Handling Combo Box Selection Change in ViewModel (WPF MVVM)

Windows Presentation Foundation offers various controls and one of the basic control is the combo box.

The combo box has various events such as DropDownOpened, DropDownClosed, SelectionChanged, GotFocus, etc.,.

In this blog, we will see how to handle the selectionchanged event of combo box which is inside grid using Model–View–Viewmodel (MVVM) pattern.

Create Model (Person):

Define a class Person as show below.

Create View Model:

Create a view model named MainWindowViewModel.cs

Create View:

Create a view named MainWindow.xaml.

In the above code, ‘Cities’ are defined in the view model and are not part of Persons class, the ItemsSource is defined as ItemsSource=”{Binding Path=DataContext.Cities,RelativeSource={RelativeSource FindAncestor, AncestorType = UserControl}}” which will take the data from viewmodel Cities property.

We need to import the namespace xmlns_i=”http://schemas.microsoft.com/expression/2010/interactivity”.

View Code behind:

Create view model field and instantiate the view model in the constructor of View Code behind file.


When we run the application, the grid will bind with the person details and city combo box will be bound with the cities list. Now we can change the city for the respective person and it will be handled by the CityChangeCommand in the view model class.

In this manner we can handle the combo box selection change event using MVVM pattern in WPF.

Introduction to SQL Server Integration Services (SSIS) – Part 1


In this blog, I will discuss SQL Server Integration Services (SSIS) and its components.

SQL Server Integration Services (SSIS)  is an ETL tool (Extract, Transform and Load) which is used for building enterprise-level data integration and data transformation solutions. Integration services help in developing solutions for complex business problems, as listed below:

  • Copying or downloading files
  • Sending e-mail messages in response to events
  • Updating DataWarehouses
  • Cleaning and mining data
  • Managing SQL server objects and data

Integration services can extract and transform data from a wide variety of sources such as XML data files, flat files, and relational data sources and then load data into one or more destinations. Integration services has rich set of built-in tasks and transformations, tools for constructing packages and the integration services service for running and managing packages.


A package is an organized collection of connections, control flow elements, data flow elements, event handlers, variables, parameters, and configurations which are assembled using either the graphical design tools that SQL Server Integration Services provides, or build programmatically. The package is the unit of work that is retrieved, executed and saved.

When we create a package it is an empty object that does nothing. The functionality is added to the package by adding control flow and one or more data flow to the package.

The following diagram shows a simple package that contains a control flow with a data flow task, which in turn contains a data flow.

After creating the package, the package functionality can be extended by adding advanced features like event handlers, logging, variables and configurations which will be explained in a while.

 Contents of a Package

In this section we will discuss the various contents of the package.

Tasks and Containers (Control Flow)

A control flow consists of one or more tasks and containers that execute when the package runs. The execution of the tasks can be controlled by precedence constraints that connects the tasks and containers in a package. A subset of tasks can be grouped together as a unit and can be executed repeatedly within the package control flow.

Data Sources and Destination (Data Flow)

A data flow consists of the sources and destinations that extract and load data, transformations that modify and extend data and the paths that link sources, transformations and destinations.

To add a data flow to a package, the package control flow must include a data flow task. The data flow task is the executable within the SSIS package that creates, orders and runs the data flow.

Connection Managers  (connections)

A package typically includes at least one connection manager. A connection manager is a link between package and data source that defines the connection strings for accessing the data that the tasks, transformations and event handlers in the package use. Integration Services includes connection types for data sources such as text and XML files, relational databases, and Analysis Services databases and projects.

Package Functionality Extension Objects

Event Handlers

An event handler is a work flow that runs in response to the events raised by a package, task or container. For example, if the package fails during execution, we can add a email task to send an email On Error event as seen in the below image.


A configuration is a set of property-value pairs that defines the properties of the package and its tasks, containers, variables, connections and event handlers when the package runs. Using configuration the properties can be updated without modifying the package. When the package is run, the configuration information is loaded, updating the values of properties.

Logging and Log Providers

A log is a collection of information that is collected when the package runs. A log can provide start and finish time of the package run. Integration services has several built-in log providers for logging.


Integration services supports system variables and user-defined variables. The package-level variables include the pre-defined system variables available to a package and the user-defined variables with package scope.

In my next blog, I will explain in detail, the process to create a package, control flow, and its components.

Security in Web API – Part 2

In my blog, `Security in Web API – Part 1’, we discussed how to create APIKeyHandler and AuthHandler. In this blog, we will see how to implement Authorization and execute Basic Authentication.


Authorization is verifying whether the authenticated user can perform a particular action or consume a particular resource. This happens after the authentication and before the controller action is executed.

ASP.NET MVC Web API provides an authorization filter called Authorize Attribute which verifies the request’s I Principal, checks its Identity.IsAuthenticated property, and returns a 401 Unauthorized HTTP status if the value is false and the requested action method will not be executed. The filter can be applied in different levels like the controller level or action level, and can be easily applied using the [Authorize] syntax on top of controllers or actions.

 public class EmployeeController : ApiController

Once the attribute is added, it will prevent all action methods in the controller from being accessed by unauthorized users.

The Basic Authentication handler will set the current user’s identity I Principal object, then before the request reaches the controller, Authorize Attribute verifies access to the particular controller/action for the current user.

Let’s create an HTTP request without proper credentials.

The access will be denied by the Authorize Attribute.

Now, let’s create another request with Authorization header key/value as follows.

Authorization : Basic dXNlcm5hbWU6cGFzc3dvcmQ=

The value dXNlcm5hbWU6cGFzc3dvcmQ= represents “username:password” in Base64 encoded form.

The request gets access rights to the controller/action as expected.

Action Level Authorization

We can also restrict access to only few actions in the controller by mentioning AuthorizeAttribute at the action level instead which allows to have both protected and unprotected actions in the same controller.

[AllowAnonymous] Attribute

When we set the [Authorize] attribute at the controller level and want to have unprotected action then we can set Allow Anonymous attribute for the action, this will make the [Authorize] attribute skipped for that action.

Custom Authorization Attribute

We can create our own custom authorization attribute depending on our needs. We can achieve this by extending Authorize Attribute  (i.e) derive a class with Authorize Attribute and override Is Authorized method .

In the below example we want to restrict access to our API Service to users who are within the particular range of IP address.

Once we derive the attribute we ca define the same at controller/action level as shown below.


To summarize, we have discussed the ways in which we can secure our Web API’s with Basic Authentication and Authorization.

Security in Web API – Part 1

Security has always been a major concern when we talk about enterprise-level applications. This is truer, when we talk about exposing our business through services.  However, if we develop Web API, we can secure some or all parts of an API Service so that only verified users can access the API service ensuring client security. This security in ASP.NET Web API can be achieved using the following authentication and authorization mechanisms.


Authentication is all about the identity of an end user. It is about validating the identity of a user who is accessing our system. The fact that he is authenticated enough to use our resources or not. By using the authentication mechanism, we make sure that every request has proper credentials, and received by the Web API service  from the actual client.

Authentication Using Message Handlers

A message handler is a class that receives an HTTP request and returns an HTTP response. Message handlers are derived classes from the abstract class HttpMessageHandler. They are good for cross-cutting concerns that operate at the level of HTTP messages (rather than controller actions). For example, a message handler might:

  • read or modify request headers
  • add a response header to responses
  • validate requests before they reach the controller

In a Web API, typically, a series of message handlers are chained together, forming a pattern called delegating handler.

The order in which these handlers are set up is important as they will be executed sequentially.

The most important handler sits at the very top, guarding everything that comes in. If the checks pass, it will pass this request down the chain to the next delegating handler, and so on.

If all goes well, it will then arrive at the API Controller and execute the desired action. However, if any of the checks fail within the handlers, then the request is denied and a response is sent to the client.

Now let’s write the code for the handlers. Create two message handlers APIKeyHandler and AuthHandler as shown below.

  1. APIKeyHandler: Handler responsible for intercepting an HTTP request and ensuring its header contains an API key.
  2. AuthHandler: Handler responsible for authenticating a user’s credentials and roles.

API Key Authentication

In the Web API project, create a folder called MessageHandlers and add a class APIKeyHandler.cs.

The APIKeyHandler.cs inherits from DelegatingHandler, which in turn inherits from HttpMessageHandler. In this override the SendAsync() method which looks for an API key (API_KEY) in the header of every HTTP request and control whether to allow this request to flow down the pipeline and passes the request to the controller only if a valid API key is present in the request header or else or halt the request by sending a custom response.

Now register the handler to our application in the Application_Start method in the Global.asax file.

GlobalConfiguration.Configuration.MessageHandlers.Add(new APIKeyHandler());

Now call any method that is exposed through the Web API controllers and we will see “Bad API Key” as response.

Let’s verify that the APIKeyHandler is working alright by creating an HTTP Request with correct headers. For that, create an HTTP header with key value:

“API_KEY” : “X-some-key”

In Mozilla browser plugin called “HTTP Tool” create HTTP request headers here.

The HTTP request is now passed all the way to the controller by the handler.

Once API key check handler is in place it secures the Web API to make sure only those clients who are provided with valid API keys can access this service. Next we will look at how we can implement security based on user roles.

Basic Authentication

Basic authentication is the most simple and basic form of authenticating HTTP requests. The client sends Base64-encoded credentials in the Authorize header on every HTTP request, and only if the credentials are verified does the API return the expected response. Basic authentication doesn’t require server-side session storage or implementation of cookies as every request is verified by the API.

For verifying user credentials, create an ‘IPrincipal’ object which represents the current security context.

Add a new folder called Security and a new class TestAPIPrincipal.cs in it.

The ‘IIdentity’ object associated with the principal has a property called ‘IsAuthenticated’. If the user is authenticated, this property will return true; otherwise, it will return false.

Create another handler called AuthHandler.cs.

The private method ValidateCredentials  checks for decoded username and password values from the HTTP request header, and the SendAsync method intercepts the HTTP request.

If the credentials of the client are valid, then the current IPrincipal object is attached to the current thread, i.e. Thread.CurrentPrincipal and set the HttpContext.Current.User to make the security context consistent which allows to access the current user’s details from anywhere in the application.

Once the request is authenticated, base.SendAsync is called to send the request to the inner handler. If the response contains an HTTP unauthorized header, the code injects a WwwAuthenticate header with the value Basic to inform the client that our service expects basic authentication.

Now register the handler in the Global.Asax class similar to ApiKeyHandler and Make sure that the AuthHandler handler is below the first handler registration to make sure of the right order.

GlobalConfiguration.Configuration.MessageHandlers.Add(new AuthHandler());

In the next part we will discuss how to implement authorization and basic authentication.