AWS - Beanstalk

AWS Elastic Beanstalk is an service for deploying and scaling web applications and services developed using Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on servers like Apache, Nginx, Passenger, and IIS.

We can simply upload our code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time.

There is no additional charge for Elastic Beanstalk - you pay only for the AWS resources needed to store and run your applications.

CLI Command to deploy .net web app using Elastic beanstalk

Key steps: 

1. Publish your app using:

   dotnet publish -c Release
   

2. Zip the output folder.

3. Deploy to Elastic Beanstalk via AWS Management Console or CLI:
   

   aws elasticbeanstalk create-application-version --application-name MyApp --version-label v1 --source-bundle S3Bucket=mybucket,S3Key=myapp.zip

Benefits 

1. Fast & Simple: Its very useful for those not having deployment and infrastructure knowledge.
   You simply use the AWS Management Console, a Git repository, or an integrated development environment (IDE) such as Eclipse or Visual Studio to upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Within minutes
2. Productive for Developers: No need to spend time to learn deployment techniques 
3. Auto Scaling: It provides auto scaling. Scale up to handle high load and traffic and scale down for cost saving automatically using your config settings.   
4. Resource Control: Full control to select your choice resource like EC2 instance ex. t2.micro
   You have full control over underlying resources opted through beanstalk, you can takeover on some/all resources you want. It keeps resources up to date with latest updates/patches

Points to Remember:

1. You can have multiple versions of your application 
2. Your application can be split in multiple tiers like web tier, app tier and database tier 
3. You can update application whenever needed 
4. You can update configuration whenever needed 
5. update can be 1 instance at a time, % wise update or immutable update (creating separate copy) 
6. Beanstalk is free, you pay for resources opted 
7. Beanstalk can create database for you but it get deleted if you delete beanstalk.So better create your separate database and link with beanstalk, with this approach database would not deleted with Beanstalk 
8. Supported languages and servers for them
1. Apache Tomcat for Java Applications 
2. Apache Http server for PHP applications 
3. Apache Http server for Node JS applications 
4. Nginx or Apache Http server for python applications 
5. Java SE 
6. Docker 
7. GO 
8. IIS 7.5, 8.0 8.5 for .Net applications 
9. Passenger or Puma for Ruby
9. Configuration applied while creation or updation of environment from multiple sources as given 
1. Settings applied directly to the environment: Direct setting applied from sources like AWS management console, EB CLI, AWS CLI or SDK, AWS and EB CLI also apply recommended values. 
2. Saved Configuration: Settings for any option that are not applied directly to the environment are loaded from Saved Configuration. 
3. Configuration Files: (.ebextensions) Settings for any option that are not applied directly to the environment and from Saved configuration are loaded from Configuration files, multiple .ebeextensions files executed in alphabetic order from folder .ebextensions root of the the application. 
4. Default Values: If any configuration option has default value and it has not been supplied any value from options given above then default value will be applied.
10. Immutable deployments perform an Immutable Update to launch a full set of new instances running the new version of the application in a separate Auto Scaling group, alongside the instances running the old version. Immutable deployments can prevent issues caused by partially completed rolling deployments. If the new instances don't pass health checks, Elastic Beanstalk terminates them, leaving the original instances untouched.
    
    
    

.Net Core | Using Libraries & Packages

• Server-side Libraries
  Nuget is the source for all kind of server side libraries and packages.
• Client-side Libraries
  For client side libraries like js and css, its recommended to refer them directly from CDN, to leverage their fast loading. If want to use them locally than these can be downloaded from Node Package Manager (NPM).
  You can download client side tools from NPM or command line or MS package installer.

How to use NPM (Node Package Manager)

1. Add new npm Package Configuration file.
   
   
   
   
   
2. Add whatever packages you want to add in devDependencies. 
3. Hundreds of useful client side packages available in NPM like Jquery and bootstrap.
   
   
   
4. When you add libraries in NPM configuration file (package.json), visual studio automatically installs them.
   
   
   
   
   
   
5. Its install in hidden node_modules folder, and in lib folder in wwwroot. 
6. you can than copy/keep only required minified versions of libraries in www folder.

.Net Core | Http Request Pipeline & Middleware

In .Net Core web application initialization and startup has been totally changed.

Configure Method of Startup class configures Http Request pipeline.

• Global.asax has been removed. 
• ini, xml and json files taken place to use in configuration 

Middleware
Middleware is software that's assembled into an app pipeline to handle requests and responses.

• A Middleware can choose whether the request has to pass to next component or it can terminate the chain that is called Short-Circuiting the pipeline. Middleware3 is doing it in below example.
• Middleware can perform work before calling next component and can perform work after the next component call finishes.

Run, Map and Use methods 

Run: First occurrence of Run terminates the executor branch or request pipeline if no branches. 

public class Startup

{

        public void Configure(IApplicationBuilder app)

        {

            app.Run(async context =>

            {

                await context.Response.WriteAsync("Hello megabyteland.blogspot.com");

            });

        }

}

Use: To configure multiple middlewares you need to use Use method. Second parameter of Use is delegate for next middleware defined in the pipeline.

public class Startup

{

  public void Configure(IApplicationBuilder app)

        {

            app.Use(async (context, next) =>

            {

                // Do work before invoking next middleware.

                await next.Invoke();

                // Do work after invoking next middleware.

            });

            app.Run(async context =>

            {

                await context.Response.WriteAsync(("Hello megabyteland.blogspot.com");

            });

        }
}

.Net Core | GDPR (General Data Protection Regulation)

The "General Data Protection Regulation" (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Cookie consent feature allows you to ask and track consent from users for storing personal information.
If app has CheckConsentNeeded set to true than application prompt user with below screen.

If user has not consented (not Accepted) for collecting his data then non-essential cookies would not be sent to the browser.

In this case only essential Cookies would be sent to the browser.
Session state and TempData would not work because Session and TempData cookies are not essential.
However, in this case you can make them essential to work.

.Net Core | Start with MVC

Using MVC in .Net Core

1. Register MVC as middleware in http Request Pipeline
   app.UseMvc()
   You can also configure Routing with registration of MVC as middleware.           
   
   Below method can be used if your controller is Home, action in that is Index.
    app.UseMvcWithDefaultRoute()
   If you have different name controller/action than you can configure route as given below
   Id is optional parameter
    app.UseMvc(routes => 
                 routes.MapRoute(
                       name: "default",                   
                       template: "{controller=EquityHome}/{action=Login}/{Id?}") 
                  )
  
2. Inject MVC in IOC Container
    services.AddMvc()
   You can set .Net Core version as well with injecting MVC using SetCompatibilityVersion method.
   services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
   
   
   
   
   
3. Configure HttpRequest pipeline with some important and required features/services
   All these services have IApplicationBuilder parameter and returns it back IApplicationBuilder after completion of operation (we no need to mention it)
• app.UseHttpsRedirection()
  Enables security by redirecting all http requests to https
• app.UseStaticFiles()
• UseStaticFiles(IApplicationBuilder) Enables static file serving for the current request path
• UseStaticFiles(IApplicationBuilder, StaticFileOptions) Enables static file serving with the given options
• UseStaticFiles(IApplicationBuilder, String)
  Enables static file serving for the given request path


• app.UseCookiePolicy()
  Different cookie policy options can be set with CookiePolicyOptions parameter
• app.UseStatusCodePagesWithRedirects("~/errors/{0}.html")
  Can be used to redirect to custom error page, where parameter {0} is error status code
• app.UseStatusCodePagesWithReExecute("~/errors/{0}.html")
  Can be used to redirect to custom error page, where parameter {0} is error status code.
  This method re-executes http request pipe line with given url 
• app.UseDeveloperExceptionPage()
This method display error details on web page.(Yellow error page)
4. Implement security using, It enforces browsers to use https
   app.UseHsts()


5. MVC Application architecture with .Net Core   

1. Microsoft.AspNetCore.App provide all .net core features.
2. site.css is java script is empty java script file for development and site.min.css is for other environments.
   

.Net Core | Security - Enforce HTTPS

Enforce HTTPS in ASP.Net Core

Microsoft recommends below 2 methods to use that enforces HTTPS

• UseHttpsRedirection 
• UseHsts

1. UseHttpsRedirection 

RequireHTTPS Attribute not Recommended: can be used at controller level to enforce HTTPS, but its not recommended for Web APIs, because API clients may not understand redirection of HTTP to HTTPS, as a result they may not serve request and return with http status code 404 bad request, they may send information over http.      

[RequireHttps]

public class HomeController: Controller

{}

Add below method in Configure method of Startup.cs.  

app.UseHttpsRedirection();

It uses default values of RedirectionStatusCode and HttpsPort

HttpsRedirectionOptions.RedirectStatusCode (Status307TemporaryRedirect).

HttpsRedirectionOptions.HttpsPort (null)

default HTTPS port is 447

If you want to change RedirectionStatusCode and/or HttpsPort than
Add below middleware into ConfigureServices method, else UseHttpsRedirection in Configure is sufficient.

            services.AddHttpsRedirection(options => {

                options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;

                options.HttpsPort = 5001;

            });

2. UseHsts

Per OWASP, HTTP Strict Transport Security (HSTS) is an security enhancement using a response header.

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

When a browser(supports HSTS) receives this header it stores configuration for the domain than based on configuration browser ensures 

• Prevents communications using HTTP
• Forces to use HTTPS
• Prevents to use any invalid or untrusted certificates
• Disables prompts that allow a user to temporarily trust such invalid certificates
  
  There are few limitations
• The client should support HSTS
• Requires at least one successful HTTPS request to establish the HSTS policy
• Application must check every HTTP request and redirect/reject the HTTP request

HSTS should not be used with development environment as its highly cacheable.  

• IncludeSubDomains: Says to include sub-domains as well for this configuration
• MaxAge: Browser cache the rule for the specified time duration. (For Production environment recommended is 1 year )
• ExcludeHosts: Excludes specific hosts from this rule
• Preload: It says browser to include your domain into its Preload list

Be careful in Production environments to set Preload = true and higher MaxAge(1 year). If you are sure that you would serve HTTPS support for your domain / sub-domain more than specified time than you should set it.

Removal of the rule from browsers might take months.

Because its become hard code rule for browsers until new updates of browsers not received.
If you stop support of HTTPS for your domain and change change configuration before previous time span, settings may take months to update client's browser and your domain might return with 402 Bad Request.  

.Net Core | Project file

csproj file has been changed with .Net core

1. Solution explorer is mapped with hard drive location, any file added in hard drive location will be visible in solution explorer, no entry required in .csproj file.
2. Project file is used to contain packages references  
3. Microsoft.AspNetCore.App contains
• All required Core features
• EntityFramework
• Third party packages dependencies used by Core

.Net Core | Bundling & Minification

Bundling is a process to combine same type of multiple reference files into single file to minimize multiple files loading into one.
Minification is a process in which some techniques get applied over file like removing whitespace, shortening variable names, replacing verbose functions with shorter and more concise functions etc.

• Add a json file bundleconfig.json.
• OutputFileName: File that will be created after bundling and minification of given input files.
• inputFiles: One or more files to be bundled and minified into one output file.
  
  
  

  
  

  
  

  
  
• If not using Visual studio dotnet bundle is the command that can be used on command line to perform bundling.
• Using Visual studio  

1. Install BundlerMinifier.Core from https://marketplace.visualstudio.com/items?itemName=MadsKristensen.BundlerMinifier
2. Use Task Runner Explorer  
   Bottom part of above given picture is showing Task Runner Explorer.
3. All files or output files can be configured for Bundling and Minification on below events, bundleconfig.json.bindings file contains this information. On these events output files get created
• Before Build
• After Build 
• Clean Build
• Project Open

Note: Gulp and Grunt are java script based tools that can be used for bundling and minification easily.

.Net Core | Dependency Injection (DI/Ioc)

Dependency Injection(DI) & Inversion of Control(Ioc)

• ConfigureServices is the method used to register Types/ Services in Ioc container.
• Classes of application (even view using Razor) can call these services whenever required.
• If a class uses any Ioc registered service instance, its required to implement interface of that service in the class.
• Lifetime of registered service instances is managed by runtime(framework). Because you already mention the same while registering a service.

Ex.

public void ConfigureServices(IServiceCollection services)  

{  

        services.AddSingleton<IEmailSender, EmailSender>();

        services.AddMvc();  

} 

services.AddSingleton<InterfaceName, className>();

services.AddScoped<InterfaceName, className>();

services.AddTransient<InterfaceName, className>();

Benefits: 

• Required services instance can be used throughout the application.
• No need to create and dispose services instances when calling them.
• Lifetime of services instances managed by Ioc container, that is called by runtime.

.Net Core | Initialization of Applications

Initialization of .Net core Web Application

1. No Global.asax
2. Web application and other application starts from program class contains main method
   
   
   
   
   
3. main method calls another static method CreateWebHostBuilder method that returns object of IWebHostBuilder interface.
4. CreateWebHostBuilder calls CreateDefaultBuilder static method. 
5. That creates object of WebHostBuilder setup it and run it.
   
   
   
   
   
• Created object 'builder' of WebHostbuilder
• UseKestral(): Tells builder to use Kestrel.
  Kestrel is embedded internal server that host application and communicate (Request/Response) with external web server like IIS.
• UseIISIntegration():  Tells to use IIS and communication between IIS and Kestrel.
• UseContentRoot: Access project directory
• ConfigureAppConfiguration: Loads appSettings.json file contains settings
• ConfigureLogging: Configures logging in console window and debug window including in libraries used.
• UseDefaultServiceProvider: Tells builder to use asp.net core's internal dependency injection container. 
• ConfigureServices: Used to add types to the internal dependency injection container. Adding type Kestrel that is used.
• Returns object of WebHostbuilder
6. Object of WebHostBuilder configured to use Startup class.
7. Startup Class: Contains 2 methods
• ConfigureServices: Used to register services in Ioc container
• Configure: Used to configure Request/Response pipeline

           public class Startup   

           {  

                  public void Configure(IApplicationBuilder app)  

                  {  

                     //Register types (services) to use in application

                  }  

                  public void ConfigureServices(IServiceCollection services)  

                 {  

                     //Configure how to handle http request 

                  }       

           }

.Net Core | Installation

Installation
Visual studio installation does not includes .Net Core, you need to download and install it from
https://www.dot.net

Templates available in Visual Studio for

1. API
2. Console App
3. ASP.Net Core web application  
4. ASP.Net Core web application(MVC)
5. Angular
6. React.js

Project file structure (.csproj or .vbproj)

1. Includes wwwroot folder.
• Only wwwroot folder is accessible from browser
• Nothing is accessible by default 
• Only files accessible included in white list
2. Solution explorer directly maps local stored drive location. It means adding any file on hard drive shown directly in solution explorer.
3. Includes .Net core framework version
4. Includes Package/library references 

Meta Package 

1. It includes every thing required in ASP.net core and Entity Framework.
2. It also include internal and external dependencies

Software Configuration Management Plan (SCMP)

Configuration Items

Configuration Items	Description
Phase - Initiation & Planning
Project Charter	Describes the scope, objectives, and participants in a project
Project Plan	Describes the project plan, initially defined scope of project and determined appropriate methods to complete the project.
Software Configuration Management Plan	SCM is a part of quality control of a project. Defines how source code & builds will be managed. Without this managers have little or no control over the products being produced. Ex. What there status is? Where they are in production life cycle? Whether they can change? What is the latest version?
Configuration Management Checklist	Checklist for SCMP, Checks for SCMP is followed in the project properly
Phase - Requirements
Requirements Specification (BRS)	Describes business requirement specification
Capacity, Infrastructure & Hosting Planning	Describes planning for system capacity, required infrastructure and hosting options
Change Request Log	A change log is a record of requests for change (RFCs) submitted for all changes in the product
Traceability Matrix	A traceability matrix is a document, usually in the form of a table that correlates any two base-lined documents that require a many-to-many relationship to determine the completeness of the relationship. Used to check & see whether system requirements met or not. In other words this matrix covers mapping of high level requirements with test cases to ensure that all test cases covered so that no functionality will be missed during testing.
Phase - Design
Functional & System Design (SRS)	Describes system requirement specifications
Test Plan	Describes planning for testing
Conversion/Migration Plan	Describes migration plan
Test Cases	List of test cases. A test case is a set of condition in which a tester determine whether a functionality of system is working as it was designed
Taxonomy Review Checklist	Checklist for taxonomy review
Code Review Checklist	Checklist for code review
Coding Standards	Documentation of coding standards
Test Plan Review Checklist	Checklist to verify test plan. Verify prepared test cases following standards like well-defined scope entry and exit points etc.
Module Dependency Matrix	Describes dependency of system modules on each other
Security Plan	Describe planning to implement system security. Define which security items has to be implement and how to implement them
Maintenance Plan	Describe maintenance plan
Phase - Development & Test
Coding (Ex. C#/JAVA)	Computer language coding
Database and database objects Creation	Database and objects like tables, functions, stored procedures creation
Unit Test Cases Preparation	Describe unit test cases preparation
Unit Test Cases Report	Describes unit test cases execution report
Installation Plan	System installation plan on deployment environment
Handover Training Plan	Describes plan for system handover to client
Change Request (CR)	Change request form
Software Readiness Checklist	Checklist to verify software readiness
Release Notes Internal	Release note for internal releases
Bug documentation	Describes analysis, cause and solution for specific bug
Deployment Checklist	Checklist to verify system installation / deployment
Phase 6 – Implementation
Software Release Audit Checklist	Establishes overall criteria for evaluating software quality, customer, deployment, compliance, operations, security, and support readiness
Release Notes External	Release note for external releases
Post Implementation Evaluation Report	Describes the successes and failures of the project. It provides a historical record of the planned and actual budget and schedules
User Manual	Guide for system users to describe how to use the system
Meetings Record (All stages)	Record of MOMs for all meetings in project lifecycle
Stage Exit Approvals (All stages)	Record of approvals from concerned authority on completion of every stage