Recent Comments

Rick Strahl

re: Going Big: 40 Glorious inches of 4k with the Philips BDM4065UC

@Ed - yes running inside of a VM will affect font sharpness drastically. If you're using Parallels playing with the varying scaling options can improve sharpness. I run my MBP mostly using Bootstrap in native Windows and sharpness is great at native 100% resolution.

Ed Spencer

re: Going Big: 40 Glorious inches of 4k with the Philips BDM4065UC

Looks great - I did notice you're running a Mac Book though. I'm interested that you didn't have any problems with sharpness. I had problems on my Mac Book's second output in Windows (fonts didn't look as sharp), but your post got me thinking that it could be down to one of the following:

1. That I was running Windows inside of virtualization software on the Mac instead of natively
2. DPI scaling not being great as the second monitor was a "standard" dpi monitor. The Philips screen you've got will be high DPI

Sounds like I need to experiment with a few things


re: Publishing and Running ASP.NET Core Applications with IIS

Thank goodness, it was a Pebkac issue.

At some point, they went from publishOptions exclude to publishOptions include, and I horked it up.

Once I figured out that it was serving static files, it became easier to track down.

Whew. I am always satisfied when it is idiot developer issue and not something more serious.


re: Web Browser Control – Specifying the IE Version

We're using this old hulking C++ MFC application and, you guessed it, the ActiveX WebControl stuck in IE 7 Land. We absolutely do not want to rely on HKLM keys though for server installation reasons where we'd then have to involve IT departments, explain ourselves as they look at us sternly, etc.

So I just added the infamous
<meta http-equiv="X-UA-Compatible" content="IE=9" >

... and I got out of IE 7 Land. :) No HKLM key necessary here at least.

August 22, 2016

re: Using .NET HttpClient to capture partial Responses

I would imagine this behaviour will be due to the TCP window all the way down at the network layer. Part of the TCP networking code involves having a "window" of packets that get sent by the server before the client acknowledges the packets. The server will send these packets before you read any data from the socket, but will stop if you close the connection.

Using the range requests is the correct solution, as this will stop the server from sending any data that you don't want. If the server does not support range requests, you would need to look at ways to reduce the TCP window if you want to stop the server from sending too many packets before you have a chance to close the socket. I'm not sure if this is even possible through any of the .Net HTTP client libraries.

Also note that based on the wireshark traces, you will receive data 1514 bytes at a time, of which 1460 bytes will be payload data (there are 14 bytes ethernet header + 20 bytes IP + 20 bytes TCP). This means that for larger web pages you will receive data in 1514 byte chunks, and cannot receive only 1000 bytes for example.

If you are waiting to read any part of the HTML, you will need to receive enough packets for all the HTTP headers plus any HTML content that you want to read.

Scott Addie
August 22, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

@Rick - I'm looking to do the same thing as @jdan, mostly because my client isn't ready for .NET Core yet. The only difference is that this will be deployed either on-prem or in Azure. Any reasons in particular why you'd recommend sticking with standard ASP.NET when targeting .NET Framework? Just want to make sure there's not something I'm unaware of before I go too far down the "ASP.NET Core with .NET Framework" path.

August 22, 2016

re: Publishing and Running ASP.NET Core Applications with IIS


I totally agree it should work.

I'm guessing my scenario is one that is going to be pretty common. I have a dependency that cannot as of yet be recompiled under .NET Core, so I have an otherwise 'pure' Asp.NET Core using all its shiny new features, but I have to target 461 until the dependency can be updated.

Trying various build options to see if that works.....

August 21, 2016

re: Rendering ASP.NET MVC Razor Views outside of MVC revisited

Hi Dear Rick,

Thanks for your excellent work!


HOW TO USE CreateController<T> by sending controller string name instead controller type name
like this:
CreateController<HomeController> to CreateController("HomeController")

Rick Strahl
August 21, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

@Brian - Yeah the post was originally written for RC2 and then updated for RTM so I think the emitEntryPoint setting got added to the default template properly.

@jdan - Yes I haven't tried targeting net461 so not sure how that would work, although that's definitely a scenario that should work. Personally I think if you are targetting 461 you're better off just creating a standard ASP.NET app rather than a core app, but regardless this should work. I can't check this right now as I'm out travelling, but maybe somebody else can confirm that they got running net461 working under IIS.

Re: IIS Express - you can enable remote access with IIS Express by opening up the ports you can use 'netsh add urlacl url=http://*:23434/ user=username listen=yes'. Not automatic for sure, but it works.

August 19, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

I just spent hours/days trying to work with this and the docs (which I don't think are anywhere near as good as you suggest, but there you go), cursing all the while, wondering why this didn't work when I realized I was under a slightly different scenario:

I am creating an ASP.NET core app, but have to 'target' (not sure that's the right terminology here) net461 as the framework.

This creates an exe, not a dll, just for one obvious difference, but ultimately, the main difference is that I just don't think this scenario works yet. I can get a site deployed locally, but it just doesn't work (stdout tells me there's something running at a local port that is being fronted by IIS) but the site doesn't produce any output. No errors, just doesn't work.

BTW, I completely disagree about not being able to run under IIS for development. There are SO many differences running under IIS Express, the very least of which is, say, trying to browse from another machine to your dev box to test different scenarios (like, say, hitting it with a real mobile device instead of emulation). But that's another topic.

August 18, 2016

re: Strongly Typed Configuration Settings in ASP.NET Core

Hi @Guiseppe,

You can load it in to the configuration class like so:

var config = new Settings();

I use this approach to inject the configuration class directly in to my IOC container in order to avoid the IOptions<> cruft

Brian Edwards
August 18, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

Hi Rick,

This is great. My web site when created had "emitEntryPoint": true in build options and was creating an .Exe by default. When I deployed it to IIS it worked fine. I wanted to change it to a DLL so I don't have to recycle the app pool every time I publish. I made the changes to web.config to processPath="dotnet" arguments="websitename.dll" (previously processPath was the .exe and arguments was empty). But now I get HTTP Error 502.5 - Process Failure and in the event log it just has:
Failed to start process with commandline '"dotnet" websitename.dll', ErrorCode = '0x80004005'.

Any other steps you are aware of to fix that, it seems Visual Studio defaults has emitEntryPoint: true when it creates a web site.


Brian Edwards

Uli Weltersbach
August 17, 2016

re: Strongly Typed Configuration Settings in ASP.NET Core

Hi Rick,

I'm having the same issue as Raman:
The namespace "Microsoft.Extensions.Options.ConfigurationExtensions" doesn't exist in Core 1.0.0 and hence there's no method signature that allows me to call "services.Configure<MySettings>(Configuration.GetSection("MySettings"));"
Could you explain exactly which package you get "Microsoft.Extensions.Options.ConfigurationExtensions" and the extension method from?
Is it really still the same (I just recently upgraded to Core 1.0.0 so I might be missing something)?

// Uli

August 17, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

Great articles, that's the approach I was looking for...very very good stuff :)

Thanks Rick

August 15, 2016

re: ASP.NET Core and .NET Core Overview

I am loving where dotnet core is going - stripping back dotnet and making a clean lean version of it.

But whats up with the project files?
is MS backing up and reverting to csproj files or staying the xproj course? - is the framework all changing again come core 1.x ?
the dot net core message seems to be very confused.

The lack of basic support and functionality for what is branded as a 1.0 release is very disconcerting.
So many people are having problems getting core to work meqaningfully is very little solutions beingf offered.
The biggest of all of them is an example that works with asp dotnet core and dotnet 4.5 libraries.

This is a basic necesity for me (or anyone else?) to do anything more than glorified hello world.

*hopping down off my soap box*

that said if anyone can point me to an example of how to use asp dotnet core with libraries and same solution projects that does not require an ugly hack,.. Please please! ;)

All of these future plans are great but if noone uses it, it looses mindshare along with relevence. :(

August 14, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

This is an awesome article.

While I rather dislike the design/layout/color of the website, I love your articles a lot.

They provide me in-depth information with a very good context, even if I have few background information of a topic. After reading your articles, I do _have_ good knowledge :-)

August 11, 2016

re: Windows 10 Bash Shell Network Connectivity not working?

I am not surprised by the permission issue when attempting to ping. I had the same thing happen with Cygwin and for the same reason. As Ben indicated, the solution is to run the shell as administrator.

August 11, 2016

re: Accepting Raw Request Body Content with ASP.NET Web API

Thanks for your blogs - always like reading yours Rick.

I may have misread and I realise this is from 2013 and WebApi has come on since then, but I landed here because I'm trying to not only capture the raw request payload (for logging purposes) but I want to do that transparently to the rest of the pipeline so that I still make use of model binding.

What I suspect I'll end up doing is hooking into the default binder implementation and extend / override it but ignoring my particular model binding requirement, I was able to get at the raw http request by using the following signature:

public void FooEvent(HttpRequestMessage request)

Then I just call the ReadAsStringAsync() method on the request.Content property.

string requestContent = request.Content.ReadAsStringAsync().Result;

(Yes I know I'm blocking :) )

I'm actually posting XML to this endpoint but you can post anything you want.

At first glance that appears to be what you're doing here but as I say I may have misread and that was a comparatively long time ago :) I also think your custom attribute is more elegant and expressive.

My sample is from an OWIN-hosted WebApi so not sure if the objects are the same as your article - the HttpRequestMessage object is in the System.Net.Http namespace.

Good stuff!

Rick Strahl
August 11, 2016

re: Moving to Lets Encrypt SSL Certificates

Once port 443 has a cert on it I think you can specify an https url. But you have to effectively re-register the site to make that work. I haven't tried that but that should also work.

August 10, 2016

re: Moving to Lets Encrypt SSL Certificates

Maybe just block all ip addresses on port 80 except for Lets Encrypt (if they have a static ip address)

August 10, 2016

re: Moving to Lets Encrypt SSL Certificates


Currently for security reasons I really only want port 443 open for my website. So every time I want to renew this cert I guess I would need to open port 80 temporarily so the challenge path/file could be found?

If I did leave port 80 open so that I could script some type of renewal process how would that even be secure then? I wouldn't want users trying to login on the http part of the site.



August 08, 2016

re: .NET HTML Sanitation for rich HTML Input

I really liked your approach but opted for a white list approach. In addition I wanted to ensure that my application ended up with a well known subset of HTML5 while at the same time being flexible with input. A 'b' tag should for example become a 'strong' tag. Enforcing attribute values like rel="nofollow" is included as well.

Thanks for providing the original inspiration on the approach of sanitizing an HTML document!

August 04, 2016

re: Web Browser Control – Specifying the IE Version

This article was a life saver to me. I was getting a page for upgrade my browser (gmail OAuth2) using Asbjorn Heid's IndySASLOAuth2 authenticator for Indy (Delphi). Because Google doesn't accept IE7 for the authorization page anymore. The registry hack worked wonderfully. I'm adding the required keys/values using tRegistry on Delphi. Thank you very much!!!

August 04, 2016

re: Publishing and Running ASP.NET Core Applications with IIS


I deployed my app inside a new web site right under the "sites" folder in IIS. There is no virtual folder and as far as I can tell there is no parent site.

My web.config is actually quite simple

<?xml version="1.0" encoding="utf-8"?>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
    <aspNetCore processPath="dotnet" arguments=".\aspnetcoreapp.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" />

What's weird is that I just tried the same setup on another machine and it works.

Rick Strahl
August 04, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

@Jandle - either you have an ASP.NET setting in your Web.config for the application, or - more likely - you're using a virtual directory and that virtual is inheriting settings from the parent site. You might try this again with a top level site and see if that changes the behavior.

Jandler Mayer
August 04, 2016

re: Publishing and Running ASP.NET Core Applications with IIS

Hello Rick,

Thanks for the article. It was very informative on the inner working on IIS.

I followed it to deploy my very basic site created by following the two links (, but I ran into a prickle.

It seems when I set my application pool to No Managed Code / Integrated, I keep getting

"HTTP Error 500.24 - Internal Server Error

An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode."

If I change it to .NET 4 / Integrated, it works.
If I change it to No Managed/Classic, it works also.

Do you have an idea on how to debug this situation? I do see the dotnet.exe running my dll.

Rick Strahl
August 04, 2016

re: Upgrading to ASP.NET Core RTM from RC2

@BillyJoe - you can download those from the site... The SDK (ie. the tooling and CLI) are in Preview. The actual runtimes are RTM. But they are separate installs. Install the runtimes first, then the SDK.

August 03, 2016

re: Upgrading to ASP.NET Core RTM from RC2

so where the heck can I download the following?
•.NET Core 1.0 Runtime
•.NET Core 1.0 Runtime SDKs

is there a straightforward link to the RTM release?
but only found
from where downloaded file DotNetCore.1.0.0-SDK.Preview2-x64.exe

I really don't like the word Preview2 in the file name, it doesn't look like an RTM release at all.

August 03, 2016

re: Windows 10 Bash Shell Network Connectivity not working?


About the ping command and this message :

root@localhost:~# ping
ping: icmp open socket: Socket type not supported

I had this :

root@MY-PC:~$ ping
ping: icmp open socket: Permission denied

I solved this problem by starting the shell application as administrator. I think that this shell and the root one do not and/or can not have the full power on the computer.

July 31, 2016

re: Strongly Typed Configuration Settings in ASP.NET Core

Hi Rick

Thanks for all these articles, really useful.

Re: the strongly typed object ("MySettings" in your example above) and it not updating automatically....

I have done a couple of quick tests in the Azure App Service. In the Azure Portal under application settings I added the setting key (e.g. MySettings:ApplicationName in your example). When the settings are saved in the portal, it appears that the application is restarted. Therefore, both mechanisms for getting the setting values (i.e. strongly typed object and string config) will give the updated values.


July 28, 2016

re: Creating a dynamic, extensible C# Expando Object


Very nice post, very helpful. Have one question , In place of PropertyBag what else we can use (which is inbuilt). I don't want to create new class Property bag which create Xml serialization file.


July 27, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

Really great article! This helped me understand the basics. I've also read the previous "ASP.NET and .NET Core Overview" post.
Like you I'm not a Command-Line fanatic, I'd rather stick to VS, but I like to know what's happening behind the scenes.
With classic .NET, I've always had a pretty good idea and feeling what was happening when I developed an application.

This article now helps me understand more what happens when I create a new (ASP).NET Core project in VS.

Rick Strahl
July 25, 2016

re: Using CSS Transitions to SlideUp and SlideDown

@Tim - DOM changes inside of a function aren't applied visually until the function finishes execution. In this case changing the value is done so the element is in the proper state, but the change never is applied to the visual tree that actually displays in the browser. The end result is that the effect is never displayed.

This is quirky behavior and one of the reasons why setTimeout() is needed in many cases in JavaScript - setTimeout() delays ensure that the previous changes have been applied to the visual tree before executing subsquent command in the setTimeout() function which runs in a new execution window and DOM update cycle.

July 25, 2016

re: Using CSS Transitions to SlideUp and SlideDown

In the second example when the max height is set via jquery, any ideas why temporarily setting the height to none doesn't momentarily show on the element before being set back to 0?

Rick Strahl
July 23, 2016

re: <main> HTML5 Tag not working in Internet Explorer 9/10/11

@Henrik - it can be forgiven for IE 9, but not for IE 10 and 11 which claim to be HTML 5 compliant where those tags are not 'unknown' tags - these are bonefide HTML elements.

And again it doesn't really matter that IE might interpret the spec differently - the fact remains every other vendor got this right EXCEPT for IE which is enough reason IMHO that it should work the same especially given that IE has always been lagging the standards behind other browsers so the implmentation has been well known beforehand.

July 22, 2016

re: Using Let's Encrypt with IIS on Windows

LetsEncrypt-Win-Simple also includes an interface to renew all certificates easily. You can run:

LetsEncrypt --renew
and it checks all sites it's managing for expiration dates and if expired (or on the day of expiration) it automatically renews and replaces the old cert with a new one. Nice!

The utility also creates a scheduled task that runs this command once a day and fires update requests. Note you might have to tweak the task User Identity settings as described here to ensure that the user is logged on properly when running the scheduled task.

The problem is I cannot find any LetsEncrypt scheduled task, should I create one, and which application should I choose?

Henrik Vendelbo
July 21, 2016

re: <main> HTML5 Tag not working in Internet Explorer 9/10/11

This is correct behaviour. Unknown tags are treated as inline. It is a sensible default. The main tag is a recent addition so you should forgive IE for not knowing it. You should have this in your reset stylesheet;

* Add the correct display in IE 9-.
* 1. Add the correct display in IE.

main { /* 1 */
display: block;

- ref: normalize.css

July 21, 2016

re: Upgrading to ASP.NET Core RTM from RC2

the camel case thing is a big facepalm, think it was a decision that was not made based on logic, but rather on "coolness"
if you look here
the main argument for the change is the current Date
also given the amount likes, it shows why democracy doesn't work :D

Rick Strahl
July 19, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

@Chris - the second commented call was meant to demonstrate that you can serve Razor pages from any location in your wwwroot application. So ~/helloworld.cshtml can sit in the /wwwroot folder of your project and get served. Note that this only works if the Content Root is set in program.cs (which is why I was originally experimenting with this code as it wasn't working withtout the content root set).

Chris Harrington
July 19, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

Hi Rich,
I see this code in controller
return View("helloworld");
//return View("~/helloworld.cshtml");
but nothing in your article explaining that second commented-out call.
I wasn't able to get either one to generate output.

Could you also elaborate on : "ASP.NET Core MVC uses standard View discovery logic by default, so it’s looking in the /Views/Helloworld folder for a HelloworldMvc.cshtml view. " I'm assuming that you didn't demonstrate this in your code. But again, I couldn't get any of the views to render.

July 19, 2016

re: JavaScript JSON Date Parsing and real Dates

Thanks for this informative post. Currently I am working on an application and I need to pass Java 8 LocalDate from MVC controller to Ajax response in Jquery Data tables. I did not find anything to deserialize Localdate JSON string back to LocalDate in UI. So I manually had to append year, month and day to build date.
Is there a better way to handle Localdates in such siituation.

Please let e know, I will get rid of messy code in JS file I wrote. Below is my sample code columnDef column

columnDefs : [ {
targets : [ 6 ],
render : function(data, type, row) {
/* var json = JSON.stringify(data);
var date = JSON.parse(json);
console.log("json: " + json + "date : " + data); */
var month = data.month;
var day =;
return data.year+"-"+month+"-"+day;

July 19, 2016

re: .NET WebRequest.PreAuthenticate – not quite what it sounds like

Nice Article! Got more information on why there are two requests?

Is there a way to reset NTLM credentials and force to fall over? I tried but somehow its always sending the credentials. I am not sure is it default cached.

Explained the issue at

July 19, 2016

re: Updated DeleteFiles Utility now on Chocolatey

Is there a limit to the -d parameter? I am trying over 800 days and it isn't deleting those files.

Tomas Axelsson
July 18, 2016

re: ASP.NET Routing not working on IIS 7.0

I had this problem as well... I used the standard web project in VS 2015.
Thanks a lot you saved me many hours by your great blog post!

Rick Strahl
July 17, 2016

re: Rendering ASP.NET MVC Views to String

@Travis - Razor encodes all expressions by default. If you want raw HTML strings you have the use the @Html.Raw(yourExpression) to get the raw unexpanded text to be rendered.

July 16, 2016

re: Rendering ASP.NET MVC Views to String

Hi Rick.

Thanks for this Class. Just a quick question:

I have a 'Basic' view template (using Razor) for a basic email. It contains a bit of html jazz an then @Model.EmailMessage (to substitute my message). I then populate like so:

var EmailModel = new BasicEmailViewModel()
    EmailMessage = "(Message from: " + model.Name + ")<br><br>" + model.Message
string messageBody = ViewRenderer.RenderView("~/Views/Emails/Basic.cshtml", EmailModel);

It works great. However the "<br><br>" tags display in the email as "<br><br>" instead of 2 line spaces. It's as if they are being HTML encoded. Is there any way to add some basic HTML formatting like this and not encode it when I render the view?

Hope this makes sense! Thanks!

July 16, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

@Rick - Thanks for the quick reply Rick. Indeed .net apps always run out of the current folder. Got a bit confused due to the problem that appsettings.json was not found. This project originally was created with RC1, migrated to to RC2 and then to RTM. I ran another project that was created fresh with RTM and it is worked fine. I compared all the configuration files and found everything same but still the first app did not work. I then opened the xproj file and replaced all "dnx" lines with "dotnet" ones copied for the new project and it all started working. Will dig more into it later.
Just mentioned it here so that someone else could save his/her time :)

Rick Strahl
July 16, 2016

re: Hosting SignalR under SSL/https

@Junaid - if you create a self-signed certificate that certificate is valid only on the machine that you created it on - unless you register that certificate on other machines. You can do that by installing the certificate on remote machines as shown in the Copy Certificate to Trusted Root section in the post above. You can do the same on other machines that you want to trust.

If you want a certificate that 'just works' on machines then you have to use a certificate authority signed certificate from a full CA. These days you can use Lets Encrypt to create these certificates for IIS and then use them in your SignalR appplications. For more info see:




Rick Strahl
July 16, 2016

re: First Steps: Exploring .NET Core and ASP.NET Core

@Ammar - .NET Core Apps run out of the current folder that they are launched from, which is the same way .NET applications (and any Windows application for that matter) have always worked. If you want a different path and you want to control the path then you have to change path to that location. Path.SetPath() should work, along with looking at the executing assembly. .UseContentRoot() simply sets the path you provide it which in your code is the startup folder where you launched from.

Rick Strahl
July 16, 2016

re: Moving to Lets Encrypt SSL Certificates

@GFW - I ended up with Certify because there's nothing to set up or configure and to be honest I like to run a GUI where I can easily see what's set up. However, Win-Simple works just fine as well, and is also very easy to start with, but it's not quite as easy to see what's set up and configured. Last I looked too it wasn't very clear how to remove sites or force an immediate renew. That may have changed by now though.

Basically it comes down what you prefer: Command line tooling or something a little more visual that you can use interactively.