You sometimes close a document by error in Visual Studio. Instead of searching it in the solution explorer, you can reopen it very quickly. Press CTRL+T, R (CTRL+T then R) and select the file you want to reopen: You can select the file you want using the keyboard (Up or Down) and press Enter.[read more]

Many companies run their own certificate authority (CA). While this is very convenient for a company as they can generate certificates on demand, it means that every software that make a call to a https internal service must be aware of the internal root certificate. On Windows, you can add the root certificate to the Certificate Store using a GPO so it's very easy. Other mechanism could be used on other…[read more]

It's sometimes useful to copy multiple things to the clipboard and paste them later. However the clipboard can only contain 1 thing at a time. Visual Studio comes with a clipboard history which contains the 20 last items you copied to the clipboard. To use it, press CTRL + SHIFT + V: This is also available from the menu: The clipboard history was introduced in Visual Studio 2003. At this time, it was…[read more]

In .NET, strings are immutable. Each operation that appears to modify a string object actually creates a new string. When you are using a loop to concatenate a random number of strings, you should use a StringBuilder to improve the performance.StringBuilder represents a mutable string of characters. So, you can modify it without allocating. I sometimes see some bad usages of the StringBuilder which may…[read more]

In the previous post, I wrote about why performance is important and how to measure it for your website. In this post, I'll talk about what the different things I've made on this website to improve the performance. Some of the optimizations are just some configuration flags to turn on, others require more changes in your code. Enable HTTP/2 HTTP/2 is an evolution of HTTP/1 which comes with new features to…[read more]

Why performance matters? 💰 Better user experience means better conversion rate Users don't like to wait. If your page is too long to load, they may choose to leave, and go to another website. It's even more true on mobile where the connection is often slower than on computer. Some studies show that 46% of users will not return to a poorly optimized site (source), and 53% of mobile site visits leave a…[read more]

Major actors are pushing for passwordless authentication in supporting FIDO2. Web browsers starts supporting WebAuthn, an API to support device authentication. Instead of using a username/password, you just need to connect a device such as a YubiKey. However, this authentication method is not very popular at the moment. So, you still have to deal with passwords for at least a few years 😦 And good…[read more]

There are lots of example of projects which contains secrets in the source code. A secret can be a password, a server configuration, tokens to connect to a server, a certificate, etc. You can search for "Remove password" on GitHub to find more than 400k commits. These secrets may be used for deploying the application or connecting to an external service. Note: If you discover a password in your code,…[read more]

There are 3 common ways to authenticate someone: Something you know, such as a login/password or security questions Something you have, such as a smart card, a cell phone, an ID, etc. Something you are, such as a fingerprint or other biometric methods In the previous posts, I've written a lot about authentication using passwords (Something you know). If you want to add more security, you must ask for a…[read more]

Many websites require users to log in to access their resources. From a user point of view, the login process can be complicated, and it's even more complex when there are multiple ways to authenticate: login/password or using a social provider (Microsoft, Google, Facebook, etc.). For instance, some users enter their Google credentials in the Username/Password form instead of clicking the Google button,…[read more]