _next;
        public RequestMiddleware(RequestDelegate next)
        {
            _next = next;
        }
        public async Task Invoke(HttpContext context)
        {
            if (context.Request.Headers.TryGetValue("Request-Id", out var requestid))
            {
                var employeeid = EncryptDecrypt.AESDecryption(requestid);     
            }

            await _next(context);
        }
    }

Configure the Middleware before the middleware used for other apis to make it available and can be saved in a static variable.

app.UseMiddleware(typeof(RequestMiddleware));

Conclusion
So, in this tutorial i explained how can we send key based encrypted parameter in an api request in the header instead of sending directly and modified the api as shown initially.

Configure Authorization in OpenAPI(Swagger UI) for JWT in ASP.Net Core Web Api

Ravi Ranjan Pandey — Mon, 05 Apr 2021 03:37:24 +0000

OpenAPI Specifications are popular choices for REST Api documentation and Swagger UI is interactive API documentation in ASP.Net Webapi.

Authorization needs to be configured for Swagger UI to bear Json Web Tokens(JWT) in the authorized APIs.

Here's how you can add security schema in the dependency container.


public void ConfigureServiceExtensions(IServiceCollection services, IConfiguration configuration)
        {
            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "MyProject", Version = "v1.0.0" });

                var securitySchema = new OpenApiSecurityScheme
                {
                    Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
                    Name = "Authorization",
                    In = ParameterLocation.Header,
                    Type = SecuritySchemeType.Http,
                    Scheme = "bearer",
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "Bearer"
                    }
                };

                c.AddSecurityDefinition("Bearer", securitySchema);

                var securityRequirement = new OpenApiSecurityRequirement
                {
                    { securitySchema, new[] { "Bearer" } }
                };

                c.AddSecurityRequirement(securityRequirement);

            });
        }