Apple Pay with a .NET Backend

I saw a question and submitted my solution here https://developer.apple.com/forums/thread/653672?answerId=681767022#681767022. I’ll copy/paste here in case it’s easier to find.

Requesting an Apple Pay Session in .NET

I was able to get this working! The thing that's most important to know is that you CANNOT just import the .cer file from your developer portal into your Windows cert store and start attaching it to your requests. In order to get it to work, I had to:

  1. Create a .pfx file (which will, by nature, contain both the cert and its key) as shown here: https://blog.aclerbois.be/blog/2020/01/09/Generates-a-pfx-for-Apple-Pay

  2. Import the generated .pfx file into my Windows cert store.

  3. Attach the cert to my WebRequestHandler

Here's my C# code:

public async Task GetSessionAsync(string validationUrl = null)

    {
        var sessionRequestBody = new ApplePaySessionRequest
        {
            merchantIdentifier = ConfigurationManager.AppSettings["ApplePayMerchantIdentifier"],
            displayName = "DISPLAY NAME",
            initiativeContext = ConfigurationManager.AppSettings["ApplePayInitiativeUrl"]
        };

        var handler = new WebRequestHandler();       
        handler.ClientCertificates.Add(GetCertificate(MerchantIdentityCertThumbprint));            

        var client = new HttpClient(handler);

        var url = !string.IsNullOrWhiteSpace(validationUrl) ? validationUrl : PaymentSessionEndpointUrl;
        var response = await client.PostAsJsonAsync(url, sessionRequestBody);
        var applePaySession = await response.Content.ReadAsAsync<ApplePaySession>();
        return applePaySession;
    }

    private X509Certificate2 GetCertificate(string certThumbprint)
    {
        X509Store userCaStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);

        try
        {
            userCaStore.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certificatesInStore = userCaStore.Certificates;
            X509Certificate2Collection findResult = certificatesInStore.Find(X509FindType.FindByThumbprint, certThumbprint, false);
            X509Certificate2 clientCertificate = null;
            if (findResult.Count == 1)
            {
                clientCertificate = findResult[0];
            }
            else
            {
                throw new Exception("Unable to locate the correct client certificate.");
            }
            return clientCertificate;
        }
        catch
        {
            throw;
        }
        finally
        {
            userCaStore.Close();
        }
    }

How I Wrapped an API

In my day-to-day, I primarily maintain a web API. It’s had limited consumers, but we’re now centralizing a lot of functionality there. The problem we encountered was that only a limited number of developers on the team had experience with RESTful services, or even calling things in general over HTTP from .NET. This post is about the library I created for a team whose primary focus is a Windows Forms app to enable them to interact with our web API using a more familiar paradigm.

You can dive right into the code here on my github.

Read More

Javascript Tip: Datez

A quick one!

A coworker of mine had an interesting problem regarding cross-browser javascript dates.  

Does this look fine to you?

new Date('2016-08-29T14:42:07.56')

It looks fine to me.  It turns our it's not fine. In order for this code to return you an expected datetime across browsers (in our case Chrome and IE), we should specify either a timezone or a specific offset.  Since we didn't particularly care to add a specific offset, we used

new Date('2016-08-29T14:42:07.56Z')

Yep, we just slapped a "Z" on there.  Apparently, "Z" is a zero-time UTC offset (-00:00).  

This happens because Chrome assumes an unspecified date to be a UTC time with a zero-offset, while IE assumes the timezone should be the same timezone of the client machine (in our case, EST, -05:00).

If you wanted to specify your particular locale's offset, you could construct the date this way

new Date('2016-08-29T14:42:07.56Z-05:00')

Thanks to Moshe Karmel for the advice!  

For reasons like this, I tend to use momentjs for basically everything having to do with dates. 

Windows Authentication and Web API 2

I've recently had a situation come up at work where I need to protect our ASP.NET Web API 2 deployment with Windows Authentication.  We run our web client through Chrome and IE and we needed the NTLM negotiation to be handled gracefully.  There are a few things that we had to put in place to get this to go.  Here they are in list form.  The code for both the problem and the solution is here on my github.

Read More

Intro to SQL Part 1 - RDBMS and Retrieving Data

Intro to SQL Part 1 - RDBMS and Retrieving Data

A friend of mine asked me to do a tutorial on SQL, so here we go!  This article will begin to introduce relational database concepts and will end with a few examples of how to retrieve data from a database using the select keyword.  I'll stick to keeping this intro extremely basic - SQL heads please chime in with anything that might help someone just starting off in the world of databases.  We will be approaching this topic from the perspective of an application developer - not a Database Administrator.  Here's a TLDR for those who prefer to start at the end and work your way back to the beginning.

Read More