![\"This](\"/f46881583c7518a93bb24e94c32320de/a-developer-friendly-dark-theme.webp\")
At the dawn of \"smartphones\" in late 2007, when Apple released the iPhone, there were native apps. Apple's app framework included a native app SDK that allows developers to take advantage of all the physical device features and topped it off with an app store that allows for distribution and monetization of the finished applications. When Google released Android in competition, they also embraced this approach with their app store and SDK, which also leveraged the entire Google platform and its services.
\nDevelopers could tap into Google's search and maps services, as well as email, etc. Native applications served their purpose superbly and became the primo factor that propelled Android and iOS as the big two phone operating systems at the time, until the present day.
\nNative smartphone applications were so common that Apple coined the tagline \"There is an app for that\" and copyrighted it in 2009.
\nHowever, come the 2010s. Web technologies saw increasingly rapid growth. Server-side rendered web pages allow for the creation of full-fledged web applications that could offer business values beyond static information. The responsive design movement also enhances accessibility for these web apps across all platforms. It was also during this time that mobile applications became stagnant. Your phone started to have too many applications, and not all of them were equally useful. Some are thin clients to web services, which you could access using your mobile web browser instead.
\nRecognizing this, Progressive Web Applications, or PWA, came in to bridge the gap between native and web applications.
\nFirst and foremost, PWAs are web applications. They run in web browsers, but also usually in webviews on smartphones. Compared to traditional websites that you would visit with a conventional web browser, progressive apps tend to be a little more low key.
\nYou may see one through a direct URL, but more commonly through a desktop/home screen icon on your phone, which takes you to a webview hosting the application. By extension, PWAs are now also distributed through app stores, standing alongside native apps.
\nThe webview itself may also be without or with minimal menu bars to provide an impression close to navigating a native application. Furthermore, progressive applications usually come with some offline viewing capabilities, allowing you to interact with the app even when you are offline or in limited network availability. This is implemented using service workers that stand in between network requests and the user and handle caching as well as push notifications, providing a user experience similar to native app caching.
\nWith that in mind, the idea behind PWA is to create applications that would be most accessible, through the web, that also offers an experience as close to native applications as possible.
\nSuppose you are a new company looking to create a mobile application for your product. If you would like to distribute your app on all major mobile platforms - namely both iOS and Android - you would then have to go through the development and distribution process for both. First off, you will need to learn the language to develop Android applications (Java, Kotlin) and then iOS (Objective-C, Swift), have the correct hardware to test and develop.
\nThis process will have you relearn everything about one platform on the other. Once you finish the initial product, you will have to maintain both codebases moving forward to complete this.
\nWith a progressive app, the process becomes a lot simpler. Your application lives within a browser, and hence only needs to be supported by the browser standards. As of now, support for PWAs is available across major browsers: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, and Firefox (for Android).
\nYour language is the language of the web: JavaScript. The choice is also yours to leverage the JavaScript platform you are most familiar with, be it React, Angular, or something completely different. The JavaScript codebase will then become the only codebase you need to maintain for the app.
\nAlongside this, you also gain the advantage in the availability of the application. With PWA, your app will be available on the web, accessible by users across many platforms, including all mobile devices that have browser support.
\nPWAs live on the web; this means you do not need to download and store many executables and assets on your device, saving you precious storage space if you are using the app on your phone. This is especially useful when the native version of the application is simply a portal to a web service, which serves to make API calls and present data based on the user data on the server only, without performing any device-specific actions. The functionality of these applications is not inhibited by the browser's sandbox and thus make for perfect PWA candidates.
\nPWAs are designed to be responsive. Even though this depends largely on the individual developer of the application, a well designed and developed PWA should, in theory, provide a consistent experience across devices. With native apps, a lot of effort will be required to ensure that the user experience is uniform across multiple platforms. And even then, certain platforms will impose their own set of requirements on the UI look-and-feel, as well as the functionality of the app.
\nProgressive apps are a creative solution to smooth out the differences between a native app and the web, but not necessarily replace native apps. While it inherits all the advantages and features of the web, there are still certain disadvantages that need to be considered when deciding between a progressive app or a traditional native app.
\nFor one thing, progressive apps are designed to be uniform across devices. This means it is not the technology's focus to make use of specialized features that are available only on select devices. Its feature set will be the lowest common denominator of the range of devices that it supports. With how diverse the feature sets are on modern devices like smartphones and tablets, with high-resolution cameras or fingerprint sensors, to name a few, it would be amiss for applications not to take advantage of these features. It follows that progressive apps are not ideal for specialized workflows, while their strength is in general purpose applications.
\nCompatibility is another big-ticket item. At a baseline level, PWA should be supported by all major browsers. However, platform differences still exist, where specific features are supported by one browser but not another, which will cause inconsistencies in behavior when the user switches from one device/platform to another. A prominent example of this being push notification support on iOS, which requires jumping through some hoops to make it work, as Apple does not support this directly. With that in mind, the subtle differences between browser support become a limitation similar to the difference between native app platforms itself.
\nFor applications to reach the hands of the users, it needs a distribution platform. For native applications, the answer to this is straightforward: Apps are distributed through the native app store, be it Google Play Store or iOS App Store. However, for PWAs, it is more complicated. Distribution can be as simplistic as passing around the application's URL, and anyone who knows the link can access the app. This method has the added advantage due to Google and other search engines/web crawlers naturally picking up the app URL and returning it as a search result.
\nHowever, this method is passive and requires the user to know the application beforehand. Developers might prefer the more traditional way of having the app listed in an app store, which is possible but requires them to jump through the same hoops as native applications, following all of the distributor guidelines, which removes its advantage compared to traditional apps.
\nSo with everything considered, should you go the route of the progressive app? We do not aim to give a concrete answer, but instead a suggestion: If your application can be made a PWA, it is a good idea to do so. At the current moment, progressive apps are an evolution of web apps. Compared to the feature set that users are already familiar with in native apps, progressive apps still trail behind.
\nThis means that if the scope of the application is complex enough, PWA may not provide you with enough tools to do the job. With that said, if your application can be fully implemented with the set of tools that PWA provides, then going this route may net you added benefits that are unique to progressive apps. Are progressive apps the future? It definitely has the potential, but a large part of that answer depends on whether we can leverage its platform to build productive solutions with it today.
\n","frontmatter":{"date":"February 04, 2021","updated_date":null,"description":"How do Native Apps compare to Progressive Web Apps, and which platform does your company use to communicate with your clients? read on!","title":"PWA vs Native App: Which one is Better for you?","tags":["Progressive App","PWA","JavaScript"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/ff88b75a03f86a1891a9545ba6dcd4c4/ee604/index.png","srcSet":"/static/ff88b75a03f86a1891a9545ba6dcd4c4/69585/index.png 200w,\n/static/ff88b75a03f86a1891a9545ba6dcd4c4/497c6/index.png 400w,\n/static/ff88b75a03f86a1891a9545ba6dcd4c4/ee604/index.png 800w,\n/static/ff88b75a03f86a1891a9545ba6dcd4c4/f3583/index.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nathan Nguyen","github":"nathannguyenn","avatar":null}}}},{"node":{"excerpt":"What is Federated Identity Management Federated identity management or federation identity management was designed as a set of protocols and…","fields":{"slug":"/identity/what-is-federated-identity-management/"},"html":"Federated identity management or federation identity management was designed as a set of protocols and standards to help businesses share consumer identities.
\nLet's face it upfront. Password management is a painful exercise, which no one wants to deal with. Though guessable passwords make them easy to remember, it exposes consumers to hackers. Fortunately, federated ID management ensures both seamless and secure access that goes a long way in enhancing the overall user-experience
\nThough guessable passwords make password management hassle-free, it exposes users to hackers. No wonder a large chunk of consumers often falls prey to sensational data theft.
\nFortunately, Federated Identity Management (FIM) has got the right answer to it, which both organizations and end users would prefer to have at the disposal - sooner than later.
\nFederated identity management is an arrangement that can be brought into effect between two or more trusted domains to enable users to access applications and services using the same digital identity. FIM ensures both seamless and secure access that goes a long way in enhancing the overall user-experience.
\nTo have a fair perspective, we will have to take an in-depth look at the whole scenario and learn what is a federated identity.
\nEvery time an enterprise introduces a new application, consumers are forced to create a password for sign-in. Already burdened by a ton of passwords, most consumers either opt for a simple code or use the same cliched ones they have been using for a while. This results in a massive pile-up of passwords that they have to remember.
\nAn average person has 70-80 passwords, and that's a lot to remember. The entire cycle of creating passwords, forgetting, and resetting is vexing - to say the least!
\nWhile it is easier to blame end-users for being unable to manage passwords, enterprises are also indirectly responsible for the whole mess-up.
\nWhat's the point of spending millions on driving traffic if the end-users' access to your offered product is fraught with risk?
\nWell, this is where federated id management comes into the reckoning.
\nAnother pivotal aspect of FIM is an Identity Provider that manages everything from behind the scene. In a nutshell, an identity provider (also known as IdP) has the responsibility of creating and managing consumers.
\nWhenever a consumer tries to sign in to the application, an IdP authenticates the login credentials. After the authentication is complete, the application lets the consumer in.
\nLet's understand how federated id management work with an example. Let's assume your business needs to collaborate with a third-party. In the absence of a federated identity, you will need to set up an account on their website with a username and password to access their domain.
\nSo, when the consumer leaves, you will have to ask them to cancel the account and remove access.
\nWith a federated identity management system, the consumer will need to login only once using the assigned username and password. Once they are allowed in, they only need to click on the partner company page. They will be redirected to a request page where they can authenticate their access.
\nThe portal will directly verify the consumer’s data through Security Assertion Markup Language (SAML) or OpenID standards.
\nAs soon as they are granted access, they would be redirected to the partner company's page.
\nSo, the next time they log in to your company page, the consumer will also get access to the partner page over a quick authentication request.
\nThough FIM has several advantages, we are going to highlight the most pivotal ones:
\nRisk management is a critical aspect of Federated Identity Management (FIM), ensuring that the benefits of streamlined access and improved user experience do not come at the cost of security vulnerabilities.
\n1. Minimizing Password-Related Risks: FIM reduces the need for multiple passwords, which are often weak and reused across platforms. By centralizing authentication through an Identity Provider (IdP), FIM minimizes the risk of password-related breaches.
\n2. Enhancing Authentication Security: FIM systems often employ robust authentication protocols such as Security Assertion Markup Language (SAML), OpenID Connect, and OAuth 2.0. These protocols enhance the security of authentication processes, ensuring that only authorized users gain access.
\n3. Controlling Access Privileges: With FIM, administrators can manage access privileges more efficiently. This centralized control allows for timely updates to user permissions, reducing the risk of unauthorized access due to outdated or incorrect user roles.
\n4. Protecting Sensitive Data: By keeping authentication processes within a secure, on-premises environment or a trusted cloud service, FIM ensures that sensitive data, such as password hashes, remain protected from potential breaches.
\n5. Monitoring and Auditing: FIM systems typically include comprehensive logging and monitoring capabilities. These tools allow organizations to track access attempts, detect anomalies, and quickly respond to potential security threats.
\nBusinesses should implement FIM due to its versatility. It lets users access data with utmost ease while still offering a top-notch safeguard against data breaches.
\nApart from boosting the user experience, it also takes control of administrative overhead. Add to that the lucrative cost-effective measure.
\nWhile Federated Identity Management offers numerous advantages, implementing it comes with its own set of challenges that organizations need to address.
\nIntegrating FIM with existing systems and applications can be complex. Organizations often face difficulties in ensuring seamless interoperability between various platforms and the FIM system.
\nEstablishing and maintaining trust between different domains is crucial for FIM. Ensuring that all parties adhere to the same security standards and protocols is essential, but can be challenging.
\nRelying on a single IdP can create a single point of failure. If the IdP experiences downtime or a security breach, it can disrupt access to multiple services and applications.
\nHandling user identities across multiple domains raises privacy concerns. Organizations must ensure that user data is managed in compliance with relevant data protection regulations and that users' privacy is respected.
\nWhile FIM reduces some administrative tasks, it can introduce others. Administrators need to manage the FIM infrastructure, handle federated trust relationships, and ensure ongoing compliance with security policies.
\nDespite its security benefits, FIM can introduce new risks. Misconfigurations, inadequate monitoring, and failures in protocol implementations can expose the system to security threats.
\nAddressing these challenges requires careful planning, robust infrastructure, and continuous monitoring to ensure that the FIM system delivers its promised benefits without compromising security or usability.
\nEquipped with custom technologies, LoginRadius' FIM takes federated identity management experience to an altogether new level.
\nIt simplifies the implementation of Single Sign-On (SSO) and user experience across applications. Consumers can access multiple applications without requiring a new access credential.
\nThe key capabilities of federated identity management by LoginRadius include:
\nFederated identity management is increasingly becoming a must-have for more than one reason. Enterprises have realized that the huge spending on an advertisement, boosting traffic, and the endless campaign counts for nothing if the core customers aren't pleased.
\nFIM enhances the overall user experience of a customer by bringing into effect the much-required ease of use and intuitive experience, which makes it a real business enabler. Putting security threats like hacking and sensational data theft at a fair distance goes a long way in assisting an organization win the coveted trust.
\nFIM is all set to go mainstream for being a relatively young technology, which speaks volumes of the rapid pace with which organizations are implementing it.
\n1. What is federated identity management?
\nFederated Identity Management (FIM) is a system that allows users to access multiple applications across trusted domains using the same digital identity.
\n2. What is an example of a federated identity?
\nAn example of a federated identity is using a Google account to sign in to third-party applications like YouTube, Spotify, or various online services.
\n3. What are the 3 most important components of federated identity?
\nThe three most important components are the Identity Provider (IdP), the Service Provider (SP), and the authentication protocols like SAML, OAuth, or OpenID Connect.
\n4. What is the function of a federated identity?
\nA federated identity enables seamless and secure access to multiple applications and services without the need for separate login credentials.
\n\n","frontmatter":{"date":"February 04, 2021","updated_date":null,"description":" Let's face it upfront. Password management is a painful exercise, which no one wants to deal with. Though guessable passwords make them easy to remember, it exposes consumers to hackers. Fortunately, federated ID management ensures both seamless and secure access that goes a long way in enhancing the overall user-experience.","title":"What is Federated Identity Management","tags":["federated identity management","identity provider","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/da7123649a1c9c7e8e6a823d8978e3cb/33aa5/what-is-fim.jpg","srcSet":"/static/da7123649a1c9c7e8e6a823d8978e3cb/f836f/what-is-fim.jpg 200w,\n/static/da7123649a1c9c7e8e6a823d8978e3cb/2244e/what-is-fim.jpg 400w,\n/static/da7123649a1c9c7e8e6a823d8978e3cb/33aa5/what-is-fim.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"This blog will help you get started on deploying your REST API in Kubernetes. First, we'll set up a local Kubernetes cluster, then create a…","fields":{"slug":"/engineering/rest-api-kubernetes/"},"html":"This blog will help you get started on deploying your REST API in Kubernetes. First, we'll set up a local Kubernetes cluster, then create a simple API to deploy.
\nThere are already a lot of free resources available explaining basic Kubernetes concepts, so go check those out first if you haven't already. This blog is intended for beginners but assumes you already have a basic understanding of Kubernetes and Docker concepts.
\nThere's a couple options for running Kubernetes locally, with the most popular ones including minikube, k3s, kind, microk8s. In this guide, any of these will work, but we will be using k3s because of the lightweight installation.
\nInstall k3d, which is a utility for running k3s. k3s will be running in Docker, so make sure you have that installed as well. We used k3d v4.0 in this blog.
\ncurl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bashSet up a cluster named test:
\nk3d cluster create test -p "80:80@loadbalancer"Optionally, check that your kubeconfig got updated and the current context is correct:
\nkubectl config view\nkubectl config current-contextOptionally, confirm that k3s is running in Docker. There should be two containers up, one for k3s and the other for load balancing:
\ndocker psMake sure that all the pods are running. If they are stuck in pending status, it may be that there is not enough disk space on your machine. You can get more information by using the describe command:
\nkubectl get pods -A\nkubectl describe pods -AThere's a lot of kubectl commands you can try, so I recommend checking out the list of resources and being aware of their short names:
\nkubectl api-resourcesWe will create a simple API using Express.js.
\nSet up the project:
\nmkdir my-backend-api && cd my-backend-api\ntouch server.js\nnpm init\nnpm i express --save// server.js\nconst express = require("express");\nconst app = express();\n\napp.get("/user/:id", (req, res) => {\n const id = req.params.id;\n res.json({\n id,\n name: `John Doe #${id}`\n });\n});\n\napp.listen(80, () => {\n console.log("Server running on port 80");\n});Optionally, you can try running it if you have Node.js installed and test the endpoint /user/{id} with curl:
\nnode server.js\n\n// request:\ncurl http://localhost:80/user/123\n\n// response: {"id":"123","name":"John Doe #123"}Next, add a Dockerfile and .dockerignore:
\n// Dockerfile\nFROM node:12\n\nWORKDIR /usr/src/app\nCOPY package*.json ./\nRUN npm i\nCOPY . .\n\nEXPOSE 80\nCMD ["node", "server.js"]// .dockerignore\nnode_modulesThen, build the image and push it to the Docker Hub registry:
\ndocker build -t <YOUR_DOCKER_ID>/my-backend-api .\ndocker push <YOUR_DOCKER_ID>/my-backend-apiNow, we deploy the image to our local Kubernetes cluster. We use the default namespace.
\nCreate a deployment:
\nkubectl create deploy my-backend-api --image=andyy5/my-backend-apikubectl create -f deployment.yaml// deployment.yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: my-backend-api\n labels:\n app: my-backend-api\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: my-backend-api\n template:\n metadata:\n labels:\n app: my-backend-api\n spec:\n containers:\n - name: my-backend-api\n image: andyy5/my-backend-apiCreate a service:
\nkubectl expose deploy my-backend-api --type=ClusterIP --port=80kubectl create -f service.yaml// service.yaml\napiVersion: v1\nkind: Service\nmetadata:\n name: my-backend-api\n labels:\n app: my-backend-api\nspec:\n type: ClusterIP\n ports:\n - port: 80\n protocol: TCP\n targetPort: 80\n selector:\n app: my-backend-apiCheck that everything was created and the pod is running:
\nkubectl get deploy -A\nkubectl get svc -A\nkubectl get pods -AOnce the pod is running, the API is accessible within the cluster only. One quick way to verify the deployment from our localhost is by doing port forwarding:
\nkubectl port-forward my-backend-api-84bb9d79fc-m9ddn 3000:80curl http://localhost:3000/user/123To correctly manage external access to the services in a cluster, we need to use ingress. Close the port-forwarding and let's expose our API by creating an ingress resource.
\nCreate an Ingress resource with the following YAML file:
\nkubectl create -f ingress.yaml\nkubectl get ing -A// ingress.yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: my-backend-api\n annotations:\n ingress.kubernetes.io/ssl-redirect: "false"\nspec:\n rules:\n - http:\n paths:\n - path: /user/\n pathType: Prefix\n backend:\n service:\n name: my-backend-api\n port:\n number: 80curl http://localhost:80/user/123If you want to learn more on how to deploy using a managed Kubernetes service in the cloud, such as Google Kubernetes Engine, then check out the excellent guides on the official Kubernetes docs.
\n","frontmatter":{"date":"February 03, 2021","updated_date":null,"description":"Beginner guide on how to create and deploy a REST API in local Kubernetes.","title":"How to Deploy a REST API in Kubernetes","tags":["Kubernetes"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.492537313432836,"src":"/static/efa8ecb370a0a94f380c24981ede2913/ee604/cover.png","srcSet":"/static/efa8ecb370a0a94f380c24981ede2913/69585/cover.png 200w,\n/static/efa8ecb370a0a94f380c24981ede2913/497c6/cover.png 400w,\n/static/efa8ecb370a0a94f380c24981ede2913/ee604/cover.png 800w,\n/static/efa8ecb370a0a94f380c24981ede2913/f3583/cover.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Andy Yeung","github":null,"avatar":null}}}},{"node":{"excerpt":"E-commerce business is growing day by day as it saves time and cost for people traveling to meet or perform businesses in person. More…","fields":{"slug":"/engineering/electronic-identity-integration/"},"html":"E-commerce business is growing day by day as it saves time and cost for people traveling to meet or perform businesses in person. More people are conducting business online by creating accounts using email or phone verification. This has posed a challenge for everyone to identify the persons who we are claiming online. Online hackers have used false Identity to deceive or defraud someone else. Hence, Electronic Identity ( eID) provides a way for businesses to verify a person's identity online and reduce the chances of Identity Fraud.
\nElectronic identity is an electronic card or device with a unique identity number issued by either a government agency or some banks. A consumer needs to go to the government agency or some banks and show valid identity documents. After the document verification, an Electronic Identity is issued to the consumer. Examples of e-IDs are Danish NemID, Swedish BankID, and Dutch DigiD.
\nMost service providers such as financial institutions and insurance firms provide services online and are recognizing an opportunity in implementing eID due to strict Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
\neIDs are used to authenticate consumers online across multiple platforms and services. eIDs also allow the consumers to sign documents online, and the companies can trust the signature as the electronic identity is issued by the government or banks based on physical identity documents. This is fast, convenient, and secure for the consumers as they are saved from completing registration forms for multiple services. Hence, this increases the conversion for the businesses.
\nLoginRadius supports all the major industry federated SSO methods. Hence, you can integrate eID authentication with LoginRadius using some third application like Criipto, which supports the industry-standard SSO methods. Criipto allows the integration of an eID with the LoginRadius application using JWT SSO Login flow. Jason Web Token ( JWT) is a signed token that transfers the information from one service to another securely.
\nPlease see the following steps to register your LoginRadius app in your Criipto account.
\nAdd the following information:\n
Data Mapping:
\n\nIn C#, We have majorly two types of data types Value and Reference type. We can not assign a null value directly to the Value data type. In this case, C# 2.0 provides us the Nullable types to assign a value data type to null.
\nAs described above, The Nullable types used to assign the null value to the value data type. That means we can assign a null value directly to a variable of the value data type. We can declare null value using Nullable<T> where T is a type like an int, float, bool, etc.
Nullable types represent the Null value as well the actual range of that data type. Like the int data type can hold the value from -2147483648 to 2147483647 but a Nullable int can hold the value null and range from -2147483648 to 2147483647
There are two ways to declare Nullable types.
\nNullable<int> example;OR
\nint? Example;Nullable types have two properties.
\nHasValue: This property returns a bool value based on that if the Nullable variable has some value or not. If the variable has some value, then it will return true; otherwise, it will return false if it doesn’t have value or it’s null.
\nNullable<int> a = null;\nConsole.WriteLine(a.HasValue); // Print False\nNullable<int> b = 9;\nConsole.WriteLine(b.HasValue); // Print TrueValue: This property gives the value of the Nullable type variable. If the variable has some value, it will return the value; else, it will give the runtime InvalidOperationException exception when the variable value is null.
Nullable<int> a = null;\nConsole.WriteLine(a.Value); // Gives run time exception of type 'InvalidOperationException'Nullable<int> b = 9;\nConsole.WriteLine(b.Value); // Print 9GetValueOrDefault(): This method returns the actually assigned value of the Nullable type variable if the value is not null, and if the variable value is null, then it will give the default value of that data type. Here is the example code
\nNullable<int> a = 9;\nConsole.WriteLine(a.GetValueOrDefault()); // Returns 9Nullable<int> a = null;\nConsole.WriteLine(a.GetValueOrDefault()); // Returns 0To use the Nullable type as a local variable, it should be declared first; it will give a compile-time error. This rule is similar to the value data type.
\nint? b;\nConsole.WriteLine(b.Value); //Compile time error 'use of unassigned local variable b'If the Nullable variable is a property in a class and after that, if we are accessing that Nullable variable, then it will not give any error because, in the class variable, it is declared as null automatically.
class Test\n{\n public int? B;\n}\nclass Program\n{\n static void Main(string[] args)\n {\n Console.WriteLine(new Test().B); // No compile time error\n }\n}We can not assign the Nullable type variable value to the non-nullable type variable directly. As in the example below, if we try to assign the value, it will give the compile-time error.
\nint? a = 10;\nint b = a;//Compile time error `Cannot implicitly convert type 'int?' to 'int'. An explicit conversion exists (are you missing a cast?)`Note: We can use compare operators == and != operator with Nullable type variables and non Nullable type variables.
For the Nullable variable, we can use the null coalescing operator (??) to check if the variable value is null or not. Then we can assign the non-nullable type variable value according to that. This operator can be used when we are unsure that at run time if that Nullable variable's value is changed according to our logic or not. Here is an example of that
int? a=null;\nint b=a?? 10;\nConsole.WriteLine(b); // Prints 10In the above example, if the variable a value is null,, it will assign the value 10 to b variable. In that case, b is assigned with value 10, and the printed value will be 10.
\nIn this article, We have discussed the Nullable types, and it's properties and methods. The main advantage of using the Nullable types is that we can store the Null value in a column of a database using this type. If you want to learn more about C# here is an article written by me on How to Use Enum in C#
\n","frontmatter":{"date":"January 29, 2021","updated_date":null,"description":"Nullable is a term in C# that allows an extra value null to be owned by a form. We will learn in this article how to work with Nullable types in C#.","title":"How to Work with Nullable Types in C#","tags":["C#","Nullable"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/683771faa7dbd78039f0a89ea94ad469/14b42/coverimage.jpg","srcSet":"/static/683771faa7dbd78039f0a89ea94ad469/f836f/coverimage.jpg 200w,\n/static/683771faa7dbd78039f0a89ea94ad469/2244e/coverimage.jpg 400w,\n/static/683771faa7dbd78039f0a89ea94ad469/14b42/coverimage.jpg 800w,\n/static/683771faa7dbd78039f0a89ea94ad469/9842e/coverimage.jpg 900w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Hemant Manwani","github":"hemant404","avatar":null}}}},{"node":{"excerpt":"Malicious actors and security experts are in an endless battle over data. While the former wants to steal it, the latter seeks to protect it…","fields":{"slug":"/identity/7-web-app-sec-threats/"},"html":"Each year, attackers develop inventive web application security threats to compromise sensitive data and access their targets' database. Consequently, security experts build on the exploited vulnerabilities and strengthen their systems through their learnings every year.
\nThe aggregate frequency and cost of data breaches seem to be growing exponentially. This cost is high (approx. US$8.64 million in the US in 2020) because of developers' inability to incorporate the latest changes and updates into their code to overcome already detected vulnerabilities. Unintuitively, 96% of web apps have some known defects and anomalies.
\nTo ensure adequate safety against web application security threats, businesses should incorporate security consideration in the applications' development phase. Unfortunately, most developers tend to hold it off until the end.
\nA web app that is vulnerable to injection attacks accepts untrusted data from an input field without any proper sanitation. By typing code into an input field, the attacker can trick the server into interpreting it as a system command and thereby act as the attacker intended.
\nSome common injection attacks include SQL injections, Cross-Site Scripting, Email Header Injection, etc. These attacks could lead to unauthorized access to databases and exploitation of admin privileges.
\nHow to prevent:
\nBroken authentication is an umbrella term given to vulnerabilities wherein authentication and session management tokens are inadequately implemented.
\nThis improper implementation allows hackers to make claims over a legitimate user’s identity, access their sensitive data, and potentially exploit the designated ID privileges.
\nHow to prevent:
\nIt is an injection-based client-side attack. At its core, this attack involves injecting malicious code in a website application to execute them in the victims’ browsers eventually. Any application that doesn’t validate untrusted data adequately is vulnerable to such attacks.
\nSuccessful implementation results in theft of user session IDs, website defacing, and redirection to malicious sites (thereby allowing phishing attacks).
\nHow to prevent:
\n
\nMostly through manipulation of the URL, an attacker gains access to database items belonging to other users. For instance, the reference to a database object is exposed in the URL.
The vulnerability exists when someone can edit the URL to access other similar critical information (such as monthly salary slips) without additional authorization.
\nHow to prevent:
\n
\nAccording to OWASP top 10 2017, this is the most common web application security threats found across web applications. This vulnerability exists because developers and administrators “forget” to change some default settings such as default passwords, usernames, reference IDs, error messages, etc.
Given how easy it is to detect and exploit default settings that were initially placed to accommodate a simple user experience, the implications of such a vulnerability can be vast once the website is live: from admin privileges to complete database access.
\n\nHow to prevent:
\nPretty much every website redirects a user to other web pages. When the credibility of this redirection is not assessed, the website leaves itself vulnerable to such URL based attacks.
\nA malicious actor can redirect users to phishing sites or sites containing malware. Phishers search for this vulnerability extensively since it makes it easier for them to gain user trust.
\nHow to prevent:
\n
\nThe seventh web application security threats in this list is mostly similar to IDOR. The core differentiating factor between the two is that IDOR tends to give the attacker access to information in the database.
In contrast, Missing_ Function Level Access Control _allows the attacker access to special functions and features that should not be available to any typical user.
\nLike, IDOR, access to these functions can be gained through URL manipulation as well.
\nHow to prevent:
\nIdentity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.
\nWe’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.
\nThe goal? Having them spend less time searching and more time building.
\nLoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.
\nHere’s a closer look at what’s new and why it’s important:
\n
Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.
\nThe new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.
\nSo, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.
\n![\"This](\"/e5358b82be414940f3fb146013845933/capabilities.webp\")
We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:
\nThis structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.
\n![\"This](\"/a8c155c2b6faf3d5f4b4de4e2b14d763/developers-menu.webp\")
We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.
\nThe new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.
\n![\"This](\"/b2f9a964a2da0ea83e2f8596b833bba7/we-support-your-tech-stack.webp\")
Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.
\nOur platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.
\nCheck out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.
\nDo not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!
\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},"pageContext":{"limit":6,"skip":600,"currentPage":101,"type":"///","numPages":161,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}