DAILY NEWS

Stay Ahead, Stay Informed – Every Day

Advertisement
TECH & AI
Cookie based authentication & authorization in ASP.NET Core explained
jackminion 0


Video – https://youtu.be/GhZLi8pBJow?si=mnIVpCke9OJBMFoJ

Services for Authentication and Authorization

Authentication Service

Maintains multiple authentication schemes
Uses Cookie handler to Build ClaimsPrincipal from cookie, set up request redirection for login, logout, access denial
Add cookie authentication service in DI container using the following

// Add Cookie Authentication service
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = “/Account/Login”; // Specify the path to the login page
options.AccessDeniedPath = “/Account/AccessDenied”; // Specify the path for access denied
options.ExpireTimeSpan = TimeSpan.FromMinutes(60); // Set the cookie expiration time
options.SlidingExpiration = true; // Enable sliding expiration
});

Enter fullscreen mode



Exit fullscreen mode

AddAuthentication adds the authentication service to DI container. It also specifies the default authentication scheme (Cookies) for authentication.
AddCookie provides a cookie authentication handler for the Cookies authentication scheme.

Authorization Service

Evaluates ClaimsPrincipal’s claims against authorization policies to determine if the request is authorized
Add authorization service in DI container using the following

builder.Services.AddAuthorization(options =>
{
// Define a rule named “AdminOnly”
options.AddPolicy(“AdminOnly”, policy =>
policy.RequireRole(“Admin”)
.RequireClaim(“EmployeeId”));
});

Enter fullscreen mode



Exit fullscreen mode

The above code adds a policy named AdminOnly along with default available authorization service policies

A Request’s Journey for cookie-based Authentication and Authorization in dotnet

Phase 1 – Authentication middleware (for Identification)

Authentication middleware identifies the visitor by extracting the ClaimsPrincipal from cookie and attaches it to HttpContext

Authenticaiton middleware is added to the request pipeline using the following

app.UseAuthentication();

Enter fullscreen mode



Exit fullscreen mode

Steps

Middleware asks the Authentication Service (configured via AddAuthentication) for a ClaimsPrincipal (user).
Authentication Service calls the Cookie Handler. It decrypts the cookie (using Data Protection Provider) and creates a ClaimsPrincipal
The created ClaimsPrincipal is attached to HttpContext.User. The request moves to the next middleware.

Phase 2: Authorization middleware (for Permissions check)

Authorization middleware evaluates the identified ClaimsPrincipal’s claims and redirects the request to login or denies the request if claims don’t meet the authorization requirements
Authorization middleware is added to the request pipeline using the following

app.UseAuthorization();

Enter fullscreen mode



Exit fullscreen mode

Steps

Authorization middleware checks the endpoint for attributes like (Authorize) or a specific policy (e.g., (Authorize(Policy = “AdminOnly”))).
Authorization middleware asks the Authorization Service (registered via AddAuthorization) to evaluate the ClaimsPrincipal’s claims against those rules.
Based on that evaluation, the system executes one of three paths:

Path A: User is Not Logged In (Challenge the request)

Condition: The authorization policy requires a user, but HttpContext.User is anonymous.
Action: The Authorization middleware triggers a Challenge by calling the ChallengeAsync method on the Authentication service.
Execution: Authentication service delegates the Challenge execution to Cookie Handler, which modifies HttpContext.Response for a 302 Redirect to LoginPath. The pipeline short-circuits.

Path B: User has Wrong Permissions (Forbid the request)

Condition: ClaimPrincipal is present, but the claims fail the requirements of authorization policies.
Action: The Authorization middleware triggers a Forbid by calling the ForbidAsync method on the Authentication service.
Execution: Authentication service delegates the Forbid execution to Cookie Handler, which modifies HttpContext.Response for a 302 Redirect to AccessDeniedPath. The pipeline short-circuits.

Path C: Access Granted

Condition: The user’s claims satisfy all requirements in the Authorization Service.
Execution: The middleware calls next(), allowing the request to reach next middleware (like controllers).

Setting logged in user in the cookie

The user will submit credentials in the login page
The user credentials will be verified from a database and ClaimsPrincipal will be created to represent the logged in user
HttpContext.SignInAsync uses Authentication service’s Cookie Handler to set the logged in user details (a ClaimsPrincipal) in the response cookie

await HttpContext.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);

Enter fullscreen mode



Exit fullscreen mode

Signout logged in user

await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);

Enter fullscreen mode



Exit fullscreen mode

HttpContext.SignOutAsync uses Authentication service’s Cookie Handler to expire the cookie that contains the logged in user details (a ClaimsPrincipal) and makes the HttpContext.User as anonymous

Access the ClaimsPrincipal (logged in user)

After the authentication middleware derives a valid ClaimsPrincipal from the cookie, it sets the user details (ClaimsPrincipal) in the HttpContext.User object
Hence

HttpContext.User?.Identity?.IsAuthenticated can be used to determine if a request is authenticated
HttpContext.User.Identity.Name can be used to determine the logged in user name



Source link

TECH & AI
Building a Translation Pipeline for International Contract Bidding
jackminion 0


If your company bids on international contracts, you’ve probably dealt with the translation bottleneck. Technical proposals need precise translation, certified documents have strict formatting requirements, and procurement deadlines don’t wait for anyone.

After seeing how UK public procurement translation requirements can make or break a bid, I’ve been thinking about how developers can build systems to streamline this process. Here’s how to approach translation workflows from a technical perspective.

The Real Problem: Document Workflows, Not Just Translation

Most companies treat translation as a last-minute service purchase. But international bidding is really a document pipeline problem:

Source documents change during proposal development
Different document types need different translation approaches
Version control becomes critical when translators work in parallel
Deadline tracking needs to account for translation time

Core Architecture: Translation-Aware Document Management

Start with a document management system that treats translation as a first-class workflow, not an afterthought.

Document Classification System

class DocumentType(Enum):
TECHNICAL_PROPOSAL = “technical” # Requires specialist translation
LEGAL_CERTIFICATE = “certified” # Needs certified translation
FINANCIAL_STATEMENT = “certified” # Needs certified + formatting
REFERENCE_LETTER = “standard” # Standard business translation
INTERNAL_MEMO = “none” # No translation needed

class Document:
def __init__(self, file_path, doc_type, target_languages):
self.file_path = file_path
self.doc_type = doc_type
self.target_languages = target_languages
self.translation_status = {}
self.version_hash = self.calculate_hash()

def needs_retranslation(self):
current_hash = self.calculate_hash()
return current_hash != self.version_hash

Enter fullscreen mode

Exit fullscreen mode

Translation Queue Management

Build a priority queue that factors in document dependencies and deadlines:

from datetime import datetime, timedelta
import heapq

class TranslationQueue:
def __init__(self):
self.queue = ()
self.translation_times = {
DocumentType.TECHNICAL_PROPOSAL: timedelta(days=5),
DocumentType.LEGAL_CERTIFICATE: timedelta(days=3),
DocumentType.FINANCIAL_STATEMENT: timedelta(days=2),
DocumentType.REFERENCE_LETTER: timedelta(days=1)
}

def add_document(self, document, deadline, priority=0):
translation_time = self.translation_times(document.doc_type)
latest_start = deadline – translation_time

# Priority: earlier deadline = higher priority (lower number)
priority_score = latest_start.timestamp() – priority * 86400

heapq.heappush(self.queue, (
priority_score,
document.file_path,
document
))

def get_next_batch(self, max_concurrent=3):
batch = ()
for _ in range(min(max_concurrent, len(self.queue))):
if self.queue:
_, _, document = heapq.heappop(self.queue)
batch.append(document)
return batch

Enter fullscreen mode

Exit fullscreen mode

Integration Points: APIs and Automation

Translation Service Integration

Most professional translation companies now offer APIs. Here’s a generic wrapper:

import requests
from typing import Dict, List

class TranslationServiceAPI:
def __init__(self, api_key: str, base_url: str):
self.api_key = api_key
self.base_url = base_url
self.headers = {
‘Authorization’: f’Bearer {api_key}’,
‘Content-Type’: ‘application/json’
}

def submit_document(self, document_path: str,
source_lang: str, target_lang: str,
service_level: str = “professional”) -> str:
“””
Submit document for translation
Returns: job_id for tracking
“””
with open(document_path, ‘rb’) as f:
files = {‘document’: f}
data = {
‘source_language’: source_lang,
‘target_language’: target_lang,
‘service_level’: service_level,
‘deadline’: self.calculate_deadline()
}

response = requests.post(
f”{self.base_url}/jobs”,
headers=self.headers,
data=data,
files=files
)

return response.json()(‘job_id’)

def check_status(self, job_id: str) -> Dict:
response = requests.get(
f”{self.base_url}/jobs/{job_id}”,
headers=self.headers
)
return response.json()

Enter fullscreen mode

Exit fullscreen mode

Document Change Detection

Monitor source documents for changes that require retranslation:

import hashlib
import os
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler

class DocumentChangeHandler(FileSystemEventHandler):
def __init__(self, translation_queue):
self.translation_queue = translation_queue
self.document_hashes = {}

def on_modified(self, event):
if event.is_directory:
return

file_path = event.src_path
if self.is_tracked_document(file_path):
current_hash = self.calculate_file_hash(file_path)
previous_hash = self.document_hashes.get(file_path)

if current_hash != previous_hash:
self.document_hashes(file_path) = current_hash
self.queue_for_retranslation(file_path)

def calculate_file_hash(self, file_path):
hasher = hashlib.md5()
with open(file_path, ‘rb’) as f:
for chunk in iter(lambda: f.read(4096), b””):
hasher.update(chunk)
return hasher.hexdigest()

Enter fullscreen mode

Exit fullscreen mode

Compliance and Quality Control

Automated Format Validation

Certain documents (like certified translations) have strict formatting requirements:

import re
from pathlib import Path

class CertifiedTranslationValidator:
def __init__(self):
self.required_elements = (
r”I hereby certify”,
r”qualified translator”,
r”accurate.*complete”,
r”\(Translator signature\)”,
r”\(Date\)”
)

def validate_certified_translation(self, file_path: str) -> List(str):
errors = ()
content = Path(file_path).read_text()

for pattern in self.required_elements:
if not re.search(pattern, content, re.IGNORECASE):
errors.append(f”Missing required element: {pattern}”)

# Check for proper formatting
if not self.has_proper_layout(content):
errors.append(“Document layout does not match certification requirements”)

return errors

def has_proper_layout(self, content: str) -> bool:
# Implementation depends on specific requirements
# Check margins, font sizes, signature placement, etc.
return True # Simplified for example

Enter fullscreen mode

Exit fullscreen mode

Monitoring and Alerts

Set up alerts for translation bottlenecks and deadline risks:

from datetime import datetime, timedelta
import smtplib
from email.mime.text import MIMEText

class TranslationMonitor:
def __init__(self, email_config):
self.email_config = email_config

def check_deadline_risks(self, translation_queue):
at_risk_jobs = ()
now = datetime.now()

for job in translation_queue.active_jobs:
time_remaining = job.deadline – now
estimated_completion = job.started_at + job.estimated_duration

if estimated_completion > job.deadline:
at_risk_jobs.append(job)

if at_risk_jobs:
self.send_alert(f”{len(at_risk_jobs)} translation jobs at risk of missing deadline”)

def send_alert(self, message):
msg = MIMEText(message)
msg(‘Subject’) = ‘Translation Pipeline Alert’
msg(‘From’) = self.email_config(‘from’)
msg(‘To’) = self.email_config(‘to’)

with smtplib.SMTP(self.email_config(‘smtp_server’)) as server:
server.send_message(msg)

Enter fullscreen mode

Exit fullscreen mode

Putting It Together

Here’s how these components work together in practice:

# Initialize the system
translation_queue = TranslationQueue()
api_client = TranslationServiceAPI(api_key, base_url)
monitor = TranslationMonitor(email_config)

# Set up file monitoring
event_handler = DocumentChangeHandler(translation_queue)
observer = Observer()
observer.schedule(event_handler, path=’./proposals’, recursive=True)
observer.start()

# Main processing loop
while True:
# Process translation queue
batch = translation_queue.get_next_batch()
for document in batch:
job_id = api_client.submit_document(
document.file_path,
document.source_lang,
document.target_lang
)
document.track_job(job_id)

# Check for completed translations
for job in active_jobs:
status = api_client.check_status(job.job_id)
if status(‘completed’):
download_and_validate_translation(job)

# Monitor deadlines
monitor.check_deadline_risks(translation_queue)

time.sleep(300) # Check every 5 minutes

Enter fullscreen mode

Exit fullscreen mode

Next Steps

This pipeline approach transforms translation from a manual bottleneck into a managed workflow. The key is treating it as a technical problem that requires proper tooling, not just a service you buy.

Start small: implement document classification and basic queue management first. Then add monitoring and API integration as your international bidding volume grows.

The goal isn’t to replace human translators but to give them better tools and clearer workflows. When deadline pressure hits, you want systems that work automatically, not spreadsheets that need manual updates.



Source link