Saturday, October 27, 2018

.Net Core | Http Request Pipeline & Middleware

In .Net Core web application initialization and startup has been totally changed.

Configure Method of Startup class configures Http Request pipeline.

  • Global.asax has been removed. 
  • ini, xml and json files taken place to use in configuration 


Middleware

Middleware is software that's assembled into an app pipeline to handle requests and responses.
  • A Middleware can choose whether the request has to pass to next component or it can terminate the chain that is called Short-Circuiting the pipeline. Middleware3 is doing it in below example.
  • Middleware can perform work before calling next component and can perform work after the next component call finishes.




Run, Map and Use methods 


Run: First occurrence of Run terminates the executor branch or request pipeline if no branches. 



public class Startup
{
        public void Configure(IApplicationBuilder app)
        {
            app.Run(async context =>
            {
                await context.Response.WriteAsync("Hello megabyteland.blogspot.com");
            });
        }
}

Use: To configure multiple middlewares you need to use Use method. Second parameter of Use is delegate for next middleware defined in the pipeline.
public class Startup
{
  public void Configure(IApplicationBuilder app)
        {
            app.Use(async (context, next) =>
            {
                // Do work before invoking next middleware.
                await next.Invoke();
                // Do work after invoking next middleware.
            });

            app.Run(async context =>
            {
                await context.Response.WriteAsync(("Hello megabyteland.blogspot.com");
            });
        }
}


Wednesday, October 17, 2018

.Net Core | GDPR (General Data Protection Regulation)

The "General Data Protection Regulation" (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Cookie consent feature allows you to ask and track consent from users for storing personal information.
If app has CheckConsentNeeded set to true than application prompt user with below screen.






If user has not consented (not Accepted) for collecting his data then non-essential cookies would not be sent to the browser.

In this case only essential Cookies would be sent to the browser.
Session state and TempData would not work because Session and TempData cookies are not essential.
However, in this case you can make them essential to work.

Monday, October 15, 2018

.Net Core | Start with MVC

Using MVC in .Net Core
  1. Register MVC as middleware in http Request Pipeline
    app.UseMvc()
    You can also configure Routing with registration of MVC as middleware.           

    Below method can be used if your controller is Home, action in that is Index.
     app.UseMvcWithDefaultRoute()
    If you have different name controller/action than you can configure route as given below
    Id is optional parameter
     app.UseMvc(routes => 
                  routes.MapRoute(
                        name: "default",                   
                        template: "{controller=EquityHome}/{action=Login}/{Id?}") 
                   )
  2.   
  3. Inject MVC in IOC Container
     services.AddMvc()
    You can set .Net Core version as well with injecting MVC using SetCompatibilityVersion method.
    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1)


  4. Configure HttpRequest pipeline with some important and required features/services
    All these services have IApplicationBuilder parameter and returns it back IApplicationBuilder after completion of operation (we no need to mention it)
    • app.UseHttpsRedirection()
      Enables security by redirecting all http requests to https
    • app.UseStaticFiles()
      • UseStaticFiles(IApplicationBuilder) Enables static file serving for the current request path
      • UseStaticFiles(IApplicationBuilder, StaticFileOptions) Enables static file serving with the given options
      • UseStaticFiles(IApplicationBuilder, String)
        Enables static file serving for the given request path

    • app.UseCookiePolicy()
      Different cookie policy options can be set with CookiePolicyOptions parameter
    • app.UseStatusCodePagesWithRedirects("~/errors/{0}.html")
      Can be used to redirect to custom error page, where parameter {0} is error status code
    • app.UseStatusCodePagesWithReExecute("~/errors/{0}.html")
      Can be used to redirect to custom error page, where parameter {0} is error status code.
      This method re-executes http request pipe line with given url 
    • app.UseDeveloperExceptionPage()
    • This method display error details on web page.(Yellow error page)
  5. Implement security using, It enforces browsers to use https
    app.UseHsts()

  6. MVC Application architecture with .Net Core   

  1. Microsoft.AspNetCore.App provide all .net core features.
  2. site.css is java script is empty java script file for development and site.min.css is for other environments.

Friday, October 5, 2018

.Net Core | Security - Enforce HTTPS

Enforce HTTPS in ASP.Net Core

Microsoft recommends below 2 methods to use that enforces HTTPS

  • UseHttpsRedirection 
  • UseHsts

1. UseHttpsRedirection 


RequireHTTPS Attribute not Recommended:
can be used at controller level to enforce HTTPS, but its not recommended for Web APIs, because API clients may not understand redirection of HTTP to HTTPS, as a result they may not serve request and return with http status code 404 bad request, they may send information over http.      

[RequireHttps]
public class HomeController: Controller
{}

Add below method in Configure method of Startup.cs.  
app.UseHttpsRedirection();

It uses default values of RedirectionStatusCode and HttpsPort
HttpsRedirectionOptions.RedirectStatusCode (Status307TemporaryRedirect).
HttpsRedirectionOptions.HttpsPort (null)

default HTTPS port is 447

If you want to change RedirectionStatusCode and/or HttpsPort than
Add below middleware into ConfigureServices method, else UseHttpsRedirection in Configure is sufficient.
            services.AddHttpsRedirection(options => {
                options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
                options.HttpsPort = 5001;
            });


2. UseHsts

Per OWASP, HTTP Strict Transport Security (HSTS) is an security enhancement using a response header.
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

When a browser(supports HSTS) receives this header it stores configuration for the domain than based on configuration browser ensures 
  • Prevents communications using HTTP
  • Forces to use HTTPS
  • Prevents to use any invalid or untrusted certificates
  • Disables prompts that allow a user to temporarily trust such invalid certificates

    There are few limitations
  • The client should support HSTS
  • Requires at least one successful HTTPS request to establish the HSTS policy
  • Application must check every HTTP request and redirect/reject the HTTP request

HSTS should not be used with development environment as its highly cacheable.  


  • IncludeSubDomains: Says to include sub-domains as well for this configuration
  • MaxAge: Browser cache the rule for the specified time duration. (For Production environment recommended is 1 year )
  • ExcludeHosts: Excludes specific hosts from this rule
  • Preload: It says browser to include your domain into its Preload list
Be careful in Production environments to set Preload = true and higher MaxAge(1 year). If you are sure that you would serve HTTPS support for your domain / sub-domain more than specified time than you should set it.
Removal of the rule from browsers might take months.
Because its become hard code rule for browsers until new updates of browsers not received.
If you stop support of HTTPS for your domain and change change configuration before previous time span, settings may take months to update client's browser and your domain might return with 402 Bad Request.  

Saturday, September 22, 2018

.Net Core | Project file


csproj file has been changed with .Net core

  1. Solution explorer is mapped with hard drive location, any file added in hard drive location will be visible in solution explorer, no entry required in .csproj file.
  2. Project file is used to contain packages references  
  3. Microsoft.AspNetCore.App contains
    • All required Core features
    • EntityFramework
    • Third party packages dependencies used by Core

.Net Core | Bundling & Minification

Bundling is a process to combine same type of multiple reference files into single file to minimize multiple files loading into one.
Minification is a process in which some techniques get applied over file like removing whitespace, shortening variable names, replacing verbose functions with shorter and more concise functions etc.

  • Add a json file bundleconfig.json.
    • OutputFileName: File that will be created after bundling and minification of given input files.
    • inputFiles: One or more files to be bundled and minified into one output file.




  • If not using Visual studio dotnet bundle is the command that can be used on command line to perform bundling.
  • Using Visual studio  
  1. Install BundlerMinifier.Core from https://marketplace.visualstudio.com/items?itemName=MadsKristensen.BundlerMinifier
  2. Use Task Runner Explorer  
    Bottom part of above given picture is showing Task Runner Explorer.
  3. All files or output files can be configured for Bundling and Minification on below events, bundleconfig.json.bindings file contains this information. On these events output files get created
    • Before Build
    • After Build 
    • Clean Build
    • Project Open

Note: Gulp and Grunt are java script based tools that can be used for bundling and minification easily.

Sunday, September 2, 2018

.Net Core | Dependency Injection (DI/Ioc)

Dependency Injection(DI) & Inversion of Control(Ioc)
  • ConfigureServices is the method used to register Types/ Services in Ioc container.
  • Classes of application (even view using Razor) can call these services whenever required.
  • If a class uses any Ioc registered service instance, its required to implement interface of that service in the class.
  • Lifetime of registered service instances is managed by runtime(framework). Because you already mention the same while registering a service.

Ex.

public void ConfigureServices(IServiceCollection services)  
{  
        services.AddSingleton<IEmailSender, EmailSender>();
        services.AddMvc();  
services.AddSingleton<InterfaceName, className>();
services.AddScoped<InterfaceName, className>();
services.AddTransient<InterfaceName, className>();


Benefits: 
  • Required services instance can be used throughout the application.
  • No need to create and dispose services instances when calling them.
  • Lifetime of services instances managed by Ioc container, that is called by runtime.

.Net Core | Initialization of Applications

Initialization of .Net core Web Application
  1. No Global.asax
  2. Web application and other application starts from program class contains main method


  3. main method calls another static method CreateWebHostBuilder method that returns object of IWebHostBuilder interface.
  4. CreateWebHostBuilder calls CreateDefaultBuilder static method. 
  5. That creates object of WebHostBuilder setup it and run it.


    • Created object 'builder' of WebHostbuilder
    • UseKestral(): Tells builder to use Kestrel.
      Kestrel
      is embedded internal server that host application and communicate (Request/Response) with external web server like IIS.
    • UseIISIntegration():  Tells to use IIS and communication between IIS and Kestrel.
    • UseContentRoot: Access project directory
    • ConfigureAppConfiguration: Loads appSettings.json file contains settings
    • ConfigureLogging: Configures logging in console window and debug window including in libraries used.
    • UseDefaultServiceProvider: Tells builder to use asp.net core's internal dependency injection container. 
    • ConfigureServices: Used to add types to the internal dependency injection container. Adding type Kestrel that is used.
    • Returns object of WebHostbuilder
  6. Object of WebHostBuilder configured to use Startup class.
  7. Startup Class: Contains 2 methods
    • ConfigureServices: Used to register services in Ioc container
    • Configure: Used to configure Request/Response pipeline
           public class Startup   
           {  
                  public void Configure(IApplicationBuilder app)  
                  {  
                     //Register types (services) to use in application
                  }  
                  public void ConfigureServices(IServiceCollection services)  
                 {  
                     //Configure how to handle http request 
                  }       
           }

.Net Core | Installation

Installation
Visual studio installation does not includes .Net Core, you need to download and install it from
https://www.dot.net

Templates available in Visual Studio for
  1. API
  2. Console App
  3. ASP.Net Core web application  
  4. ASP.Net Core web application(MVC)
  5. Angular
  6. React.js
Project file structure (.csproj or .vbproj)
  1. Includes wwwroot folder.
    • Only wwwroot folder is accessible from browser
    • Nothing is accessible by default 
    • Only files accessible included in white list
  2. Solution explorer directly maps local stored drive location. It means adding any file on hard drive shown directly in solution explorer.
  3. Includes .Net core framework version
  4. Includes Package/library references 
Meta Package 
  1. It includes every thing required in ASP.net core and Entity Framework.
  2. It also include internal and external dependencies

Saturday, November 25, 2017

Software Configuration Management Plan (SCMP)

Configuration Items


Configuration Items
Description
Phase - Initiation & Planning

Project Charter
Describes the scope, objectives, and participants in a project
Project Plan
Describes the project plan, initially defined scope of project and determined appropriate methods to complete the project.
Software Configuration Management Plan
SCM is a part of quality control of a project. Defines how source code & builds will be managed. Without this managers have little or no control over the products being produced. Ex. What there status is? Where they are in production life cycle? Whether they can change? What is the latest version?
Configuration Management Checklist
Checklist for SCMP, Checks for SCMP is followed in the project properly
Phase - Requirements

Requirements Specification (BRS)
Describes business requirement specification
Capacity, Infrastructure & Hosting Planning
Describes planning for system capacity, required infrastructure and hosting options
Change Request Log
A change log is a record of requests for change (RFCs) submitted for all changes in the product
Traceability Matrix
A traceability matrix is a document, usually in the form of a table that correlates any two base-lined documents that require a many-to-many relationship to determine the completeness of the relationship. Used to check & see whether system requirements met or not. In other words this matrix covers mapping of high level requirements with test cases to ensure that all test cases covered so that no functionality will be missed during testing.
Phase - Design

Functional & System Design (SRS)
Describes system requirement specifications
Test Plan
Describes planning for testing
Conversion/Migration Plan
Describes migration plan
Test Cases
List of test cases. A test case is a set of condition in which a tester determine whether a functionality of system is working as it was designed
Taxonomy Review Checklist
Checklist for taxonomy review
Code Review Checklist
Checklist for code review
Coding Standards
Documentation of coding standards
Test Plan Review Checklist
Checklist to verify test plan. Verify prepared test cases following standards like well-defined scope entry and exit points etc.
Module Dependency Matrix
Describes dependency of system modules on each other
Security Plan
Describe planning to implement system security. Define which security items has to be implement and how to implement them
Maintenance Plan
Describe maintenance plan
Phase - Development & Test

Coding (Ex. C#/JAVA)
Computer language coding
Database and database objects Creation
Database and objects like tables, functions, stored procedures creation
Unit Test Cases Preparation
Describe unit test cases preparation
Unit Test Cases Report
Describes unit test cases execution report
Installation Plan
System installation plan on deployment environment
Handover Training Plan
Describes plan for system handover to client
Change Request (CR)
Change request form
Software Readiness Checklist
Checklist to verify software readiness
Release Notes Internal
Release note for internal releases
Bug documentation
Describes analysis, cause and solution for specific bug
Deployment Checklist
Checklist to verify system installation / deployment
Phase 6 – Implementation

Software Release Audit Checklist
Establishes overall criteria for evaluating software quality, customer, deployment, compliance, operations, security, and support readiness
Release Notes External
Release note for external releases
Post Implementation Evaluation Report
Describes the successes and failures of the project. It provides a historical record of the planned and actual budget and schedules
User Manual
Guide for system users to describe how to use the system
Meetings Record (All stages)
Record of MOMs for all meetings in project lifecycle
Stage Exit Approvals (All stages)
Record of approvals from concerned authority on completion of every stage

Friday, July 15, 2016

Type of Contracts

There are two types of contracts
  1. Behavioral Contract
  2. Structural Contract
Behavioral Contract:
    1. Service Contract
    2. Operation Contract
    3. Fault Contract
Structural Contract:
    1. Data Contract
    2. Message Contract
Message Contract: Developer mostly uses DataContract but whenever we require more control over soap message MessageContract comes into picture.
Using MessageContract you can define header and body members of soap message that wcf inserts in soap message.

Note: When using message contract with a operationcontract
Either only messagecontract can be used as parameter and return value or nothing as parameter or return type.

[MessageContract]
    public class UserInfoRequestMessage
    {
        [MessageHeader()]
        public string UserAuthCode;

        [MessageBodyMember()]
        public int UserId;
    }

    [MessageContract]
    public class UserInfoResponseMessage
    {
        [MessageBodyMember()]
        public UserInfo MyUserInfo;
    }

    [ServiceContract]
    public interface IUserService
    {
        [OperationContract]
        UserInfoResponseMessage GetUserById(UserInfoRequestMessage usrInfoMessage);
    }

    public class UserService : IUserService
    {
        public UserInfoResponseMessage GetUserById(UserInfoRequestMessage usrInfoMessage)
        {
            //Method implementation
        }

    }

CI/CD - Safe DB Changes/Migrations

Safe DB Migrations means updating your database schema without breaking the running application and without downtime . In real systems (A...