Hello Rick,

Firstly, a deep thank you for the valuable post (and all of your years long work and knowledge you shared here)!

I was not aware of the easy to pass parameters as Form data from an URL query string, really neat. What I am actually looking into is trying to send an email DTO from C# client to a C# .NET Core web api, i.e. an integration test for it.

Do you know what would be a good approach to pass form data + a file attachment? Is var content = new MultipartFormDataContent(); with new StringContent and ByteArrayContent a good approach? I am doing this with HttpClient. RestSharp lib is unfortunately a no go (not supported in TestServer.CreatClient() scenario for an integration test).

Thanks, V.

@maxime - no LetsEncrypt should work for all of them. But be aware that there are some same domain limits - you can only create so many same domain certificates in a given timeframe. Separate domains are not an issue though - you can do as many as you want. I suggest staggering the domains as much as possible (ie. don't do them all at once but space out over a few days). This will help spread the load over a wider block of time.

Thanks for your post, so interesting for me. I have approximately 100 sites hosted with my IIS windows machine.

I don't have anyone SSL at the moment because of the cost and the amount of work/management involve.

do you expect any problems using let's encrypt for all of them?

Great article! Thank you 😃

It would be interesting to see whether Razor Components (.razor files) work this way. I doubt they would, the RC/Blazor folks don't seem to be interested in runtime load/unload. For Blazor server-side apps I was able to get them working (including unloading) via AssemblyLoadContext and some probably-sketchy reflection against a private field, but it crashes the VS2019 debugger (stand-alone seems to run fine indefinitely). If anyone is interested I opened an issue with a repository link here, although I'm not expecting MS to care much about this edge-case, unless it happens to expose a bigger problem.

@RickTuttle - Yes it's possible to do this. In a way that's exactly what this is doing Except for the raw Code Loading and compilation. I suppose it's possible to walk the folder hierarchy and pick up any .cs files, and compile them all into an assembly that can then be loaded. For simple cases that'll likely just work, but there are a lot of details to attend to around all that. Roslyn compilation would make the compilation bit relatively easy.

I'll probably noodle with this when I have more time...

I normally don't reply to these posts but wanted to take a second to thank you. I've spent a couple days troubleshooting this but your solution fixed my issue almost four years after your initial post! Thank you!

Thanks for this post. I've always wanted to use ASP.NET/C# to do what some PHP frameworks do quite easily by adding plugins that are simply folders of code that are dynamically loaded. What do you think about using this method for being able to say, following a pre-defined folder convention, add .cshtml, .cs, .dlls, etc. to a folder that could then be loaded and compiled dynamically by the server to then extend functionality of a website? I've looked at things like MEF but way too complicated.

Hello!

I implemented using DynamicObject: https://github.com/arabasso/ComObject

LetsEncrypt-Win-Simple is now WinAcme which is the same tool just re-branded. I think you can just upgrade your older version to use the newer one and it'll pick up all your sites and continue to work with it - you'd just have to renew all your certificates.

I have used Win-Simple on my webserver for years, thanks to the article published here by you, Rick! Now there is an update for the software of my mail server (other machine) running "MDaemon" regarding Let'sEncrypt, the statement (below) has been made and I am now wondering, if something similar for the installation on my webserver, where I use the (Win-Simple method), could be relevant? Do I have to make changes in near furture?

<< The features for LetsEncrypt have been updated to use ACME v2. This update became necessary because LetsEncrypt will stop supporting ACME v1. To use LetsEncrypt, PowerShell 5.1 and the .NET Framework 4.7.2 are now required.

Very good explanation. When I tried InProcess or OutOfProcess I still get Kestrel only, no matter what I change in . Please help me.

@Daniel - Uhm - it's there. First C# code snippet.

I thought this post is about accessing configuration in tests but the quite important method TestHelper.GetApplicationConfiguration is not shown, no link to github repo anything

@Allan - you shouldn't need web.config customization any longer because web.config no longer stores application settings, but only the IIS startup/Kestrel load parameters, which realistically shouldn't change - heck you're unlikely to use IIS anywhere BUT production.

All the configuration data now goes into appsettings.json or environment variables (or command line) which are stacked on top of each other so that they override each other. I think the default order is:

• appsettings.json
• appsettings.development.json
• Environment variables
• Command Line Parms

The appsettings.development.json (or any other 'environment' that you specify) overrides the default settings and if you're not in development then it's simply not used. This provides pretty much the same functionality that web.config transforms provided with a more transparent mechanism that you can directly edit and modify IMHO.

No doubt though - ASP.NET Core requires a lot more knowledge about the platform than classic ASP.NET did, and there are a lot more things that have to be configured in obscure ways with Core. However, once set up I think that Core runs a lot smoother and feels a lot more consistent.

Thank you for this info. But unfortunately I'm using C++…

If you are using Win32 API directly, you can use the following Code (providing a big enough chunk)

PdhExpandCounterPath("\\Process(chrome*)\\ID Process", chunk, size);

Returned is a list of performance counter strings for all instances. These can be added with PdhAddCounter() and queried e.g. with PdhCollectQueryData(). Be aware that the strings ('Process' and 'ID Process') are language dependent.

Thanks for the post Rick, I really appreciate the level of detail you go into with your articles as well as the diagrams. It definitely helps to understand what's going on under the covers (sometimes feels like magic).

I'm enjoying asp.net core development although there are still some areas I don't quite understand when publishing / deploying to IIS like the web.config that we used to be able to use transforms on. I see we have appsettings.json now but it's a little confusing along with the ASPNETCORE_ENVIRONMENT variable I assume needs to be set.

Just wanted to comment on the usefulness of CORS. I understand why people feel frustrated when stumbling across it. Reading the specifications can make the whole design appear useless.

What we're really talking about with CORS is the same-origin policy. It's a client-side constraint. It protects innocent users from making requests to sites they don't intend to visit. CORS relaxes this restriction.

An example would be an XSS attack on a popular forum, say AcmeNerds. A hacker could post a comment to AcmeNerds that contains AJAX to call another site named UnfortunateVictim. As they browse AcmeNerds, users would be making many requests to UnfortunateVictim without even knowing, resulting in a DDOS attack whose source would be hard for admins of UnfortunateVictim to even track down the source. This type of attack is stopped by default in the browser by the same-origin restriction.

This also affects requests made using the user's browser, i.e. CSRF. When you set '*' as the allowed resource, you're telling all users that "yes, you can talk to me from any website including ones I DON'T administrate," which in fact is not secure at all.

Just extrapolate on the ever-growing compromised sites and their effect on unwittingly compromised users, and it should make sense that CORS will only become more important, not less, in the future.

@ruslan - the wwwroot folder and all the files in it by default are copied to the distribution folder unless you explicitly disabled this behavior in a Web project file. Look for a section in the .csproj file that references the wwwroot folder (if any) and make sure that's set to copied. Also if you're not <Project Sdk="Microsoft.NET.Sdk.Web"> then the defaults are different and the project is not a 'web' project and you have to then explicitly add the wwwroot to be copied.

Hello,

how can I copy asp.net core wwwroot folder to MyWebProject\bin\Debug\netcoreapp3.0. It's not copied to output directory.

@Peter - nothing has changed with this in Core 3.0 except there are a few additional methods on the configuration builder that allow more granular configuration.

As always, finding your notes here helps. Might be helpful to update article with current core 3 cors setup (assuming that also works with previous versions of core). Thanks

Hi,

Thank you for sharing this.

Seems like there is no DispatcherTimer in .NetCore, is there any alternative?

Hi. I am using Application_Error() function in Global.asax file in MVC app. All other errors are being handled by it. But if I give dot operator(.) or % operator in my URL, it gives 400 and 404 errors but doesnot go to Application_Error() method, but goes to some other error page. Can someone help me ?

@Ken - I would typically agree with you about "you probably shouldn't silently coerce types based on their content," except in this case we're talking about content that was originally "coerced" from a date to a string due to the lack of a literal date representation in JS. The only reason any "coercion" is needed at all is due to the serialization process encoding dates as strings. Considering how easy it is to detect valid date strings with a regex, I really don't think his approach is a particularly dangerous one, especially with try/catch blocks and fallbacks in place.

That being said, I do like your idea of putting a "toDate" method on the string prototype

@Rory - sure I understand that, now.

The confusing thing about it is that the behavior is different whether you log in explicitly via the browser login dialog, or whether you are automatically logged in via the auto-login dialog. In hindsight that too makes sense, but if you don't know from experience how AD/Windows accounts and Kerberos tickets are managed it's easy to - as I did - jump to a completely wrong conclusion and think auth is broken 😃.

I think that has always been the case for AD accounts - it's certainly typical when I have adjusted groups on people's accounts (to say, allow them access to a mapped network drive) they have to log out and back in for the new groups to apply (and gain access to resources). Same goes for NTFS permissions.

The group memberships go along with the Kerberos ticket that is made at logon time, so logging out and logging back in issues a new ticket with the up-to-date memberships.

Same as you would do with any other image. Animated gifs are just treated as images.

It works, it's just painfully slow due to the way Blazor recompiles. See Readme file for more info on how to get this to work, but frankly that's not a realistic scenario until Microsoft fixes how Blazor changes are applied. This is not something we can work around with this component unfortunately (nor is it designed to work with client side Blazor - that's just happens to be a side effect).

This technique doesn't seem to work for the Blazor WebAssembly experience.

How can I save an animated gif to the azure repository and render back the animated gif?

awesomium is becoming obsolete and cannot render the Google.com main page correctly. The typing cursor is located outside the screen control you are typing into.

I have to tell you Rick, this article was pure gold. I've been writing our site for awhile and I noticed my security was sending some information clear text. Well, I was going to go down the forms auth route, but saw that wasn't the standard. Thanks to you, this tutorial is a clear cut way to just use the authorization we need without all the bloat. ~Thanks much brother!

Hi Rick, Great post and well explained. I downloaded the sample source code from https://github.com/RickStrahl/AspetCoreIISInprocessHostingSample. Downloaded and installed West Wind Web Search. Ran the session, below is the output. Any reason why the requests/sec is so low. I am looking at this page https://websurge.west-wind.com/features.aspx under the "Command Line Operation" section the requests/sec starts well over 6K/sec. What could cause such low request/sec using the same code base and command?

c:\Program Files\West Wind WebSurge
λ websurgecli  http://localhost:5000/api/helloworldjson -t40 -s20

219 requests, 0 failed | 1 of 20 secs | 219 requests/sec
312 requests, 0 failed | 2 of 20 secs | 156 requests/sec
408 requests, 0 failed | 3 of 20 secs | 136 requests/sec
499 requests, 0 failed | 4 of 20 secs | 124 requests/sec
597 requests, 0 failed | 5 of 20 secs | 119 requests/sec
711 requests, 0 failed | 6 of 20 secs | 118 requests/sec
783 requests, 0 failed | 7 of 20 secs | 111 requests/sec
890 requests, 0 failed | 8 of 20 secs | 111 requests/sec
975 requests, 0 failed | 9 of 20 secs | 108 requests/sec
1,079 requests, 0 failed | 10 of 20 secs | 107 requests/sec
1,179 requests, 0 failed | 11 of 20 secs | 107 requests/sec
1,256 requests, 0 failed | 12 of 20 secs | 104 requests/sec
1,354 requests, 0 failed | 13 of 20 secs | 104 requests/sec
1,439 requests, 0 failed | 14 of 20 secs | 102 requests/sec
1,543 requests, 0 failed | 15 of 20 secs | 102 requests/sec
1,624 requests, 0 failed | 16 of 20 secs | 101 requests/sec
1,743 requests, 0 failed | 17 of 20 secs | 102 requests/sec
1,823 requests, 0 failed | 18 of 20 secs | 101 requests/sec
1,929 requests, 0 failed | 19 of 20 secs | 101 requests/sec
1,986 requests, 0 failed | 20 of 20 secs | 99 requests/sec
1,986 requests, 0 failed | 20 of 20 secs | 99 requests/sec

Summary:
--------
Url: http://localhost:5000/api/helloworldjson

Total Requests: 1,986

According to Process Monitor, the worker process itself opens the dotnet.exe, get some file attributes, and closes it. So, i guess that answers that: It just needs to be there for in-process hosting.

@Tharn - you can use <location> tags to isolate the settings reasonably well, but my guess is you'll have to explicitly remove all the keys that are problematic at the server root with <remove> attributes where possible.

Nice article, as always. I have a specific problem not covered here, nor in other articles I could find: We are developing a new ASP.NETCore app, and we need to deploy that one on a server running a very large legacy site in ASP.Net2.0 Our idea was to deploy the new .NETCore app as applications under some /newapp application path. However doing so fails to run the ASP.NETCore app because of web.config in the root that applies also to it... Is there a way to make the app completely independant from the root site so that it can run just like if it was standalone ?

@JH - Oh good one.

I guess there's actually a lot of ways if you know which one 😃

Another handy shortcut. start...run...inetcpl.cpl

That's a very helpful article about configuration. You are so right about the static in this case.
I think that easier testability shouldn't be the only factor that matters. There is also simplicity and readability and much more, some of these are better achieved with the use of static access in some cases.

For example, when a developer in the team knows that they can always access the current user statically through OurContext.User (inside a thread, inside a request, inside anything...) it is one less place to make a mistake.
This is true for OurContext.Repository (in multi tenant) apps and so on... These dependencies are required almost everywhere, so why complicate things ? Even with static access tests can be done correctly while keeping the dev team relaxed.

Even when using dependency injection in angular for example, I add all the commonly required dependencies to one container for easier access for my team (e.g. this.$deps.post, this.$deps.$timeout etc...) which is more like static access.

To summarize: One should use the right tool for the job. I don't think that DI should be/feel forced. Otherwise, a lesser product is the inevitable result.

I wish I could force fixed position in safari due to being on relatively slow (satellite) internet, long scrolling web pages (Arstechnica = example) will continuously reposition the screen as images start coming in, so I have to wait up to a minute before I can actually read an article without it popping all over the place. extremely annoying having to keep finding my place time after time, as it moves me two screens or more from where I was reading.

This article obviously wasn’t speaking to this particular issue - but it sounds like you might know the answer - are there any Safari settings - perhaps in the experimental section, that’ll fix this?

Thanks @Geir - fixed the typo 😃

Robert, the .vs folder is hidden by default, so make sure you have Windows Folder Options set so that hidden folders are visible. But, you should find the .vs folder in the same directory as the .sln file.

Great work, awesome to have a .NET alternative to SimpleHTTPServer and similar! Also cool to see what you can do with the .NET Core stack, 3.0 really brings a lot of value.

One note, the first code snippet should probably have dotnet tool install instead of dotnet install 😃

@Mathew: Firstly, have you tried .NET Core 3?

I've been playing with the various COM libs and .NET Core 3 lately. Major problems for me were around the fact that not all libraries had x64 version and, just as in your example, all seemed to work well until the moment of method invocation at runtime.

Just make sure your process is running as a process in the same platform as the COM library is registered. The HRESULT errors range from NOT_REGISTERED to File not found...

Matching the platform is another story. Dotnet CLI runs by default 64bit on x64 machine. You'd need to create configuration for x86 (if your COM is 32bit one) and VS can be helpful in that case. Otherwise, call dotnet with parameters. Another problem is that dotnet msbuild does not work (regardless of the SDK platform you have, 32 or 64bit) since .NET Core 3 cannot resolve msbuild task ResolveComReference. This msbuild task is part of the .NET Framework version of msbuild, so it works if built from VS.

Thanks for breaking this down and making it easy to understand! Thanks also for the many useful articles your publish here. Your work is tremendous and it simplifies it for us to digest the materials. Kudos to you!

@Jaans - yes the core APIs for all of this haven't changed, so this will still be applicable.

We'll be moving to AspNet Core 2.x/3.x soon. Will this still be relevant / needed?

I always liked Rick. Now, I see that in addition to being a great developer, he also has good taste in music. I thought I was the only one who knew of and still listened to Attitude Adjustment, American Paranoia. Great album to code to.

Great post. I ran into these same change requirements in a 2.2 web app. I tried the conversion from 2.2 to 3-preview a couple of weeks ago. Which was good practice but there were still some minor changes like the UseRouting location that I either missed when working with the 3-preview or it was somehow new the 3.0 released (no matter). What I wanted to say is that I also have .Include in use and after the upgrade to EF 3.0, it seems to be working fine. I might run into this bug later because it is going to take specific integration testing to ferret it out. It's a runtime bug that requires resolving data to see it. But you might try one thing. You might try using the scaffolding tool to see how your models and DbContext are generated. There is a new tool for v3 that you need to install manually. I took a quick look at your source code and I don't see the same patterns that the scaffolding tool would generate. For example, the IList property might be generated as public virtual ICollection Tracks {get;set;} instead. There is also an instantiation in the construction of Albums for this property that would be a new HashSet. Anyway, if you have not already tried this, it might be worth a look. And thanks for pointing out this bug in EF Core 3. I'll be wary of it as I write more integration tests for my project.

Really useful post as always Rick. We find it difficult to comprehend why Microsoft seem to be struggling with Entity Framework 3.0. We are also still using Linq-to-Sql in all our applications. Trying to convince the developers here to ditch this proven ORM in favour of Entity Framework 3.0 that is not yet "production ready" is a non-starter. Going further, it would be irresponsible of us to write a business application for a Client using this technology given these concerns with Entity Framework 3.0. Surely the fact that Microsoft have also updated Entity Framework 6 to run on .NET Core so we effectively have two ORMs to choose from seems to be an admission from Microsoft that Entity Framework 3.0 is not yet up to scratch ?