JWT authentication with ASP.NET Core

In a previous post, I've written about using cookie authentication for an ASP.NET Core web site. Authenticating user by using a cookie is common for a web site. However, for an API, it's more common to use a token for authentication. Json Web Token (JWT) is a way to create and validate a token. In this post, we'll see how to use JWT with ASP.NET Core to authenticate the users. While the client can be any… [read more]

Filter Application Insights events in ASP.NET Core

Application Insights ingests lots of data: requests, traces, events, metrics, etc. If your web site has lots of users, the amount of data can be huge. This mean you pay for this data. While Application Insights is cheap, you may want to reduce the bill. One way is to sample the data. In short, you send only xx% of the events. This is the simplest solution. The other solution is to filter low value events… [read more]

Testing an ASP.NET Core application using TestServer

When Microsoft has designed ASP.NET Core, testing was clearly part of the design. Using dependency injection, you can unit test your middlewares and controllers. But you can also use the TestServer to make integration tests. This means you can test your full web application without an IIS server or any external thing. It's a fully in process server. A simple example will be much clearer. Let's use the… [read more]

Validating user with cookie authentication in ASP.NET Core 2

In a previous post, I wrote about the cookie authentication in ASP.NET Core 2. The cookie authentication does 2 things: Write a cookie with encrypted data when the user logs in Read the cookie, decrypt it, and set the request identity (Request.User.Identity) When it read the cookie and set the identity, it doesn't check the user actually exists. For instance, John logs in on browser A, then, he deletes… [read more]

Use brotli compression with ASP.NET Core

Brotli is a compression algorithm. In general, it provides better compression results than gzip. For instance, the size of the default page of an ASP.NET Core project using gzip is 1797 bytes, and using Brotli, it's only 1333 bytes. So it's a 25% reduction! You can use Brotli with most of the major browsers (source): So, it's time to support Brotli in addition to gzip! I've already written about the gzip… [read more]

Cookie authentication in ASP.NET Core 2 without ASP.NET Identity

The default ASP.NET Core 2 web template provides lots of code to authenticate users. My screen is not big enough to display all the files in the solution explorer. The template offers lots of functionalities: users can log in using username/password or using an external provider such as Google or Microsoft. You can use two-factor authentication. And so on. You can rely on this code and use it as is. Or,… [read more]

Post-Redirect-Get and TempData with ASP.NET Core

The Post-Redirect-Get (PRG) pattern prevents duplicate form submissions when the user refresh the page. Here's the sequence diagram: As you can see, the server query the database twice to display the page to the user. This is inefficient, but how can you improve this? The time between the two requests is very short (about 1 second). So, maybe you can store the object in memory, and reuse it when the user… [read more]

ASP.NET Core - Precompiling razor views

Improving the startup time of your website is important. There are many reasons for a website to take times to get ready: loading lots of dll, loading data, compiling views, etc. In this post, I'll explain how to reduce the startup time by precompiling razor views. The view precompilation is a build step that generates a DLL from the cshtml. Instead of doing the view compilation at runtime the first time… [read more]

FileSystemWatcher intermittently throws an exception on Linux

In my quest of hosting my ASP.NET Core web sites on Linux, I encounter an intermittent exception: System.IO.IOException: The configured user limit (128) on the number of inotify instances has been reached. at System.IO.FileSystemWatcher.StartRaisingEvents() at System.IO.FileSystemWatcher.StartRaisingEventsIfNotDisposed() ... This exception occurs when I instanciate a FileSystemWatcher. To protect… [read more]