Articles tagged dotnetcore
How to Secure User Data in Azure Cosmos DB
Cosmos DB is a cloud database product from Microsoft that offers scalable and high-performance services. The core product runs on a proprietary NoSQL database that should look familiar to experienced MongoDB developers. Microsoft offers several APIs in addition to the core Cosmos DB API. These include APIs for: SQL MongoDB Gremlin Cassandra The shift to serverless database operations is one of the most obvious advantages of migrating. Cosmos DB can automatically scale your throughput based...
Secure Your .NET 6 Web API
.NET 6 is here and many of us are making preparations to update .NET 5 codebases to .NET 6. As part of this review, today you will learn how to implement the client credentials flow in ASP.NET Core Web API. What is the client credentials flow The client credentials flow is a server-to-server flow that allows applications to request resources on behalf of itself rather than a user. The client credentials flow requires the client...
Managing Multiple .NET Microservices with API Federation
For large enterprise companies, boundaries around each team are crucial for maintaining systems that are owned by software engineers. This is accomplished by allowing individual teams to own their systems and expose them via APIs. You also need to keep certain types of cross-cutting concerns centralized, like select security controls, logging, and routing. If you don’t, every API across different teams has to implement common controls like rate-limiting, logging, and authentication. This can lead to...
Comparison of Dependency Injection in .NET
Why you should care about dependency injection Dependency injection is a tried and proven design pattern for producing code that is testable, readable, and reusable. This is achieved by creating (or increasing) a separation of concerns, where each class has a dedicated area of responsibility. Dependency injection is just one design pattern used to achieve inversion of control in which the calling code, or client, has no knowledge of the inner workings of the dependency,...
Using Azure Cognitive Services in a .NET App
Azure Cognitive Services is a collection of cloud-based AI products from Microsoft Azure to add cognitive intelligence into your applications quickly. With Azure Cognitive Services, you can add AI capabilities using pre-trained models, so you don’t need machine learning or data science experience. Azure Cognitive Services has vision, speech, language, and decision-making services. In this article, you will learn how to use the Vision Face API to perform facial analysis in a .NET MVC application...
Secure Your .NET 5 Blazor Server App with MFA
Introduction to Server Blazor apps Blazor is an exciting new technology from Microsoft that will allow developers to bring C# to clients. Server and client components are written in the same language and can be used and re-used interchangeably. Blazor comes in two flavors, server and client apps. In this tutorial you will be working with Server Blazor apps, where the C# code is run on the server, and messages are exchanged using SignalR. I’ll...
How to Write Cleaner, Safer Code with SonarQube, Docker and .NET Core
When it comes to code quality and code security, SonarQube is your teammate! This analysis tool is pretty straightforward to use, especially with some help from Docker. In this post, I’ll show you how to run a Docker container with SonarQube to analyze the code of a simple ASP.NET Core 3.0 application. Code analysis is a critical component of app development because it can identify security issues and other tricky bugs that might be overlooked...
Web Forms Migration to Blazor in .NET Core
ASP.NET Web Forms framework has been the cornerstone technology of .Net for web development since the release of .Net Framework in 2002. ASP.NET Web Forms includes a layer of abstraction for developers so that you don’t need to care about HTML, JavaScript, or any other front-end technology. It provides a development flow similar to building desktop apps, a way for developers to build a web page by drag and drop, an event-driven programming model, and...
How to Toggle Functionality in C# with Feature Flags
Toggling functionality using feature flags in .NET Core apps is quite straightforward, especially with a neat little feature flag management service. In this post, I’ll walk you through how to build a simple web application using Okta for user authentication and how to use ConfigCat to manage and access feature flags. What Are Feature Flags? Feature flags (aka. feature toggles) are a relatively new software development technique that enables development teams to turn features on...
A Quick Guide to Elasticsearch for .NET
Implementing search functionality in your .NET Core apps doesn’t have to be hard! Using Elasticsearch makes it easy to develop fast, searchable apps. In this post, I’ll walk you through building a simple web application using Okta (for user authentication), Elastic Cloud (the official Elasticsearch hosting provider), and the fabulous Elasticsearch NEST SDK. Why Use Elasticsearch? Elasticsearch is an analytics and search engine based on the Apache Lucene library. It is developed in Java, following...
Update App Secrets with Jenkins CI and .NET Core
Introduction Jenkins is a free and open-source application that makes it easy to create CI/CD pipelines in almost any language or environment. Jenkins features a vast number of plugs to help create a CI/CD environment that is tailored to your technologies. In this application, you will create a .NET5 MVC web application and check it into a git repository. You will secure this application with Okta. Finally, you will set up a Jenkins project to...
Developer's Cheat Sheet for C# 9.0
Introduction to C# 9 (and a bit of C# 8, too) Let’s start with a background on how C# 9 got here (implementation examples start in the next section). The last few years in computer science, we’ve observed the rising popularity of the #FreeLunchOver concept. The idea is that CPU technology, based on electrical signals and Von Neumann architecture, has reached its intrinsic limits. As long as integrated circuits were slower than light, we knew...
How to Use WebAuthn in C#
Nowadays, using a password for authentication is becoming less and less secure. Password attacks are becoming more sophisticated, and data breaches occur more frequently. Have I Been Pwned, the website where you can check if your account has been compromised in a data breach, contains more than 10 billion accounts and more than 600 million passwords. With 62% of users reusing passwords, a successful attack on one of the websites gives the attacker access to...
How to Support .NET Core SameSite + OAuth Apps on Linux
Google’s recent approach to SameSite cookie attributes caused a bit of confusion among developers. Especially in cases where handling redirects is necessary. After doing some research in the topic I’d like this article to be a guide on how to handle SameSite cookie attributes properly in production. This guide can serve as the basis for deploying an application to any Linux based environment—such as AWS Elastic Beanstalk, Google Cloud App Engine—or any VPS Linux deployment....
How to Deploy Your .NET Core App to Google Cloud, AWS or Azure
There has been a cut-throat competition between cloud hosts in the past few years - each attempting to earn the sympathy of developers and dev-ops by rolling out shiny new tools, plugins, and integrations. There are a gazillion how-to tutorials and guides in the community on using these tools. Sometimes when looking for a solution, it is hard to find the newest and simplest way. I never know if an article written last year is...
Rider for C# - The Best Visual Studio Alternative IDE
When it comes to developing .NET apps, Visual Studio has historically been the default choice for .NET developers for two main reasons: Visual Studio is the official integrated development environment (IDE) from Microsoft, and There was no viable alternative to Visual Studio This all changed about three years ago when JetBrains, the company behind Resharper, one of the most popular Visual Studio extensions, released a new, cross-platform, and innovative IDE - Rider. The Rider IDE...
Install .NET Core Apps on Linux in 5 Minutes
As a big fan of open source, I’m loving the fact that .NET Core is cross-platform. It opens up endless possibilities, from hobby projects, experiments, and proofs of concept, to massive high-load production applications that run on cost-effective infrastructure with high security and scalability. I usually get the simplest and cheapest $5/month Ubuntu-based virtual private server (VPS) from any cloud platform provider instead of the more complex and expensive container instances or cloud computing services....
How to Authenticate with SAML in ASP.NET Core and C#
Security Assertion Markup Language, more commonly known as SAML, is an open standard for exchanging authentication and authorization data between parties. Most commonly these parties are an Identity Provider and a Service Provider. The primary use case for SAML has typically been to provide single sign-on (SSO) for users to applications within an enterprise/workforce environment. Up until the past few years, SAML was considered the industry standard—and proven workhorse—for passing an authenticated user into applications...
Deploy a .NET Container with Azure DevOps
When I began programming (in the ’80s), computers weren’t equipped with a network card by default. The internet was almost unknown and modems were slow and noisy. The software was installed from stacks of flexible floppy disks. Today, computing resources are virtual. The internet is vital and there is an URL for everything. We live in the *aaS (* as a Service) era, where if you want something, there is likely one or more something...
How to Build Securely with Blazor WebAssembly (WASM)
Last month I came out with a video tutorial on Blazor WebAssembly and I thought it would be good to follow up with a written tutorial as well. Youtube Link Because of the JS Interop, Blazor WASM has some key differences in the world of OAuth. Instead of thinking of this as a normal .NET back end application, you have to think of what Blazor resolves to in the browser - and that’s Javascript. Therefore,...
How to Adapt Your .NET App for SameSite
Have you run across an error message vaguely referencing SameSite in your .NET Apps? Read on, it’s time for a change to your code - and I’ll explain why. I like cookies, both the custard stuffed and the dry ones (which I use to dunk in my coffee or tea). This post is very much about cookies - only not the delicious, culinary ones. As in many other cases (think of the web, for example),...
How to Secure PII with Entity Framework Core
When the products we develop collect sensitive data, it’s essential to secure and safeguard it to protect user privacy and the user’s identity. Personally identifiable information (PII) is any data that can be used to identify a specific individual, such as name, email address, phone number, US Social Security number, birth date, and so on. Yet companies also need to store user-related data that is not as sensitive as PII. In this tutorial, you will...
Super Simple GraphQL Tutorial with C#
In today’s connected world, APIs are becoming an essential part of software and hardware companies. APIs allow companies to expose their services to third-party developers and integrate with other services. As more and more APIs are built and exposed to the internet, it is essential to secure them from unauthorized access. In this tutorial, you will learn how to build an ASP.NET Core 3.1 Web API using GraphQL and secure it with Okta. ASP.NET Core...
The Most Exciting Promise of .NET 5
It’s time to get jazzed about the future of the .NET ecosystem! It’s hard to believe that .NET only came out in 2002. There are so many versions of the framework, rapidly changing the places a C# developer could create and support. The entire ecosystem just turned 18, and it has been confusing at times with versioning. I fell in love with how powerful the platform was, but often, choosing to upgrade to the latest...
ASP.NET Core 3.0 MVC Secure Authentication
On September 23rd, Microsoft announced the third major release of its .NET Core framework. This new release boasts better performance, support for Windows Desktop apps, improved support for Docker containers, and more. Naturally, I was excited to see this new release and get authentication hooked into it with Okta! I put together this tutorial to demonstrate how to quickly and securely set up user management with Okta and OIDC (OpenID Connect) in an ASP.NET Core...
Build a Simple .NET Core App on Docker
Wouldn’t it be great if stuff just worked? Especially in the ever-changing world of software. Chasing dependency issues and debugging arcane operating system errors - not a good use of time. One important aspect of “stuff just works” – reliability. Recently, the software community has made strides in test-driven development and continuous integration processes to drive up quality, and of course, that improves reliability. But it can only go so far. Operating systems perform many...
5 Minute Serverless Functions in Azure without an IDE
Microsoft Azure makes it incredibly easy to get a basic API/microservice up and running quickly! If you are unfamiliar with building serverless architecture in the Microsoft ecosystem, using Azure Functions has become a quick way to get back-end code up and running that is easy to understand and usable for anyone. In this tutorial, we will set-up an API endpoint using the HTTP Trigger invocation that you can use with any front-end site. I use...
5 Reasons Why You Should Give Visual Studio for Mac Another Try
Visual Studio has not always been as user-friendly on the Mac as it is on a Windows machine. Lately, however, the stable release of VS for Mac is really starting to feel like a simple, but luxurious cousin to Visual Studio 2019. Different, but related. Installation on a Mac is quick, simple, and allows you to get into coding right away - whether you are already familiar or an Apple-only dev getting into something new...
The Top 5 DevOps Automation Tools .NET Developers Should Know
Not too long ago, deployments were done by hand - manually pushed to a physical server somewhere in a building your company owned. The software engineering world has come a long way since then, and we have more options than ever get our code and data live, automatically. Here are a few tools every C#/.NET developer should know that can help with that process, vetted by some of the best software leaders in the business....
Alexa, Sign In Every Time: Voice-Only Authentication Verification in .NET
Authentication for voice, specifically Amazon’s Alexa, has its limitations. The initial Account Linking process Amazon provides for identification works for many scenarios, but it is only done once (signing into the skill via the Alexa mobile app or website), and all subsequent sessions with the skill are linked - no log-in screen presented again. I’ve often been asked what the options are for verifying every time a user engages with an Alexa skill. For example;...
AWS Lambda vs Azure Functions for C# Serverless
As a C# developer, I became interested in how using a serverless function could complement existing projects I had done in ASP.NET 4.x. Enhancing ecosystems by using it for new requirements - without starting over from scratch - really had appeal. AWS Lambda came along first, with Azure Functions emerging onto the scene a couple of years later. In this post, we will briefly examine my experience getting started on both after using the .NET...
Visual Studio 2019 Tips and Tricks
Microsoft recently released the preview of Visual Studio 2019 for Windows, and it’s got lots of improvements and features! After reading the release notes, I reached out to Allison Buchholtz-Au and Kendra Havens on the Visual Studio team at Microsoft to get an idea of what features should be configured immediately after downloading and installing this shiny new IDE. After they showed me a couple of quick tips, VS 2019 started to feel like the...
Go for liftoff at Okta!
T-minus 3… 2… 1… I’m blasting my way into the Developer Relations world like Alice discovering Wonderland and its fantastic cast of characters. I am so curious, and excited, and all of the feels that come with coming to Okta! Officially stepping into the Developer Avocado (er… pardon me, Advocate) role and bringing the love of .NET, voice and IOT to the party. Who is this Lady Nerd? Well, for starters I am obsessed with...
Add Login to Your ASP.NET Core MVC App
One of the improvements in the latest version of ASP.NET Core (MVC ) is a new and simplified authentication integration. However, managing authentication on your own is still a considerable burden. Not only do you need to handle signup and login, but you also have to set up the database, manage security aspects of registration and login, and take care of session management. Since the integration of external auth providers has never been more comfortable,...
Build a SPA with ASP.NET Core 2.1, Stripe, and Angular 6
Buying things on the Internet has become a daily activity and is a feature many new projects require. In this tutorial, I will show you how to build an app to sell tickets using an Angular 6 single page app (SPA) using an ASP.NET Core 2.1 backend API. You’ll build both the Angular and ASP.NET Core applications and run them from within VS Code. Let’s get to it! Upgrade to Angular 6 I love to...
Upgrade your ASP.NET Core 2.1 App to Angular 6
With the release of ASP.NET Core, there are several templates in the DotNet CLI. One of those templates is an Angular template that scaffolds a single page application built with Angular and ASP.NET Core. The problem with that template is that it scaffolds an Angular 4.2.5 project and Angular released Angular 6 in May of 2018! In this post, not only will I show you how to build a base CRUD app with ASP.NET Core...
Build a Secure CRUD App with ASP.NET Core and React
These days it’s prevalent to have a “back-end” and a “front-end” allowing two (or more) teams to work on a project. Microsoft’s latest version of the ASP.NET Core framework is cross-platform and performant. Pairing it with the power and flexibility of Facebook’s React framework makes it a pretty stable platform. In this tutorial, I will show you how to build a secure CRUD (Create, Read, Update, and Delete) application using these two powerful technologies. When...
Deploy Your ASP.NET Core Application to Azure
One of the scariest features of Visual Studio is without a doubt right-click to publish. There are very few instances in which you’d actually want to make use of this “feature” and so many more in which it’s a terrible idea. In this post I’ll walk you through the right way to secure and deploy your new ASP.NET Core app to Azure. My method might not be as fast as right clicking to publish, but...