Loading stylesheets asynchronously using a TagHelper in ASP.NET Core

In a previous post, I've talked about inlining a CSS file in the html page. In term of performance, this is important to inline the critical CSS. However, the rest of the styles of the page doesn't need to be downloaded immediately. For script elements, you can simply add the attribute async to instruct the browser to load the resource asynchronously. For stylesheets, there is no equivalent. You have to… [read more]

Inlining a Stylesheet, a JavaScript, or an image file using a TagHelper in ASP.NET Core

In the previous post, I've written about inlining a Stylesheet file in the page. This allow you to reduce the number of requests required to load the page, and so to reduce the loading time of the page. The TagHelper automatically replace the tag by the content of the file at runtime, so the html document stays clean in the source code. In this post, we'll create new Tag Helpers to be able to inline CSS,… [read more]

Inlining a stylesheet using a TagHelper in ASP.NET Core

When you have a very tiny stylesheet, it may be more performant to inline it directly in the page. Indeed, it will avoid one network call, and the layout may be blocked until the browser get the response of this call. If the stylesheet is very small you may not care about caching the file on the client. For instance, on this website, the main stylesheet is 2kB large, and the full page with the inlined… [read more]

JWT authentication with ASP.NET Core

In a previous post, I've written about using cookie authentication for an ASP.NET Core web site. Authenticating user by using a cookie is common for a web site. However, for an API, it's more common to use a token for authentication. Json Web Token (JWT) is a way to create and validate a token. In this post, we'll see how to use JWT with ASP.NET Core to authenticate the users. While the client can be any… [read more]

Filter Application Insights events in ASP.NET Core

Application Insights ingests lots of data: requests, traces, events, metrics, etc. If your web site has lots of users, the amount of data can be huge. This mean you pay for this data. While Application Insights is cheap, you may want to reduce the bill. One way is to sample the data. In short, you send only xx% of the events. This is the simplest solution. The other solution is to filter low value events… [read more]

Testing an ASP.NET Core application using TestServer

When Microsoft has designed ASP.NET Core, testing was clearly part of the design. Using dependency injection, you can unit test your middlewares and controllers. But you can also use the TestServer to make integration tests. This means you can test your full web application without an IIS server or any external thing. It's a fully in process server. A simple example will be much clearer. Let's use the… [read more]

Validating user with cookie authentication in ASP.NET Core 2

In a previous post, I wrote about the cookie authentication in ASP.NET Core 2. The cookie authentication does 2 things: Write a cookie with encrypted data when the user logs in Read the cookie, decrypt it, and set the request identity (Request.User.Identity) When it read the cookie and set the identity, it doesn't check the user actually exists. For instance, John logs in on browser A, then, he deletes… [read more]

Use brotli compression with ASP.NET Core

Brotli is a compression algorithm. In general, it provides better compression results than gzip. For instance, the size of the default page of an ASP.NET Core project using gzip is 1797 bytes, and using Brotli, it's only 1333 bytes. So it's a 25% reduction! You can use Brotli with most of the major browsers (source): So, it's time to support Brotli in addition to gzip! I've already written about the gzip… [read more]

Cookie authentication in ASP.NET Core 2 without ASP.NET Identity

The default ASP.NET Core 2 web template provides lots of code to authenticate users. My screen is not big enough to display all the files in the solution explorer. The template offers lots of functionalities: users can log in using username/password or using an external provider such as Google or Microsoft. You can use two-factor authentication. And so on. You can rely on this code and use it as is. Or,… [read more]