Enforcing HTTPS only traffic with ASP.NET Core and Kestrel

In the early days of ASP.NET Core, [Kestrel](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?tabs=aspnetcore2x" target="_blank) (the lightweight, open source web server) was fairly basic. And this was totally intentional! Kestrel provides a mechanism to spin up and run ASP.NET Core websites and APIs fast and efficiently with as little overhead as possible. This, combined with the other ASP.NET Core improvements (90% smaller HTTP requests etc) have contributed to ASP.NET Core's speed. Kestrel was great at its job but in some cases proved to be very basic. It's …[read more]

.NET Core authentication and authorisation using Auth0

I'm a big proponent of delegated authentication. It's no surprise that [Broken Authentication](https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication" target="_blank) is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C …[read more]

Using Azure Serverless to copy data from Service Bus to Azure Data Lake

Microsoft's serverless is continually improving with better stability and features. The out-of-the-box integration with many services makes serverless an appealing approach when it comes to solving a problem. I was recently asked by a customer to implement a solution that copies json data posted to a Service Bus Topic into an Azure DataLake in order to run offline analytics and reporting. At this point, I would have suggested using Azure EventGrid instead of Service Bus, since the solution needs to support multiple subscribers and it's a lot more lightweight. However, Service Bus Topics can also accommodate multiple subscribers and, besides, …[read more]

Using 'User Secrets' in .NET Core Console apps

Managing sensitive information and secrets in config files is something we all have to deal with on a daily basis. Unfortunately, this is also something that we still get wrong: a) config files with production secrets/keys b) source controll littered with secrets/keys c) obscure file transformations and processes to update secrets as we move from one environment to another. However, there are a few options available to us. For local development, NET Core has the notion of User Secrets which we can use to store sensitive information outside the application folder and away from source control. Azure Key …[read more]

Code Collaboration has a new name - Visual Studio Live Share

It's late(ish) at night, stuck in my hotel due to the Monster Storm Emma that's turned the UK into an icicle and I'm watching TED talks on my laptop when my good friend [Brady Gaster](https://twitter.com/bradygaster" target="_blank), fellow geek/developer/etc, pings me on Skype with a question. He's got an ASP.NET Core question which I may be able to answer. At least that's what he thinks! So while he's getting ready to ask away I fire open StackOverflow, Google/Bing and https://docs.microsoft.com in hope that I will be …[read more]

Keeping your Azure Search Index up-to-date with Azure Functions

Azure Search can work really well with Azure Blob Storage. It can automatically index and analyse documents uploaded to a Storage Container to make it easy for you to expose the data in your application. When working with Blob data, Azure Search is designed to incrementally add new documents automatically. However, where it gets really tricky is when blobs are deleted from storage. The index doesn't get updated automatically, so the data ends up in a stale state. There's a way to use a soft delete approach to indicate to an Azure Search data source that a document/blob should …[read more]

Restrict public access to your Azure Web Apps with the IPSecurityRestrictions option

This is a little unknown gem that I've used a few times as I help customers secure access to their Azure Web Apps.. Traditionally, if one wants to restrict access to a website running on a VM (i.e IaaS) then they can make use of Firewalls to ensure that everything goes through a single endpoint and access is restricted. However, as we move to the cloud and further up the stack (PaaS or FaaS) we give lose some of that tight control for the benefit of using a managed service! But what if you wanted to run your website …[read more]

Debugging C# (.NET Core) Azure Functions with VS Code

The [v2 release](https://blogs.msdn.microsoft.com/appserviceteam/2017/09/25/develop-azure-functions-on-any-platform/" target="_) of the Azure Function Core tools (i.e. the CLI) has been out for a while now. It may still be in preview while the team is finalizing the stability and performance of the tool, but it's really exciting because we now have a cross-platform tool based on .NET Core. You can download the latest Function Core tools from npm using the following command: npm i -g azure-functions-core-tools@core With the latest release of the Core tool you can develop, debug and run Azure …[read more]