Enforcing HTTPS only traffic with ASP.NET Core and Kestrel

In the early days of ASP.NET Core, Kestrel (the lightweight, open source web server) was fairly basic. And this was totally intentional! Kestrel provides a mechanism to spin up and run ASP.NET Core websites and APIs fast and efficiently with as little overhead as possible. This, combined with the other ASP.NET Core improvements (90% smaller HTTP requests etc) have contributed to ASP.NET Core's speed. Kestrel was great at its job but in some cases proved to be very basic. It's important to understand that Kestrel was never intended to run applications in production. Instead, the recommendation …[read more]


.NET Core authentication and authorisation using Auth0

I'm a big proponent of delegated authentication. It's no surprise that Broken Authentication is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C but this time I wanted to take Auth0 for a spin. In this post …[read more]


Using Azure Serverless to copy data from Service Bus to Azure Data Lake

Microsoft's serverless is continually improving with better stability and features. The out-of-the-box integration with many services makes serverless an appealing approach when it comes to solving a problem. I was recently asked by a customer to implement a solution that copies json data posted to a Service Bus Topic into an Azure DataLake in order to run offline analytics and reporting. At this point, I would have suggested using Azure EventGrid instead of Service Bus, since the solution needs to support multiple subscribers and it's a lot more lightweight. However, Service Bus Topics can also accommodate multiple subscribers and, besides, …[read more]


Configure and use User Secrets in .NET Core 2.0 Console apps in development

Managing sensitive information and secrets in config files is something we have to deal with on a daily basis. Unfortunately, this is also something that we still get wrong. In many cases, secrets spill from production to development and vice versa or we have to setup up obscure file transformations and processes to change said secrets as we move from one environment to another. .NET Core has introduced the notion of User Secrets which we can use to store application variables outside the application folder. The file that stores the secrets ends up in one of the following locations, depending …[read more]


Code Collaboration has a new name - Visual Studio Live Share

It's late(ish) at night, stuck in my hotel due to the Monster Storm Emma that's turned the UK into an icicle and I'm watching TED talks on my laptop when my good friend Brady Gaster, fellow geek/developer/etc, pings me on Skype with a question. He's got an ASP.NET Core question which I may be able to answer. At least that's what he thinks! So while he's getting ready to ask away I fire open StackOverflow, Google/Bing and https://docs.microsoft.com in hope that I will be able to figure out the answer before he …[read more]