Website performance: How I've improved the performance of this website?

  • Web
In the previous post, I wrote about why performance is important and how to measure it for your website. In this post, I'll talk about what the different things I've made on this website to improve the performance. Some of the optimizations are just some configuration flags to turn on, others require more changes in your code. Enable HTTP/2 HTTP/2 is an evolution of HTTP/1 which comes with new features to…[read more]

How to avoid storing secrets in the source code?

  • .NET
  • Security
There are lots of example of projects which contains secrets in the source code. A secret can be a password, a server configuration, tokens to connect to a server, a certificate, etc. You can search for "Remove password" on GitHub to find more than 400k commits. These secrets may be used for deploying the application or connecting to an external service. Note: If you discover a password in your code,…[read more]

Implementing Two-factor authentication in an ASP.NET Core application

  • .NET
  • Security
There are 3 common ways to authenticate someone: Something you know, such as a login/password or security questions Something you have, such as a smart card, a cell phone, an ID, etc. Something you are, such as a fingerprint or other biometric methods In the previous posts, I've written a lot about authentication using passwords (Something you know). If you want to add more security, you must ask for a…[read more]

Automatically log in a user on a website using the Credential Management API?

  • .NET
  • Security
  • Web
Many websites require users to log in to access their resources. From a user point of view, the login process can be complicated, and it's even more complex when there are multiple ways to authenticate: login/password or using a social provider (Microsoft, Google, Facebook, etc.). For instance, some users enter their Google credentials in the Username/Password form instead of clicking the Google button,…[read more]