Tag Archives: web development

Your Web App Secrets in ASP .NET Core

By Shahed C on November 4, 2018
17 Replies

This is the fifth of a new series of posts on ASP .NET Core. This week, we’ll be looking  at app secrets for ASP .NET Core projects, for use in development environments.

ASPNETCoreLogo-300x267

Protecting Application Secrets During Development

Most web apps need to store some configuration information that can be accessed by the application during runtime. This may include database connection strings and API keys, which are not user-specific confidential values, but are still sensitive pieces of information that need to be protected.

Once in a while, a developer may accidentally commit such sensitive information to public repositories such as Github. Quoting this blog post from the Azure website, “Keep in mind that removing a published secret does not address the risk of exposure. The secret may have been compromised, with or without your knowledge and is still exposed in Git History. For these reasons, the secret must be rotated and/or revoked immediately to avoid security risks.”

This blog post intends to prevent you from ever making that mistake in the first place. You may download the following sample project to follow along.

Web AppSecretDemo: https://github.com/shahedc/AppSecretDemo

Continue reading

Protocols in ASP .NET Core: HTTPS and HTTP/2

By Shahed C on October 28, 2018
6 Replies

This is the fourth of a new series of posts on ASP .NET Core. This week, we’ll be looking at the use of HTTPS in ASP .NET Core projects (using HTTP/1.1 today) and also HTTP/2 support for future ASP .NET Core projects.

ASPNETCoreLogo-300x267

HTTPS and SSL

If you’re reading this blog post, you’re probably familiar with HTTPS and the little lock symbol that appears on websites that have a valid SSL certificate. It’s actually TLS these days, and you can read more about SSL, TLS and HTTPS here:

Recently, the popular Google Chrome browser received an update that automatically displays a “Not Secure” message for any website that doesn’t use SSL. To address this, I updated this blog site to ensure that all embedded content use HTTPS when the site is loaded with HTTPS. I took it one step further and always enabled SSL so that site visitors going to WakeUpAndCode.com (with just HTTP) will be redirected to https://WakeUpAndCode.com.

This site is a WordPress site, so I was able to make the last change by installing a free plugin called Really Simple SSL.

If you’re not convinced you need SSL, just read this thread on Twitter:

EDIT: If you need another nudge in the right direction, here’s a gentle reminder from Troy Hunt, a well-known influential computer security expert in the Microsoft world. Troy highlights an anti-HTTPS debate that illustrates why it doesn’t make sense to be against it.

HTTPS in ASP .NET Core

For years, it has been too easy for ASP .NET developers to build Web Apps and Web APIs without any HTTPS during development. It wasn’t uncommon for web application developers to make excuses about not running their web apps with SSL on their local development environments, even if the application needed to be deployed to production with SSL (which production app doesn’t?).

Continue reading

Pages in ASP .NET Core: Razor, Blazor and MVC Views

By Shahed C on October 21, 2018
6 Replies

This is the third of a new series of posts on ASP .NET Core. This week, we’ll be looking at various types of Pages you may encounter in an ASP .NET Core web app:

  1. Razor Pages (new as of v2.0)
  2. the experimental Blazor (C# in the browser!)
  3. the more familiar MVC Views (aka Razor Views)

If you already know how to create each type of project, feel free to jump past section 3B below.

ASPNETCoreLogo-300x267

Before you begin

Before you begin, make sure you download an IDE or code editor to open and run the code samples. My recommendations are below:

A. Visual Studio Code: https://code.visualstudio.com

B. Visual Studio 2017 (v15.8 or later): https://visualstudio.microsoft.com/vs/

vs-logos

To get the latest SDK, download .NET Core v2.1 or higher:

Web .NET Core Download: https://www.microsoft.com/net/download

To use Blazor in Visual Studio 2017, you must install the ASP .NET Core Blazor Language Services extension from the Visual Studio Marketplace:

Web Blazor extension: https://marketplace.visualstudio.com/items?itemName=aspnet.blazor

The instructions below will cover both Command Line Interface (CLI) commands and IDE/editor steps to create, build and run the code samples.

Web Sample code: https://github.com/shahedc/PagesDemo

Continue reading

Microsoft Web Tour 2016 @ Reston VA

By Shahed C on January 28, 2016
Leave a reply

Register for FREE here: https://www.microsoftevents.com/profile/form/index.cfm?PKformID=0x834687628

Microsoft Web Tour 2016 @ Reston VA

webtourbanner

 

Starts: Wednesday, March 2, 2016 8:30 AM
Ends: Wednesday, March 2, 2016 5:00 PM
Time zone: (GMT-05:00) Eastern Time (US & Canada)
Welcome Time: 8:30 AM
Venue: Microsoft Office, Reston
Address: 12012 Sunset Hills Road, Reston Virginia 20190, United States
Meal: Yes
Presenter(s): Mostafa Elzoghbi, Shahed Chowdhuri,
Language(s): English.
Product(s): ASP.NET 5 (aka ASP.NET Core 1.0), Angular, Visual Studio 2015 and Visual Studio Code
Audience(s): Pro Dev/Programmer.

Continue reading