ASP.NET Blog

In Visual Studio 2013 we have added a couple of small features for web publishing that I’d like to share with you. Those updates are; how to take your app offline during publishing and how you can update the default file compare option.

App offline support

In Visual Studio when you publish your web application we do not force the remote app to be stopped/restarted. Based on your publishing artifacts your site may end up being restarted (for example you change web.config) but Visual Studio never had a way to take your application offline during a publish operation.

There are a lot of reasons why you may want to take your app offline during publishing. For example you app has files locked which need to be updated, or you need to clear an in-memory cache for changes to take effect. We heard a good amount of feedback from ASP.NET users regarding the lack of this support on our uservoice site. From that suggestion we worked with the Web Deploy team to introduce a new AppOffline rule which enables this.

We also added support for this in Visual Studio 2013 as well. We have not yet created any specific UI for this feature but it’s very easy to enable. Since Visual Studio 2012 web publish profiles are stored as MSBuild files under Properties\PublishProfiles (My Project\PublishProfiles for VB). These files end with a .pubxml extension (not to be confused with .pubxml.user) and have the same name as the Publish Profile in Visual Studio.

Each of these publish profiles contain the settings for that publish profile. You can customize these files to modify the publish process. To enable this find the .pubxml file corresponding to the publish profile you’d like to update. Then add the following element in the PropertyGroup element.

<EnableMSDeployAppOffline>true</EnableMSDeployAppOffline>

So the resulting publish profile will look something like the following.

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <PropertyGroup>
    <EnableMSDeployAppOffline>true</EnableMSDeployAppOffline>
    <WebPublishMethod>MSDeploy</WebPublishMethod>
    <MSDeployServiceURL>(removed)</MSDeployServiceURL>
    <DeployIisAppPath>Default Web Site</DeployIisAppPath>
    <AllowUntrustedCertificate>True</AllowUntrustedCertificate>
    <SkipExtraFilesOnServer>True</SkipExtraFilesOnServer>
    <DeployAsIisApp>False</DeployAsIisApp>
    <MSDeployPublishMethod>WMSVC</MSDeployPublishMethod>
    <UserName>sayedha</UserName>
    <ExcludeApp_Data>False</ExcludeApp_Data>
    <_SavePWD>True</_SavePWD>
  </PropertyGroup>
</Project>

After that you can save and close the file. When you publish (either in Visual Studio or the command line) using that profile your app will be taken offline during publishing.

This feature was implemented as a direct result of your feedback so please keep letting us know how we can improve.

Use checksum support

Web Deploy has two methods of determining which files will be synced when a publish operation is performed.

Use file time stamps
Use the CRC (Cyclic Redundancy Check) checksum

By default Visual Studio uses the time stamps method. The reason for this is that there is a noticeable performance impact when using the CRC checksum.

In team scenarios, or on build servers, it may make sense for you to use the CRC method instead. Enabling this is very similar to the app offline support. Find the .pubxml file which is associated with your web project and add the following element under the PropertyGroup element.

<MSDeployUseChecksum>true</MSDeployUseChecksum>

After that when you publish using that profile (from Visual Studio or the command line) the CRC checksum method will be used instead of time stamps.

Other ways to apply these settings

If you would like to enable this for multiple project, or multiple profiles it may get a bit cumbersome to modify every .pubxml file. These properties are standard MSBuild properties so there are several different ways you can apply these settings. Below I’ve outlined a few different options, but if these don’t meet your needs there may be additional options.

Set these properties on the command line/build server

When you invoke msbuild.exe you can pass this property in as you would any other MSBuild property. Use the following syntax,

/p:EnableMSDeployAppOffline=true /p:MSDeployUseChecksum=true

Set these properties for every profile in a given project

In this post I suggested that you place the properties directly inside of the .pubxml file. Instead of this you can place this property directly inside your .csproj/.vbproj file. You should place the following PropertyGroup in your project file.

<PropertyGroup>
  <EnableMSDeployAppOffline>true</EnableMSDeployAppOffline>
  <MSDeployUseChecksum>true</MSDeployUseChecksum>
</PropertyGroup>

Note: This element should be above the Import for Microsoft.WebApplication.targets.

Set these properties for every project on a machine

If you have a build server (or your own dev box) that you’d like to apply these settings for every build you can create an environment variable with the name/value desired.

You can also use the CustomBeforeMicrosoftCommonTargets MSBuild property. I’ve blogged about how you can use this technique in the past.

Sayed Ibrahim Hashimi | http://msbuildbook.com | @SayedIHashimi

In the Azure SDK 2.2 we released remote debugging support for Windows Azure Cloud Services. You can read more about that release at Scott Guthrie’s blog post Windows Azure: Announcing release of Windows Azure SDK 2.2 (with lots of goodies). You can find more info on Windows Azure Web Sites diagnostics and debugging at our docs for Web Sites diagnostics and debugging as well.

When we released the Azure SDK 2.2 the server side support for remote debugging Windows Azure Web Sites was not yet in production. Because of this the command was not shown in Visual Studio. We have now published the server side support in Windows Azure Web Sites, and the feature is now automatically enabled in Visual Studio.

In this post you will find the download links required to try out the new features as well as more info about the support.

How to get the new features?

In order to remotely debug your site you will need to download and install the following.

· Any version of Visual Studio 2013 which supports remote debugging

· Azure SDK 2.2

After installing the Azure SDK 2.2 you will now see a new menu option, Attach Debugger, for your Azure Web Sites. In the image below you’ll find this new menu option.

Now let’s see how you can use this new feature.

Remote debugging walkthrough

For a new site running in Windows Azure Web Site you’ll need to follow the following steps to get your remote debugging session started.

1. Publish your site to Windows Azure Web Sites

2. Invoke the Attach Debugger menu option in Server Explorer

To have the best debugging experience you should publish your site using the Debug build configuration. You can configure this for your publish profile on the Settings tab of the Web Publish dialog. The drop down is shown in the following image.

After publishing your application you can use the Server Explorer in Visual Studio to access your web sites. If you haven’t already you may need to sign in to Windows Azure in Visual Studio. You can do this using the Connect to Windows Azure button on the Server Explorer. See the image below for that button.

After signing in you will see your Web Sites under the Windows Azure node in Server Explorer. Right click on the site that you would like to debug and select Attach Debugger. When this is invoked the remote debugging agent will be started on your web site, you site is restarted with the agent attached, your default browser will be opened to the URL of your site, and Visual Studio will attach the remote debugger. The first time you do this the delay will be about 20 seconds, but subsequent usages will attach much quicker. If you disable the remote debugger option in the portal you’ll experience the ~20 second delay again.

After that you can debug your remote site as you would your local project. You can step through code, set breakpoints, break on exceptions, evaluate expressions, and all the other goodness you are used to.

Note: currently the support here is designed for single instance sites. If you attach to a web site running multiple instances, you will attach to a random instance. In the future we may look at providing a better experience here, but we do not have any specific plans yet.

For more info on remote debugging Windows Azure Web Sites you can visit http://www.windowsazure.com/en-us/develop/net/tutorials/troubleshoot-web-sites-in-visual-studio/#remotedebug.

Remote debugging with Visual Studio 2012

You can also remotely debug your Windows Azure Web Site with Visual Studio 2012, but you’ll need to configure a few things manually for now. We are working to bring the same experience for remote debugging to Visual Studio 2012 but we are not there yet. For now you can use the steps below for Visual Studio 2012.

In the Windows Azure Management Portal, go to the Configure tab for your web site, and then scroll down to the Site Diagnostics section
Set Remote Debugging to On, and set Remote Debugging Visual Studio Version to 2012
In the Visual Studio Debug menu, click Attach to Process
In the Qualifier box, enter the URL for your web site, without the http:// prefix
Select Show processes from all users
When you're prompted for credentials, enter the user name and password that has permissions to publish the web site. To get these credentials, go to the Dashboard tab for your web site in the management portal and click Download the publish profile. Open the file in a text editor, and you'll find the user name and password after the first occurrences of userName= and userPWD=.
When the processes appear in the Available Processes table, select w3wp.exe, and then click Attach.
Open a browser to your site URL.

You might have to wait 20 seconds or so while Windows Azure sets up the server for debugging. This delay only happens the first time you run in debug mode on a web site. Subsequent times within the next 48 hours when you start debugging again there won't be a delay.

Please let us know what you think about this feature in the comments below.

Sayed Ibrahim Hashimi | http://msbuildbook.com | @SayedIHashimi

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup. The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week. Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered. This is your chance to ask about the why and what of ASP.NET! Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

Asp.Net Core is released! Go to https://dot.net and get it now! Everyone’s going on vacation because its DONE! No.. Not really, the team is at it planning and getting ready for the next features in the web framework.

The surprise inclusion in this release is a browser-based REPL (Read-Eval-Print-Loop) for .NET at https://www.microsoft.com/net From here, there’s a great set of tutorials and in-browser development experience for .NET. We’re jazzed about this new way to present and teach .NET concepts. You can now get started learning .NET without installing Visual Studio or and SDKs. Or even get started learning .NET WHILE you wait for Visual Studio to install.

This week, instead of answering piles of questions about 1.0 RTM, Damian shared a live upgrade experience of the live.asp.net website that hosts the Community Standup. It was a painless process and we’ll review some of the highlights of the changes Damian applied to the application.

Damian showed us a block of comments that he added to the bottom of the page to show some information about the environment that the application is running in.

environmentInfo

Scott made a point that running small web sites in the cloud, like Azure Web Applications, don’t need x64 processing and can run very nicely in smaller x86 processes.

Damian showed us the staging environment for the live.asp.net site and how he can detect whether the Azure deployment (code named kudu) deployed his application and what the Git SHA hash for that deployment is. You can see this code on lines 37-82 of the DeploymentEnvironment class in live.asp.net. This SHA will match up with the SHA listed in the commits for the application on GitHub:

In order to protect the Dev version of the source that Damian had last modified, he created a new branch in his local source repository by executing the command:

git checkout -b rtm

This creates a new branch using a technique called “feature branches” where new features or experiments on your source code is performed in a local space where it is isolated from current working code.

Damian then walked through the installed for the .NET Tooling Preview 2, as he has not applied the latest patch to the machine he was demonstrating from. To push his code to use the Preview 2 version of the dotnet command-line tool, Damian updated the global.json file to point to the new version of the tool:

Next, he updated project.json to reference the 1.0.0 version of his packages and the tools that were updated get pointed to a Preview 2 version:

There was a slight name change on one of the classes used for Authentication, the OpenIdConnectResponseTypes was renamed to drop the S on the end:

Finally, Damian applied an update for the system reflection information that we showed earlier as an output to his page:

With that change, Damian was able to run the application using the ASP.NET Core RTM. A complete diff of the changes Damian made can be found on GitHub at: https://github.com/aspnet/live.asp.net/commit/b94a26ad42a7763caf54f70a79b0c83b192a72ef#diff-274660eb4b1b1d963a330b471e10f41c

Damian and Scott went through the exercise of deploying the application to a Azure Web App staging slot. The deployment took some time due to retrieving and loading all of the dependencies from NuGet, npm, and a non-optimized compilation process.

Looking Forward

Next week, we’ll talk about our early thoughts for the roadmap including SignalR. There is a SignalR 2.2.1 servicing release for ASP.NET and the team will be starting on “SignalR Core”. Scott pointed out new updates to Visual Studio Code that automatically adds the C# extension and debugger if you don’t have that installed and are working with C# files. Next time, Scott suggested that the team reviews how to install daily builds of the SDK if you’d like to run with the absolute latest version of the tools.

(Note from Jeff: My apologies for the delay on this one)

This week’s meeting is below:

Community Links

Channel 9 has the video from RedHat DevNation where Scott announced the RTM of ASP.NET Core

Rick Strahl has an in-depth exploration of ASP.NET Core features and a getting-started deep-dive

Stephen Cleary shared his findings when working with .NET and .NET Core versions

Andrew Lock wrote about how to configure URLs for Kestrel and IIS Express in ASP.NET Core

Filip wrote some code for the WebAPIContrib project that enables web pages to be built with razor and served easily

Paul shared his experience upgrading a project to .NET Core 1 RTM

Michael walks through porting a .NET framework library to be compatible with .NET Core

Tomas Janczuk updated his EdgeJS project that allows you to host .NET Core applications inside of a nodeJS project.

Ben Cull wrote about using Entity Framework with class library projects. Damian gave us a friendly reminder that tooling that supports this type of activity is in preview.

Jonathan Channon showed us how to port OWIN middleware to ASP.NET Core

Dominic Baier updated his security samples for the RTM of ASP.NET Core

Martin Woodward shared some code that demonstrates how to PInvoke on Linux with .NET Core.

Travis wrote about Autofac and the process to update for RTM

The SignalR team is looking for feedback on their next release, SignalR 2.2.1

Damien updated his samples for using Angular2 with IdentityServer 4

The ASP.NET Monsters chatted with Mads Kristensen about the bundler-minifier

Tianxiang shared a sample that demonstrates how to use webpack and vue

Matias wrote some code to bundle and minify content for ASP.NET Core

Smidge is another option for bundling and minifying, and it has been updated to support RTM

Maxime has some middleware that writes content to disk so that your ASP.NET Core site gets written to disk as static HTML

Katacoda released a course that teaches you how to deploy ASP.NET Core as a docker container

Maher has decompiled the http://dot.net site to show how the tutorials work that the Microsoft team wrote

Adaptive shareed a couple of links that demonstrate an open-sourced real-time trading platform built on ASP.NET Core. This is a more complex sample to walk through. http://weareadaptive.com/2016/06/30/reactive-trader-cloud-net-core-series-intro/

Speeding up your ASP.NET Core Deployment to Azure

Damian did a review of the ASP.NET Core deployment that he demonstrated last week and showed how to improve the deployment process. Last week, it took approximately 12 minutes to deploy the application, and this was considered a “worst case” deployment because it delivered brand new content to the web server. In subsequent deployments, only the changes would be deployed, but it was still taking six to seven minutes.

Damian showed how there are two drives that support an Azure Web Application – a slow drive and a fast drive. The slow drive contains the code that persists to Azure blob storage across site restarts, machine moves, and deployments. The fast drive is local to the machine that hosts the application and is much faster. He then took us to the Kudu tooling console for his web application that lives at the https://YOURWEBAPPNAME.scm.azurewebsites.net. From this menu, he navigated to the Debug console and was presented with a console in the browser that he could use to test various elements of the deployment process.

The repository folder on the ‘slow drive’ is where the Kudu process places a copy of the source code that it will compile and deploy to IIS on the ‘fast drive’. The build scripts that Kudu uses to execute and build your application are found at: https://github.com/projectkudu/KuduScript/tree/master/lib/templates Kudu writes a log file to the site / deployments / SHA / log.log complete with timestamps so that you can measure and monitor a deployment.

Damian showed his work-around for this by moving his compile process from the ‘fast drive’ and he showed us the steps in that process. He started by navigating to the Application Settings in the Azure Portal for his web application and setting the environment variable “SCM_REPOSITORY_PATH” to a location under the d:\local folder, in his case he set it to d:\local\repository This instructs Kudu to clone the source of your project to the ‘fast drive’ and do the compilation and build work with the fast drive. The problem with this is that this compile location will be lost if you restart the web application or the application stops because Azure will deploy a new copy of the application to a new host location. You can click the button in the Azure portal to sync your source code and then redeploy the application.

This is just a work-around as the teams are working on improving the experience.

Questions

Question: What are the plans for packaging content in NuGet packages?

— The NuGet package spec now supports a contentFiles element that you can use for content. Check the NuGet blog post ‘ContentFiles Demystified‘ for more details.

Question: Is there a way to reduce the significant volume of packages that are referenced and added indirectly to my project when I reference netcoreapp in project.json?

— The default project model is a ‘portable project’ which does require and carry all packages for the framework with it. This happens because you are referencing netcoreapp with type ‘platform’. This portable model prevents packages the packages from being downloaded and these binaries from being written to your bin folder.

Question: Is there a way to change Azure Web Apps from using the folder structure “sites/wwwroot/wwwroot”

— You can change the configuration in Application Settings on the Azure portal, but we haven’t tested what happens with that

Question: Any update on making the ASP.NET Core Module OSS or stand-alone?

— If you are on a server where you just want the module installed, you can use the windows server installer with some command-line additions. More information about configuring IIS can be found in the ASP.NET Docs Open sourcing this module is on the roadmap.

Question: Any update on native compilation?

— No update currently… it is still under investigation

Question: Will NuGet’s package store global package folder location be available for use in other project models?

— Damian thinks this might be coming as part of the project.json -> csproj update. You can use this model now with project.json in other project types, and Oren Novotny has instructions on his blog about configuring other projects.

Question: When can we expect to see performance improvements on compile times?

— Its scheduled as part of the MSBuild work, and that’s where the team is currently focused.

Question: Are there any plans to bring in-memory compilation back?

— The features we demonstrated previously are still functioning, with compilations written to disk as files are changed, and in-memory compilation isn’t required to achieve the “change cs file and refresh the browser” feature. It is not as fast as it used to be, and the razor compilation is in-memory.

Question: Does the MSBuild process have a simple and straightforward way to publish packages from a class library?

— We expect the current features to still be available after the migration, we’re not entirely sure what shape that will take. More details will be shared as they are available.

This week’s meeting is below:

This week, Scott is coming to us from the DotNetFringe conference in Portland where they evidently placed him in a dark room. Jon Galloway couldn’t make it to the standup this week, so there are no links to share. Today’s guest is Steve Sanderson, a member of the ASP.NET team for the last 6 months or so and is a founder of the KnockoutJS project. He’s been investigating using JavaScript frameworks to help improve ASP.NET Core. Steve’s project is called ASP.NET JavaScript services and can be found on GitHub.

The project gives you a good starting point for building web applications using various JavaScript frameworks. In particular, there are yeoman templates available for Angular 2 Knockout, React, and React with Redux. You can acquire the templates in a shell with the command :

npm install -g yo generator-aspnetcore-spa

This will allow you to generate a base-project with the command:

yo aspnetcore-spa

Steve showed us the Angular 2 version of this template, walked through the structure and configuration of the Angular code working with ASP.NET Core. The template’s TypeScript is built and managed with WebPack and Steve showed us the advantages of this toolset combined with ASP.NET Core. Additionally, Steve enabled hot-module reloading within the configuration of the ASP.NET Core application and his application was updated live in the browser as TypeScript code was saved within his application.

Steve then showed us a second configuration option that uses NodeJS to precompile the JavaScript application that is then served by the Kestrel server as static content and without the Angular framework. This prerender configuration is enabled with an asp-prerender-module tag helper attribute, which Steve tells us is enabled by default in his project template.

Then Steve showed us the ReactJS enabled project template that comes with the Yeoman generator we installed above. The template outputs the same demo functionality and user-interface, except it was written with ReactJS and TypeScript. As a bonus feature to this sample, and a feature of React, this sample can persist its page state across browser state. This enables a great JavaScript development experience where you can edit content directly in the developer tools panel of the browser and the content panel will update appropriately.

Finally, Steve showed us the React-Redux template that was installed and how you can use the redux browser plugin to make debugging much easier with snapshots of your client-side application state made available in your browser.

Summary

Please download the JavaScript services and follow the instructions from the GitHub repository and let us know what you think. If you like this project, star it on GitHub and write about it on your own blog. Post your questions as issues in that GitHub repository and we’ll review them to determine how we should proceed with this work. Steve also has a great post introducing the project on his blog that you should check out. We would love to hear your thoughts about this approach in the space below, and we’ll be sure that Steve and his team see your comments.

This week’s meeting is below:

Jon Galloway is out and about, Hunter is off in Boston… but we do have a list of cool links for the week.

Community Links

Laurent shares his experience using Microsoft Azure with Docker Cloud

Filip announced that WebApiContrib is being migrated to ASP.NET Core

Steve Desmond recorded a speedrun of his upgrade from RC2 to ASP.NET Core RTM

Muhammed shared some ideas about fluent interfaces in ASP.NET Core

Julie Lerman’s presentation from .NET Fringe about using ASP.NET Core and Entity Framework Core on a Mac is now available

ASP.NET Monsters talk about ViewComponents on their latest episode

Dominic wrote about the progress with IdentityServer

Jonathan published an article about doing all of his .NET work on a Mac with VSCode

Jerrie Pelser wrote about using roles with JWT Middleware … and also covered using parameters with OpenID

Luca wrote about using TypeScript in Visual Studio

Unobtrusive client-side validation in Angular is demonstrated in a project on GitHub

A GitHub project from SuperLloyd was published that supports serialization in .NET Core

The ASP.NET Monsters have launched a contest called ‘The Summer of Config’

The Roadmap

Scott and Damian spent some time reviewing the .NET Core roadmap that was posted to the .NET Blog. Damian made it clear that not all components are going to be updated on each release because the framework is composed of many components and not all of them are effected.

Scott asked if the changes to support enhancing the ASP.NET Core build and publish process for performance are coming in the next release. Damian pointed out that the investigation is underway and that a number of the components that will help this process are coming in the very near future.

After some review of the features described on the roadmap, Damian highlighted that SignalR planning has started. There is an open issue on the SignalR repository for planning that discusses the current features under consideration. The other ASP.NET facet that is being explored is bringing ASP.NET Web Pages to ASP.NET Core, tentatively called ‘MVC View Pages’ due to their View-only architecture. The issue tracking planning for that featureset is in the MVC issues list. A prototype is under construction to support the goals outlined for View Pages.

The Raspberry Pi demo previously shared on the standup is a scenario that the team wants to enable with the next release. This lead the team to discuss the use of the term ‘support’, and in this case its being used to refer to “a possible configuration that you are not prevented from using” and NOT “call Microsoft paid support services for instructions”. Similarly the team is working on enabling Alpine Linux to be usable with .NET Core.

The rest of the details on the roadmap are on the .NET Blog.

This week’s meeting is below:

This week, Jon Galloway actually IS on vacation, and Damian is wrapped up in important meetings. Scott was joined this week by Maria Naggaga from New York City to talk about training and learning about ASP.NET Core from Code Schools. While Maria’s twitter account is @LadyNaggaga, she needed to clarify for some of the live viewers that in fact, she is not the pop singer Lady Gaga.

Maria pointed out that many code schools are being attended by teachers who are looking to start bringing programming and technology to their classrooms to augment the K-12 teaching curriculum. Also, there are teachers attending code schools to change careers.

In years past, it was common for developers to read a book or take a class and then take a certification test to be designated a “Certified Developer” in a programming language or discipline. With the code schools or bootcamps, its typical to attend class for a 40-hour week over 2-4 months (perhaps even a year) and have a portfolio of applications built and interviews setup to connect you with a future employer.

Scott and Maria reviewed a few online schools and talked about them:

CodeSchool – is a service from Pluralsight that offers interactive in-browser coding, quizzes, and easy learning that can be completed over a few days. CodeSchool now has a .NET course available for free to the public
Learn How to Program.com from Epicodus is a series of online tutorials in different topics, and they have C# as well as ASP.NET courses available.
Maria is also working with CodingDojo to help build a course that is scheduled to be released in September
Scott shared his ASP.NET Core Workshop source on GitHub that you can download and walk through. We plan to assemble the various workshops Microsoft is creating so that there is one cohesive learning experience that can be completed on Visual Studio Code or Visual Studio 2015.

Maria also shared EDX, which is an online marketplace of courses on many topics and we plan to get ASP.NET Core content into their catalog.

Questions

Question: Is Microsoft planning to do more Virtual Academy courses?

— Yes, we are planning several of these for ASP.NET Core in September

Question: Is there a writeup on getting ASP.NET Core running with Mono on Raspberry Pi 2?

— We did have it running in earlier builds, but we are still working on getting ASP.NET Core running on a Pi.

Question: Will ASP.NET Core work on Apache some day?

— Configure your Apache server to reverse proxy requests to Kestrel. We’ll write up a blog post on this topic soon.

Question: Continuous deployment from GitHub to Azure, does this work?

— Yes, we are working on this now. Damian has some updates to the deployment script that are being integrated and it should be faster.

This week’s meeting is below:

The team is back home after a week in Sydney presenting and teaching workshops about ASP.NET. They would like to know: what do you think this show is missing? We hear from you about watching this show, but want to know what it needs to improve. Give us your feedback in the discussion area below.

Community Links

We’re answering your questions that you post on Gitter

Steve Smith wrote an article in MSDN Magazine discussing when to use Middleware and when to use Filters

Khalid Abuhakmeh published an article about using Semantic UI with ASP.NET Core instead of using Bootstrap

He also shared an article about Strongly Typed Configuration Settings in ASP.NET Core

John Callaway shared some insight about Generic Repositories and Dependency Injection

Tore published some code on GitHub called Netling that helps with stress testing web applications

Steve Gordon wrote about updating the AllReady project to Entity Framework 1.0 RTM

Chris Myers wrote about Debugging Dockerized .NET Core Apps with Visual Studio Code

Eric Fisher has two articles on the CodeSchool blog about getting started developing with ASP.NET

Bobby Johnson has a post about Learning C# on windows, osx, or linux with .NET Core koans.

Radu Matei wrote an article with an Introduction to the ASP.NET Core MVC API

Swamininathan Vetri published a how-to article about Running your first ASP.NET Core Web API on a Mac

Accomplishments / Planning

The ASP.NET team is working on the next release of the framework, as detailed on the last roadmap blog post. Some of the things in progress include:

MVC View Pages now has a functional prototype that Damian is reviewing
There is a functional prototype for Razor precompilation
The Dependency Injection system is being improved with the help of some of the container authors feedback
Docker and containers are being worked on to improve the experience and make the development process really enjoyable
The release and versioning strategy is being addressed so that there is a nice predictable cadence. There was a blog post on the .NET blog discussing the support strategy.
Response Caching middleware work has started, as one of the team members is assigned to this task
The URL Rewriting Middleware is functional now
View Components as TagHelpers is still ongoing

Questions and Answers

Question: Is there an update on the next version of the ASP.NET Core tools?

— No announcements on that during the video, they will be conveyed on the blog first

Question: What’s the status of the request validation built in to IIS?

— No status, this is the first we’ve heard of a request on this. We’re interested in this type of thing, and it could get onto our roadmap.

Question: Can you write up how to do port-forwarding and configuration with Apache?

— We do have nginx instructions available, and we have some documents started on HAProxy.

Question: Any news on the JavaScript Services from a few weeks ago?

— We’re still collecting feedback on the GitHub repo. Keep an eye open there for more details as that project progresses.

Question: Is there a way to load XML configuration files of the older “app.config” format in ASP.NET Core?

— With a standard .NET “app.config” if you compile with the full framework, you should be able to continue to use the System.Configuration.ConfigurationManager API.

Question: What are the latest benchmark numbers for Kestrel internally?

— On the big-iron servers, we’re well over 5 million requests per second. We’re starting to look at the other benchmarks like the database enabled tests, and we’ll be working through those efforts. The numbers on the readme of the benchmarks repository are current based on the machines in the development team’s lab, which is smaller than the big-iron performance lab.

Question: How are we doing with the conversion of NuGet packages to support Core?

— Its ongoing, more of a community process and the teams are supporting those library owners who need help getting unblocked to complete their conversions.

Question: How is the Azure deployment update going?

— Its ongoing. The Kudu deployments occur on the durable, but much slower drive. There are some tunings that are being applied to NuGet 3.5, the .NET CLI, and the Kudu deployment strategy that are resulting in a significantly faster deployment time.

Question: Is there any news about the project.json migration?

— No news to report on this, as we have updates ready for this they will be published on the blog.

Question: How should I build on my continuous integration server when I have a mix of xproj and csproj files?

— Use MSBuild

Question: Is there new documentation for token authorization?

— In the short-term, use identity server. Longer term, we’re working on a solution that’s in the box.

The team will be back on Tuesday the 16th to discuss the latest updates on ASP.NET.

This week’s meet

This week the team went over community blogs, the search for the ultimate laptop, and the Razor Pages / MVC View Pages prototype.

Razor Pages Prototype

This week Damian shares the Razor Pages (also called MVC View Pages) prototype that the team has been working on. To learn more about the projects goals and features checkout the MVC View Pages issue #494 on the aspnet/mvc repo.
If you are eager to start playing around with Razor Pages you can get started at the aspnet/RazorPages repo. We (ASP.NET team) are looking forward to your feedback and seeing what you have built.

Community Links

Marek Böttcher published an article on Localization with ASP.NET Core(Post in English)

Talking Dotnet published an article on how to add swagger to ASP.NET Core Web API.

Khalid Abuhakmeh published an article on ASP.NET Core’s IApplicationLifetime.

Khalid Abuhakmeh published an article on running Jekyll on Kestrel and ASP.NET Core.

Jerrie Pelser published an article on Authenticating a user with LinkedIn in ASP.NET Core.

Shayne Boyer wrote a tutorial on the docs.asp.net page on ASP.NET Web API help pages using swagger .

Andrew Lock published an article on exploring the cookie authentication middleware in ASP.NET Core.

Hisham published an article on Razor pages for ASP.NET Core. Please note that razor pages are still a prototype an in early stages.

Hisham published and article on creating configurable error pages in ASP.NET Core.

Lohith from Telerik published an article on using Kendo UI Core in ASP.NET MVC Core.

Matthew Abbott published an article on building .NET Core apps using Bamboo and Cake.

Marius Schulz published an article on simulating Latency in ASP.NET Core.

Simon Timms from the ASP.NET Monsters published an article on getting Nginix up and running on Ubuntu box with SSL and HTTP2.

Filip W published and article on Request.IsLocal in ASP.NET Core.

It’s with a great deal of pleasure that I can announce an on-going bug bounty for .NET Core and ASP.NET Core, our cross platform runtime and web stack.

During the RC1 and RC2 bounty periods we received quite a few interesting, intriguing and even puzzling bugs which we’ve addressed. The RC 1 bounty included one report which prompted an entire rewrite of a feature to make it easier for developers to use successfully.

Nothing makes me happier than being able to reward and recognize security researchers for their hard work in discovering and reporting these bugs and I look forward to continuing working with and compensating researchers for their efforts. The entire team recognizes the value of bug bounties and we view them as having two great values, it’s both the right thing to do for our customers and the right thing to do for the security researcher community.

The bounty includes both the Windows and Linux versions of .NET Core and ASP.NET Core, and includes Kestrel, our new web server. It encompasses the current release version, and the latest supported beta, or release candidate of any future versions.

https://dot.net/core has instructions on how to install .NET Core on Windows, Linux and OS X. Windows researchers can use Visual Studio 2015, including the free Visual Studio 2015 Community Edition. The source for .NET Core can be found on GitHub at https://github.com/dotnet/corefx. The source for ASP.NET Core can be found on GitHub at https://github.com/aspnet.

We encourage you to read the MSRC announcement which has a link to the program terms and FAQs before beginning your research or reporting a vulnerability. We would also like to applaud and issue a hearty and grateful thanks to everyone in the community who has reported issues in .NET and ASP.NET in the past. We look forward to rewarding you in the future as we take .NET and ASP.NET cross platform.

Further information on all Microsoft Bug Bounty programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

This week’s meeting is below:

Today Crystal Qian and Justin Kotalik, interns with the ASP.NET Core team for the past 12 weeks joined the standup to talk about their experience and to demonstrate some of the cool stuff they’ve been working on with the team. But first…

Community Links

Radu Matei shows how to register a list of services from a JSON file – handy for testing or runtime DI configuration.

Jon Hilton continues a series on building a .NET Core application completely from the command line with a look at publishing.

Andrew Lock shows how to set the hosting environment for ASP.NET Core from Visual Studio, Visual Studio Code, operating system settings, and command line.

Dmitry Sikorsky introduces Platformus CMS, a new CMS written on ASP.NET Core and ExtCore.

Nice, thorough walkthrough by Bipin Joshi explaining how to configure ASP.NET Core Identity.

Damien Bowden shows how to log to Elasticsearch from an ASP.NET Core application using NLog.

Muhammad Rehan Saeed explains NGINX principles and configuration in the context of ASP.NET Core deployment.

Taiseer Joudeh begins a series explaining how he used Azure Active Directory B2C in a large web / service / mobile application, including ASP.NET Web API 2 and ASP.NET MVC.

Benjamin Fistein demonstrates how the Peachpie compiler can be used to compile PHP applications and run them in an ASP.NET Core application.

Anuraj Parameswaran shows how to configure NancyFx in an empty ASP.NET Core application.

Andrew Lock takes a look at how JWT Bearer Auth Middleware is implemented in ASP.NET Core as a means to understanding authentication in the framework in general.

Bill Boga points out an important gotcha if you’re writing middleware that modifies the response content.

Damien Bowden shows how to use MySQL with ASP.NET Core and EF Core.

Nicolas Bello Camilletti explains the components included in JavaScriptServices.

Mads Kristensen announces a new project template pack for ASP.NET Core applications.

Donovan Brown points out an important environment variable to speed up .NET Core installation on build servers.

Bill Boga shows off a configuration provider for GPS location tracking. Fun post, and great way to learn about configuration providers.

Damien Bowden shows how to implement undo, redo functionality in an ASP.NET Core application using EF and SQL Server.

Maher Jendoubi explores upcoming changes to DI integration in ASP.NET Core 1.1, showing how some popular 3rd party continers will be registered.

Scott Allen shows how he’s been creating extension methods to move code out of his Startup.cs.

Hisham Bin Ateya shows how to use custom middleware to prevent external sites from displaying your site’s images.

Norm Johanson announces ASP.NET Core support on AWS Elastic Beanstalk and the AWS Toolkit for Visual Studio.

Chris Sells describes the existing support for ASP.NET in Google Cloud Platform and lays out the plans for future ASP.NET Core support.

Here’s a useful library from Federico Daniel Colombo that makes it easy to add auditing to your ASP.NET applications.

Intern Accomplishments

Justin lead off by showing his work on writing a URL rewrite middleware module for ASP.NET Core. He found that there are three common approaches that are used to rewrite URLs:

Syntax from Apache mod-rewrite
Syntax from the IIS rewrite module
Translate using regular expressions to identify and replace content in the URL

You can find his work on GitHub at https://github.com/aspnet/BasicMiddleware/tree/dev/src/Microsoft.AspNetCore.Rewrite

Crystal then showed her work in making ViewComponents into TagHelpers. She demonstrated an initial ViewComponent that turned a photo of our program manager Dan Roth into an ANSI image. Along the way, she showed the shortcomings of using a ViewComponent such as a lack of intellisense and parameter hints. With a Crystal’s enhancement, you can reference your ViewComponents using a tag with a “vc” namespace and translated to lower-kabob case.

You can track Crystal’s work as part of addressing MVC issue 1051.

The work featured in this video will be shipping with the next release version of ASP.NET Core.

This week’s meeting is below:

Glenn Condron joined us this week, and showed us some improvements the team has made to the .NET Docker containers.

Community Links

Talking .NET published a post about integrating HangFire with Web API.

Andrew Lock had two posts for us: the first is about OpenID Connect in ASP.NET Core and the second is about the POST-REDIRECT-GET web application technique.

Shawn Wildermuth has a series about ‘What I learned while building with ASP.NET Core” and this week he’s covering routing.

Eric Anderson wrote a post about troubleshooting an issue with some code that he copied from one machine to another got an error starting dotnet.exe

Hisham shared two posts: one about routing and localization and a second about chart controls with a tag helper.

Scott interjected and pointed out that the taghelpers + clean JavaScript library experience in ASP.NET Core is really nice and that more web developers should check out these tools.

Stefan Prodan published a post about doing continuous deployment with Docker Hub.

Amjad published a cool article showing nine different docker .NET application templates.

Steve Smith wrote an article for MSDN Magazine discussing feature slices for ASP.NET Core MVC. You can read it online or in the print edition.

Barry Dorrans announced that the ASP.NET Core bug bounty has been extended.

Jon Hilton wrote about using MediatR to extend your app with notifications

Some guy named Scott wrote about using ASP.NET Core on low price Linux hosting providers.

Brock Allen announced IdentityServer 4RC1 availability with compatibility for ASP.NET Core

Christos Sakells has been updating a sample application on GitHub that uses ASP.NET Core, TypeScript and Angular 2

Jerrie Pelser has launched a course that demonstrates how to build a contact list application with ASP.NET Core

James South published an article showing how to use .NET Core for image processing

Donovan Brown wrote a post about using the outputName property in the buildOptions element in project.json

The latest updates for log4net show that they are working on support for .NET Core

Simon Timms wrote an article about how to properly use HttpClient in .NET Core.

Accomplishments – Docker Discussion

Glenn announced that the team intends to publish a new ASP.NET Core specific container image. Currently the image is not ASP.NET specific but relates to .NET only and ASP.NET Core runs very well on the dotnet image. We think that there are some optimizations that can be made for an ASP.NET Core specific deployment that the community will find very valuable.

The new documentation about building .NET Docker images was just published and Glenn shared the link to the online version of this at: https://docs.microsoft.com/en-us/dotnet/articles/core/docker/building-net-docker-images

From the Microsoft/dotnet images page on the Docker Hub, Glenn showed us the differences between the various images available.

Current .NET Docker Images

While it may look scary with a bunch of versions listed, they each have their own proper place. The Development images are for various versions of the .NET Core framework and provide full compile capabilities from within the image. The Runtime images are images that have the minimum software required to run your application after it has been compiled.

When you refer to the microsoft/dotnet image, you are presented with the most wide-ranging image that covers most scenarios. You can further optimize by using the microsoft/dotnet:<VERSION>-core image that contains the runtime, the OS dependencies, the dotnet executable, and enough to run your application. You can view the commands that were used to build the docker image by executing the docker history command, and you will see results similar to the following:

You can then clearly see, starting from the bottom of the list and working up, the commands that were added to build up the image. There is a no-trunc switch that you can add to this command in order to prevent the ‘CREATED BY’ column from being truncated so that you can read the entire command executed.

Glenn then showed us that building a simple Hello World console app and running it in the dotnet:core image without the compiler and SDK results in a 253MB image. The same application built with the dotnet image that does have the SDK embedded creates a 540MB image, almost twice as large. It should be noted, that your application will be much larger than a ‘Hello World’ console application, and these size measurements are a minimum number that your application will start at.

By comparison, we measured the size of some common language docker images and built the default ASP.NET Core web template into an image and compared their image sizes:

In reality, the sizes of these images are not a significant problem once the image is deployed to a server running docker. When a container is running, every instance shares the cost of the image and only needs disk space to manage changes to the image. The image size is only important when delivering the image and the network bandwidth needed to deliver that content.

A suggestion came in from the community that the dotnet image could be reduced in size by switching from a debian base to the latest ubuntu image that is 60MB smaller. The team hasn’t researched this yet, and think that it could be a viable change.

Glenn then showed us Troy Dai’s docker hub account and the prototype docker images he is working on.

The development image contains:

All of the ASP.NET Core NuGet packages pre-restored for the user
Pre-cross gen’d cache of ASP.NET Core and all of the dependent assemblies so that you don’t pay that compilation task at start time
Environment variables already set to listen to the public 5000 port

The production image includes a cache of runtime assemblies that have been pre-just-in-time compiled to help improve the startup performance when running in production.

Try some of these images and let us know what you think. The team is working to improve them, and we will report more details on these changes as they are published.

Today we are making available a patch release to the ASP.NET Core 1.0 release. This patch contains some updates to MVC, Routing, AntiForgery, Entity Framework Core, and the Kestrel server. Release notes and links to the issues that are addressed for these packages are available on GitHub. There are updated ASP.NET Core templates available as part of the “Microsoft .NET Core 1.0.1 – VS 2015 Tooling Preview 2” release in the Tools section on the .NET Downloads page.

There are also several updates to the .NET Core framework, SDK, and Windows Server Hosting components that you will need to install in order to use this version of the ASP.NET Core framework. We recommend installing this update on your development and production machines to also address a security advisory that was issued. More details about that advisory can be found on TechNet

Support

This is a long-term- support release that we are issuing, and paid support is available for the next three years. For more information about the .NET Core / ASP.NET Core release and support cycle, check our support page for more details.

Updating My Existing Application

To update an application that you are currently working on, you simply need to update the package references to the latest 1.0.1 versions of the packages in your project.json file..

Note: the IISIntegration package is shown for comparison purposes only. It was not updated in this release.

You can “lock in” to a specific version of a package by referencing the full version number of the package, as shown in the IISIntegration and Kestrel packages on lines 1 and 2. if you have them referenced in your project.json:

EntityFrameworkCore
AspNetCore.Server.Kestrel
AspNetCore.Mvc
AspNetCore.Antiforgery
AspNetCore.Routing

The last two, Antiforgery and Routing are included by the MVC package, and do not need any extra work if you are not directly referencing them in your project.json.

Summary

We are happy with this release because the fixes that we are deploying help improve the stability of the framework. Most of the bugs we are addressing were identified by customers and don’t have easy workarounds. Thank you to the participants on our GitHub issues lists and those who are submitting pull-requests. We look forward to working with you on the next release of ASP.NET Core.

This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer.

Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are OpenID Connect and OAuth 2.0. IdentityServer is a popular open source framework for implementing authentication, single sign-on and API access control using ASP.NET.

While IdentityServer3 has been around for quite a while, it was based on ASP.NET 4.x and Katana. For the last several months we’ve been working on porting IdentityServer to .NET Core and ASP.NET Core. We are happy to announce that this works is now almost done and IdentityServer4 RC1 was published to NuGet on September 6th.

IdentityServer4 allows building the following features into your applications:

Authentication as a Service
Centralized login logic and workflow for all of your applications (web, native, mobile, services and SPAs).

Single Sign-on / Sign-out
Single sign-on (and out) over multiple application types.

Access Control for APIs
Issue access tokens for APIs for various types of clients, e.g. server to server, web applications, SPAs and native/mobile apps.

Federation Gateway
Support for external identity providers like Azure Active Directory, Google, Facebook etc. This shields your applications from the details of how to connect to these external providers.

Focus on Customization
The most important part – many aspects of IdentityServer can be customized to fit your needs. Since IdentityServer is a framework and not a boxed product or a SaaS, you can write code to adapt the system the way it makes sense for your scenarios.

You can learn more about IdentityServer4 by heading to https://identityserver.io. Also you can visit the github repo, the documentation, and see our support options.

There are also quick-start tutorials and samples that walk you through common scenarios for protecting APIs and implementing token-based authentication.

Give it a try. We appreciate feedback, suggestions, and bug reports on our issue tracker.

Today I’m pleased to announce that the Microsoft.CodeDom.Providers.DotNetCompilerPlatform 1.0.2 package is released on NuGet. It enables ASP.NET to support the new language features and improves the compilation performance. To install this NuGet package, open NuGet Package Manager in visual studio, search Microsoft.CodeDom.Providers.DotNetCompilerPlatform and click Install/Update button.

What’s new in the new release

Update the dependency package Microsoft.Net.Compilers to which is the latest RTM version of the Roslyn compiler. This new version addresses a performance issue with csc.exe on single core machines.
Disable profiling when launching Roslyn compiler. the profiling is enabled on the w3wp.exe process, CLR will not load NGEN’d assembly which could slow down cold startup performance. The Roslyn compiler references several large assemblies and takes several seconds to start the Roslyn compiler process if those reference assemblies are not loaded from NGEN. This new version disables profiling when starting the compiler. If you do want to profile the Roslyn compiler, you can add the following appsetting entry in web.config.
```
<appSettings><add key="aspnet:DisableProfilingDuringCompilation" value="false"/></appSettings>
```
Address an issue on GitHub which causes a compilation error. The root cause of the issue is that the Roslyn compiler assemblies are included as project items which are part of the “candidate assembly files”. In the error case, ResolveAssemblyReferences task resolves the reference assembly, namely System.Collections.Immutable.dll, to the one under Roslyn compiler folder which may be an older version than the project actually references. This new release fixes the issue.

Tips

Roslyn compiler references several large assemblies and it takes several seconds to load them all, as CLR needs to JIT them. So to get better performance (for a simple website, the cold startup is about 50% faster), it’s highly recommended to NGEN those assemblies. Here are the commands to do NGEN.

Ngen.exe install Microsoft.CodeAnalysis.CSharp.dll

Ngen.exe is under %SystemRoot%\Microsoft.Net\Framework\v4.0.30319 folder and you may want to NGEN all the managed assemblies in Roslyn compiler package.

Known issue

When you update Microsoft.CodeDom.Providers.DotNetCompilerPlatform nuget package you may see an error message similar to that in the image below when updating the Microsoft.Net.Compilers NuGet package. This happens because the Roslyn compiler process is still active and NuGet fails to uninstall the old one. To work around this issue, please restart Visual Studio and reinstall the package.

Feedback

If you find any issue or want to ask a question regarding what’s discussed in this article, please leave a comment below, or use the Contact Owners form for the NuGet package.

During an appearance on the .NET Rocks podcast last week, a question was raised about securely sending information through ASP.NET ViewState. I responded to the question by indicating that the typical security concern for web content is not to trust any content submitted from the web, including ViewState. After that podcast was published, several of my colleagues corrected me: in ASP.NET 4.5 the encryption of ViewState received a significant rewrite that addressed this issue and effectively makes ViewState very secure.

Encrypted and MAC’d

In older versions of ASP.NET, there was an option to “EnableViewStateMac” that would allow you to configure whether ViewState was protected against tampering with a Message Authentication Code (MAC – true setting). As a secondary configuration option, ViewState was encrypted if the “ViewStateEncryptionMode” was set to true. Beginning with ASP.NET 4.5.2, this configuration is ignored and all requests are both encrypted and protected with a Message Authentication Code. Security advisory KB2905247, which was sent to all Windows machines on a patch Tuesday in September 2014, set ASP.NET to ignore the EnableViewStateMac setting and use the ASP.NET 4.5.2 encryption settings in all versions of ASP.NET going back to ASP.NET 1.1. Troy Hunt has a magnificent blog post describing how ViewState MAC works if you are interested in the details.

Improved Encryption Pipeline

With the ASP.NET 4 release, you could replace the symmetric encryption and message authentication algorithms used by the cryptographic pipeline within ASP.NET request processing. You could change the algorithm by setting a decryption and validation attribute on the machineKey element in the machine.config file. More details on this configuration can be found in the MSDN documentation.

You can force your Windows web server to use the updated ASP.NET 4.5 encryption capabilities by applying a compatibilityMode attribute to the machineKey element in machine.config like this:

<machineKey compatibilityMode="Framework45" />

Alternatively, you can apply a targetFramework attribute to the httpRuntime element in web.config, as the updated ASP.NET project templates do:

<httpRuntime targetFramework="4.5" />

More information about the updates to ASP.NET Encryption and ViewState are available online.

SessionStateModule is ASP.NET’s default session-state handler which retrieves session data and writes it to the session-state store. It already operates asynchronously when acquiring the request state, but it doesn’t support async read/write to the session-state store. In the .NET Framework 4.6.2 release, we introduced a new interface named ISessionStateModule to enable this scenario.

Benefits of the asynchronous SessionState module

It’s all about the scalability. As the world moves to the cloud, it makes really easy to scale-out computing resources to serve the large spikes in service requests to an application. It’s very important to design a scalable system so that an application benefits from cloud computing architecture. When you are considering the scalability in terms of session-state, you should not use in-memory session-state provider. The in-memory provider makes it impossible to share session data across multiple web servers. You need to store session data in other mediums such as Microsoft Azure SQL Database, NoSQL, Azure Redis Cache etc. In this case, the new async Sessionsate module enables you to plug in the async session-state provider to access those storage providers asynchronously. Async I/O operation helps release the thread more quickly than synchronous I/O operation, and ASP.NET can handle other requests. If you are interested in knowing more details about async programming, you can read Stephen Cleary’s article on Async Programming : Introduction to Async/Await on ASP.NET.

How to use the Async SessionState module

Open the NuGet package manager and search for Microsoft.AspNet.SessionState.SessionStateModule and install. Since the ISessionStateModule interface is introduced in .NET Framework 4.6.2, you need to target your application to .NET Framework 4.6.2. Download the .NET Framework 4.6.2 Developer Pack if you do not already have it installed.
The NuGet package will copy Microsoft.AspNet.SessionState.SessionStateModule.dll to the bin folder and add the following configuration into the web.config file. If you don’t provide an async session-state provider, the module will use a default in-memory provider. With the in-memory provider you won’t get the async benefits from the default provider, since the default provider just stores the session data in memory.
If you want to get all the async benefits mentioned above, you need to install a real async sessionstate provider. With the release of Microsoft.AspNet.SessionState.SessionStateModule NuGet package, we are also releasing an async version Sql sessionstate provider NuGet package which leverages Entity Framework to do the async database operation. To install this package, open NuGet package manager and search for the Microsoft.AspNet.SessionState.SqlSessionStateProviderasync package and install it.
The installation will add Microsoft.AspNet.SessionState.SqlSessionStateProviderAsync.dll to the bin folder and insert the following configuration into the web.config file. The only additional configuration you need to do is to define a connection string within the connectionstrings element with the same name as the value in the connectionStringName attribute. In the sample configuration below, my connection string would be “DefaultConnection”.

How to implement an async provider

In most of the cases, you can leverage the Microsoft.AspNet.SessionState.SessionStateModule NuGet package and just implement the provider if you want to store the session data somewhere else. To implement your own async sessionstate provider which works with Microsoft.AspNet.SessionState.SessionStateModule, all you need to do is to implement a concrete SessionStateStoreProviderAsyncBase class which is included in the Microsoft.AspNet.SessionState.SessionStateModule NuGet package. Here is the signature for that class:

The new async session-state provider base class is almost same as the sync version, except the majority of the methods return a task in async sessionstate provider base class. You can reference the sample code of sync version sessionstate provider and use async version System.Data.Odbc API to do the database operation instead.
We think that this will assist in some performance tuning scenarios with ASP.NET, and encourage you to try this provider if you are currently using SQL Server as your session state provider. Let us know if you are building an async provider for another storage medium. We encourage you to share any new sessionstate providers you write on NuGet.org. Good luck and happy coding!

This week’s meeting is below:

Community Links

We now have a list of free courses available to teach you more about ASP.NET and ASP.NET Core.

The latest article we’re spotlighting in the ASP.NET documentation is Getting started with ASP.NET Core MVC and Entity Framework Core using Visual Studio by Tom Dykstra

OneTrueError – Automated exception handling by Jonas Gauffin

Building REST services with ASP.NET Core Web API and Azure SQL Database by Jovan Popovic

Check out the Bitwarden project: Free, Open Source Password Manager built on ASP.NET Core Kyle Spearrin

Custom authorisation policies and requirements in ASP.NET Core by Andrew Lock

Real-time applications using ASP.NET Core, SignalR & Angular by Christos Sakells

ReactJS.NET 3.0 – .NET Core and lots of small tweaks to support ReactJS by Daniel Lo Nigro

IdentityModel v2 released by Dominick Baier

Running your ASP.NET Core application on Azure Container Service by Rene van Osnabrugge

Request Filtering for ASP.NET Core applications: Part 3 – Integrating with ASP.NET Pipeline by Hisham Bin Ateya

Check out the EasyLOB project: a Data-Driven Design Archetype for developing Web based .NET LOB Applications

How to: ASP NET Core – third party middleware index by Milan Stanaćev

Accomplishments

Damian reported that the team is very close to delivering ASP.NET Core 1.1 A full list of features are on the roadmap on GitHub, and a preview release is scheduled for the very near future. The features on the roadmap for 1.1 include:

URL Rewriting middleware
Response caching middleware
DI improvements for 3rd party containers
WebListener server (Windows only)
Middleware as MVC filters
ViewComponents as Tag Helpers
View precompilation (tooling preview)
Cookie-based TempData provider
Improved Azure integration
- App Service startup time improvements
- App Service logging provider
- Azure Key Vault provider

We then discussed the version of the SignalR server that is being built on top of ASP.NET Core. The framework components of SignalR are being reviewed at this time, and in particular we looked at the “ASP.NET Sockets” implementation that uses a socket-like programming model to interact abstractly with real-time requests from a client across some transport mechanism provided by SignalR. Damian started off by showing us a sample that uses the ASP.NET Core Sockets EndPoint construct:

https://github.com/davidfowl/Sockets/blob/master/samples/SocketsSample/EndPoints/ChatEndPoint.cs

The code for interacting with the Socket uses the typical Socket workflow with a while-loop to read content from the Socket if data has been received on the Socket. The Sockets implementation is built on top of a feature called Channels.

Further experimentation on ASP.NET Core features are being shared into the ASPLabs repository.

Also, the team has completed an initial set of prototypes designs for RazorPages and have started working to turn this into a real product. It is currently scheduled to be delivered at roughly the same time as the SignalR framework.

Questions:

Q: Are we going to see compilation speed improvements in 1.1?

— No, 1.1 is not a tooling release but rather a set of updates to runtime packages. You will see a performance improvement with the move from project.json to msbuild. More news on that will be coming very soon.

Q: Any updates on System.Drawing for .NET Core?

— No. Take a look at ImageProcessor.org and ImageResizer.Net to help with that. We will address this gap in the future.

Q: Will Azure App Service WebApp for Linux Preview support ASP.NET Core?

— We have Node and PHP support currently.

At this point, Damian chimed-in with a response to a question that he had received outside of the chat-room about super-simple HTTP service configuration. He wrote up his idea for a simple configuration and shared it as an issue in the Routing repository The API Damian is proposing could look similar to the following:

Q: Do you have an update on MSBuild / CSProj?

— There is a blog post coming along shortly… after that is published we will discuss further.

Q: What is the recommended way to access microservices from an ASP.NET Core app?

— Use whatever makes you happy – you can connect and use a microservice with a number of different techniques, and there is no one preferred way.

Q: Is there are a way to use a publish / subscribe pattern with a servicebus in the SignalR code that was shared?

— We demonstrated the lowest layer in this video, you can layer anything you want on top of it. We have some samples in the repo that show how to start layering on top. The team is still discussing plans to ship a firm pub / sub abstraction.

Q: What’s the latest news about using Razor templates without needing the entire MVC framework?

— The team is working to refactor Razor to run outside of MVC. As part of the refactoring, it will be easier for other razor host processes to be enabled in Visual Studio. More will be coming later

Q: Is there an update on JavaScript services?

— We’re now building Visual Studio templates to support these services and get more feedback. The beginnings of these templates are in the GitHub repository.

At this point, the team discussed how JavaScript has changed the way that they develop applications and some of their background that has shaped the way that they approach the ASP.NET tools. Damian referred to a JavaScript article on Medium that humorously discusses how to learn JavaScript in 2016, and that they see JavaScript currently in a state where innovation is happening extremely quickly.

This week’s meeting is below:

Community Links

Request Filtering for ASP.NET Core applications: Part 4 – Extending the Request Filtering Rules

Localization Resource Generator & Translator via “dotnet” CLI

ASP.NET Core: Globalization and Localization

Building Apps with Polymer and ASP.NET Core

Don’t Share Your Secrets! (.NET CORE Secret Manager Tool)

Debugging into ASP.NET Core Source

Modifying the UI based on user authorisation in ASP.NET Core

Error Handling and ExceptionFilter Dependency Injection for ASP.NET Core APIs

Angular2 autocomplete with ASP.NET Core and Elasticsearch

ASP.NET Core with Angular2 – tutorial

Managing containerized ASP.NET Core apps with Kubernetes

Working with Environments and Launch Settings in ASP.NET Core

A question was asked on Twitter that Jon highlighted, asking if development had completely stopped on ASP.NET 4.6 and if there was a road map.

— We can tell you that development has not stopped, and we have released versions 4.6.1 and 4.6.2 of the .NET Framework with enhancements for ASP.NET. There are minor tweaks and adjustments being applied to the full framework as most of our attention is taken up by delivering the new .NET Core and ASP.NET Core frameworks. We expect to deliver features to the .NET Framework versions that help bring some of the innovation in .NET Core back to the existing .NET Framework so that applications built for Windows on the full framework get those benefits as well.

Accomplishments / Demo

Damian went on to present a demo and discussion about the logging and performance profiling features of ASP.NET Core with Visual Studio 2015. In particular, he spent time looking at using ETW (Event Tracing for Windows) and AppInsights integrations with Visual Studio. On Linux, there is a replacement for ETW that uses the same EventSource API but logs to a different location on disk.

When starting a new project, there is an option in the window to add Application Insights to your project. You don’t need to sign up for an Azure account, and you can choose to “Install the SDK Only”.

With AppInsight data collected locally, you can start your application with the debugger running, there is some very interesting data being analyzed by Visual Studio for you. The diagnostic tools window is available that shows the current memory, CPU usage, and events triggered by the application. You can click the AppInsights button on the toolbar to open the Application Insights Search window and see more detailed data about the interactions with the application.

These profilers and diagnostic tools are what really make Visual Studio shine for developers that need to do more than just ‘write code’.

The Application Insights team is working to add more features to their data collection and processing facilities inside of Visual Studio. They have also integrated with CodeLens for Visual Studio Ultimate users that shows the number of exceptions logged for each method you are viewing in the text editor. If your application has Application Insights running in production, you can connect your Visual Studio instance to that and see the exceptions logged in your production environment.

Damian went on to show us where the Application Insights telemetry is injected into the ASP.NET Core middleware. He went on to show us some improvements that he prototyped in an ASP.NET Core logger provider that logs more information to Application Insights.

In an effort to make it even easier to get this type of logging and analytics for Visual Studio developers, Damian showed the ETW logger provider that is already written but not yet shipped. You can grab it from the nightly MyGet feed under the Microsoft.Extensions.Logging.EventSource package name. With ASP.NET Core logging to ETW, you can then use the ETW PerfView tool to track and analyze the activities and events in your application.

Is there a performance impact while debugging and using ETW? When you get to about 60,000 events per second you will start to see performance impacts, and that won’t typically be hit in debugging sessions. ETW is designed to be turned on by default and it only impacts performance when there is a listener interacting with the Windows event stream.

Scott spent some time learning more about Application Insights and Visual Studio, and wrote up his experience on his blog.

Our next standup will be in two weeks, on November 1. Thanks for watching, and happy coding!

Puzzle Piece We’ve all read various ‘best practices’ posts about this framework and that framework from expert developers in the community. They’ll cover topics regarding how to make your application more maintainable and how to drive down the risk of maintenance in your applications. A common design recommendation is to structure your applications so that you compose the objects you are working on. The MVC framework is a good example that demonstrates this technique. You compose controller objects in MVC using constructor dependency injection so that the other facilities that our controllers need like loggers and database access are managed in other classes. What do we do if we’re working on an ASP.NET Web Forms application? The Page object doesn’t allow you to use constructor injection, so how do we work around this limitation?

In this series of posts, we’re going to look at how to modernize the development of your ASP.NET Web Forms application using existing features in innovative ways. Along the way, we will also learn how to reduce risk while maintaining our long standing applications.

Dependency Injection Primer

For those unfamiliar with the concept, dependency injection is a class design strategy that relocates logic from one class to another. The second class is then injected into the first through either a property or a constructor argument. As an example, we can move all database management logic to a repository class or all log management tasks to a logger class. Our application code can be structured so that it focuses more on the application logic and only pulling in these concerns when needed.

The following code demonstrates how you can inject a repository object that is defined by an interface, ICustomerRepository, into a Controller class for use in an MVC action method:

An inversion of control container can be configured to automatically create the CustomerController and pass in an appropriate class that implements the ICustomerRepository interface.

Inversion of Control Containers

An Inversion of Control (IOC) container is an object in your code that manages the construction and object lifetime of objects that can be automatically injected into your classes for use. The code you are writing in the client classes, like the CustomerController above, calls into the classes that do most of the work for you. This inversion of control is facilitated by a container object. There are many containers available on NuGet.org for you to choose and add to your projects including:

For this article, we’re going to work with Autofac and add its capabilities to a Web Forms application.

Web Forms and Dependencies

ASP.NET Web Forms has a long history of managing code in a collection of code-behind files named something like “EditCustomer.aspx.cs” that contain a partial class. This is the editable part of the class, as there is also a “EditCustomer.designer.aspx.cs” class that contains some generated code for the framework to use in managing the user-interface. If we would like to add dependencies to a page, say a reference to a CustomerRepository, we would typically create the CustomerRepository in the constructor of the EditCustomer class and then use it appropriately later in the class.

This leads to some code management problems as we are then creating all of the dependent objects that we need to build and service our pages in the constructor of every page.

If those objects change or if we wanted to use a different implementation of our interface, we’re going to have a lot of code to update and test to ensure that it still functions the same way. We can start to simplify this problem by introducing an abstract BasePage concept to move some of these common concerns out into a reusable class that other pages can inherit from as well:

We still have a page level concern for the CustomerRepository, but perhaps that’s just a one-off problem for this page. Or maybe it isn’t…

Using a Container with Web Forms

Out of the box, you can’t add parameters to any of your code-behind file’s constructors. Not only that, but you have no way to plug in a container to set property values either. There is a way around this, and it involves using an HttpModule. An HttpModule is a class that can intercept events in the ASP.NET pipeline and interact with the input, output, and other processes managing the pipeline. In this case, we’re going to write a simple HttpModule to inspect a Page object and inject required properties or constructor arguments as needed.

In this sample, we’re going to use Autofac to power our module. After installing the Autofac NuGet package, you can create a new class that implements the IHttpModule interface. The IHttpModule defines two methods that you must implement: Init and Dispose. We can use the Init method to listen for the PreRequestHandlerExecute event, the event that is triggered after a Page is constructed and before it begins any Page-level events processing. Let’s also add a static constructor to configure the Autofac container:

With some additional reflection work inside of our event handler method, we can inject arguments for the constructor method and execute that constructor. This is a little strange, as we’re used to executing constructor methods when calling “new FooClass()”. In this case, the class is already instantiated and we are triggering the constructor method after the fact.

Structuring a Page

To set up a page to be injected, we can add public properties of types that Autofac knows how to handle or we can create a public constructor method that accepts arguments. If we use the constructor injection technique, we need to ensure that a protected argument-less constructor method is available for the framework to use when it creates the Page object.

Final Configuration

The last piece of configuration needed to ensure that our AutofacModule executes in the ASP.NET event pipeline is to add an entry appropriately to web.config:

Summary

We’ve taught an old dog a new trick. This is sample code only, and may not be optimized for the best performance for your application in production. Some of the containers, like Autofac, have their own modules available for you to use if you want to employ this technique with your application. Is this something that you find valuable? Should we make investments in this type of “modernization” of the web forms templates and architecture? Let us know in the comments below.

Thanks to MVP and Regional Director Miguel Castro for helping with the content of this article.