Did you read the section on watching out for non-cross domain calls? π Same domain requests don't require CORS and the CORS headers are never added by ASP.NET.
Looking forward to the release of asp.net core 2. Right now everything is confusing regarding all the changes from core v. 1 to core v. 2. Hope the Microsoft guys manages to stabilize asp.net core so that one may dare to spend time on it. I have not looked or worked with anything later than asp.net mvc 5 (and ef 6) because of the constant changes in everything from project structure, tooling, version comparison with entity framework etc.
I have created a Web API using ASPNET Core with CORS enabled(hosted on a remote server) just for 1 origin - that is my angular app. That works! The issue is when I try to access my Web API directly from my local machine using Firefox REST Client - it works. Ideally it should not work - my API is not secure. Please suggest how can I avoid the REST Client to get data from my API?
I'd like to keep my development server running in IIS so I can access it at any time from a locally created domain name. I've set up a domain in my hosts file & set up IIS to run a .NET Core app, and I'm pretty sure I am able to attach a debugger to the kestrel process in Visual Studio. Haven't tested that yet, though. If I'm able to, then I could say that it is definitely a good option to host a .NET Core app in IIS on a dev machine with a custom domain name.
"It's never sat right with me that some things are configured in the 'Configure()' method."
Agreed... no idea why they named that method "Configure"; it should be "BuildApplication" or somesuch... I'm sure it's way too late to change it now, but even today it trips me up sometimes!
I have no idea about SPA services and how that sets up, but if you're running IIS or IIS Express you might need custom re-write rules to handle the Angular routes. The easiest way is not to use HTML5 routes but hash bang (#!) routes which work without server cooperation.
Here's more info on how to set up IIS for running ASP.NET Core applications:
BTw, I did find a workaround that got me to load the albums page. I had comment out the "empty-root-index" rewrite rule and then add this code to the startup.cs:
app.UseStaticFiles().UseMvc(routes => { routes.MapRoute( name: "default", template: "{*url}"); routes.MapSpaFallbackRoute("spa-fallback", new { controller = "Home", action = "Index" }); });
Rx is particularly useful for time-related algorithms; they handle a lot of corner cases for you. There's a very interesting "rethinking UI" project based on Rx called ReactiveUI (https://reactiveui.net/) which I sadly have still not found much time to play with yet.
Rx does have some unfortunate naming (largely due to its history as "LINQ over Events", and LINQ's choice of SQL terminology rather than map/reduce or functional terminology). Thus, Rx.NET's "Throttle" is in fact "Debounce" (http://reactivex.io/documentation/operators/debounce.html), and has another operator "Sample" (http://reactivex.io/documentation/operators/sample.html) that I think is what you're looking for with "Throttle".
IntroToRx is the best resource IMO for learning Rx. I use it all the time: http://www.introtorx.com/Content/v1.0.10621.0/13_TimeShiftedSequences.html#Sample
@Becca - possibly, but to be honest if you have an API you're calling why not just create a custom class that handles this rather than configuration? Create a class that has the config structure you need and then have Load() and Save() methods that populate the data and then call Load() in ConfigureServices and add to DI. I see little benefit to hooking into the existing startup mechanism just to get essentially a class, especially if you are going to use very specific customized logic to retireve the data. I think the only time this makes sense if you want this to fit into the existing pipeline and needs to work with your REST API, Environment variables etc.
Load()
Save()
@Sean - my workaround was to add another constructor to my SQL Access class that allows you to provide the provider as an instance rather than a provider name. This is a little less convenient (as you rarely see the actual instance documented), but it solves the problem for .NET Core and keeps the provider dependency out of the data access layer. You just have to know what the instance is (ie. SqlClientClientFactory.Instance). If you don't care about provider dependencies (ie. you add refs to the DA project) then manually translating the provider names to a provider instance works. The good news is that DbProviderFactories are typically used in only one place to get the initial provider - and after that you just use the factory instance.
SqlClientClientFactory.Instance
The dupe you have most likely means you're referencing System.Data.SqlClient in your full framework project. Make sure you only reference that in the .NET Standard project where full framework is not referenced.
System.Data.SqlClient
I have a remote REST API that contains the configuration settings.
Would it be possible to override the binding in the custom configuration settings class to a remote model returned by a REST client?
Just curious, what was your solution for the missing DbProviderFactories? I tried System.Data.SqlClient but ran into a BUNCH of issues.
The type 'SqlDbType' exists in both 'System.Data.Common, Version=4.2.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' and 'System.Data.SqlClient, Version=4.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
@Kit - every time you renew, Lets Encrypt Win Simple will prompt to recreate the scheduled task. The scheduled task runs through all sites. In theory you need to only set this up once and then answer no on subsequent requests just in case you made changes (like the account it runs under). The renewals will still fire. The renewal tasks fires once a day, and it does some check for the certificate expriation date before it expires. Exactly when it checks and decides to renew I'm not sure - you'd have to look at the source to see what they do exactly in the scheduled task operation (--renew).
--renew
@Donnchada - Oh wow - no I had no idea. If that works that'll be another blog post :-). Thanks!
Hey Rick, I find your articles well written and very informative. Thank you.
Have you tried debugging using Visual Studio to Attach To Process (the WPF or WinForm exe hosting the WBC) and check the "Script" option in the "Select Code Type" dialog box. This provides a JavaScript Console, DOM Explorer, set breakpoints in JavaScript code etc. It seems useful.
Solved it with a location tag, like this:
<location path="MyPage.aspx"> <system.web> <httpRuntime requestValidationMode="2.0"/> </system.web> </location>
I still don't know how this code is vulnerable to Cross Site Scripting (XSS). Can we use it in Rails as well or in rails it would be different
Yup you're right. Not sure what happened to the missing - :-).
-
Hi Rick,
I haven't tried out your implementation yet. But I feel a bit confused with interval in Throtte method. I understand that the interval should be adjusted like:
// if timeout is not up yet - adjust timeout to fire // with potentially new Action parameters if (curTime.Subtract(timerStarted).TotalMilliseconds < interval) interval -= (int) curTime.Subtract(timerStarted).TotalMilliseconds;
It's that 'interval' should be subtracted by the time period passed, isn't it?
Btw, thanks for your work and sharing.
Best regards.
I highly recommend Rx for desktop apps, I used it a fair bit when I was more of a desktop developer. Where you should or shouldn't use Rx is a complicated question. I've seen a lot of MVVM frameworks go all out and use it for everything. I wrote a whole series of blog posts covering this topic. The TLDR is to use Rx to replace or wrap C# events and not in place of async/await as there is some overlap.
@Benny - thanks for pointing out the Delay Binding Property. I didn't know and that actually works for the Search... use case without using these helpers.
Text="{Binding TopicsFilter,UpdateSourceTrigger=PropertyChanged,Delay=500}"
Added a note into the document and a link to an article that explains. Thanks!
interesting way to set the limitation in the viewmodel without using RX extensions. The same functionality could be accomplished in the view, using the delay keyword in a binding. In most cases I would set the limitation in the view because the view requires the limitation. Thanks for sharing.
@Rick - Thanks for your reply. Unfortunately it isn't the problem with the ClearResources - that part works well. We have a button which explicitly calls this function and it works properly, as long as we call the translation by code. So technically it is not an issue with your code, but it's something we added ourselves.
It is the part where the DisplayAttribute on a viewmodel (i.e. [Display(Name = "Articles")] gets cached - probably by MVC. In the CustomDataAnnotations we determine whether it is a DisplayAttribute and then use the Name property to translate it in the same way as rest of the application and replace the Name attribute with it. This way you can put translations on your viewmodels instead of throughout your views, which has a couple of advantages as you use some of those viewmodels more often and therefore stick to the same keys (and therefore translations) throughout your application.
Now we experience that in some cases those DisplayAttributes still contain the translated Name after switching to another language. Since the Name is already translated, we cannot find that particular key in our resource anymore to re-translate it to the new language. Simply reloading the resources does not seem to solve this issue as it appears .NET seems to cache the DisplayAttribute after the first hit.
I know it isn't part of the code you provided, but I was simply wondering if you have encountered something similar and whether you have found a solution for this, as my research online so far has not produced any solutions. I had expected more people to use this idea, but apparently that isn't the case - or I haven't found them so far.
@Stefano - that's the way configuration in .NET has always worked really if you think about it. In full framework it was a static interface (ConfigurationManager. typically) and it's the same here.
ConfigurationManager.
Personally I think there are two kinds of configuration: System configuration and Application Configuration. The built-in configuration systems really address System configuration - that are essentially global settings. Application Configuration is specific to an application and that is often more dynamic.
In my apps I tend to separate those out as separate configuration objects. And in a multi-tenant app I think the data would be much better off stored in some sort of data store like a DB table. This sort of thing is best abstracted with something a little more high level than these simple property mappers. In the past I used Westwind.Utilities.Configuration for that, but you certainly can bake configuration directly into your application's domain model in a multi-tenant app.
Westwind.Utilities.Configuration
What about strongly typed configuration in a multi tenant web application?
Suppose you have a generic platform config file and than you have a specific file per tenant with some override.
As I undedstood configuration are loaded on application start and stored at application level, am I wrong? So that means integrated configuration is not suitable for this scenario, or there is a way for dealing with it?
Thank you for any suggestion.
@Gerard - Resources are always cached, so the only way to switch the resources used you have to unload resources. The library includes functions to unload resources. If you use DBRes() resources or our custom generated strongly typed resource using the resource provider then you can call the unload method. Otherwise you need to cause your app to reload the AppDomain where the resources are hosted (or explicitly recreate the resource manager).
Take a look at DbRes.ClearResources() which releases resources loaded through this library. But it won't help with .NET only loaded resources.
DbRes.ClearResources()
Rick, first of all, thank you very much for this framework to allow flexible resources. We incorporated it in our webapplication and then expanded it by using a CustomDataAnnotation to allow DisplayAttributes to make use of the same resources.
Unfortunately we now experience that when switching from language and thereby switching to another resource, the DisplayAttribute gets cached and doesn't switch to the other resource. Do you have any experience with that and did you find any solution for it?
[edit] I firstly commented on the link below, but I overlooked this blogpost here where it is much more likely for you to reply to. So my apologies for doubleposting.
https://weblog.west-wind.com/posts/2009/Apr/01/Updated-WestwindGlobalization-Data-Driven-Resource-Provider-for-ASPNET
Thanks you for this information Rick. I was looking over the Cake project and this really cleared things up for me with regarding to multi-framework solutions.
This article is excellent and exactly what I needed!! I had spent hours reading through fragmented information across many different sites with no results to show for it at all.
After reading through this article it took less than 15 minutes to get the login working!
So thank you very much for taking the time to write this, it's greatly appreciated
James
I actually love you Rick. Thank you for this. Still very handy in 2017 to fix the rats nest of dependency mess my web.config had built up.
@Stefan - Maybe it's just for .NET Standard 2.0 projects since that's a new SDK. I didn't check for .NET Standard 1.3 and earlier which are 'released' SDKs.
Finally, finally, finally. I've been wanting to port my libraries for a while and this is the first article that really helped me get there. THANK YOU! (see my thread with @visualstudio https://twitter.com/djbyter/status/867429782333652993)
2017.2 and the older SDK here so maybe it hasn't been added to 2017.3 yet. "The bad news is that there's currently no visual tooling support for managing multi-target projects in Visual Studio and you have to deal with the .csproj file directly to change targets or apply special target configuration settings." is a bit confusing though as it does work in older versions and is probably just a bug in the current version. Just wanted to point that out.
@vignesh - most likely you need to be an administrator and you have to have the IIS 6 Metabase compability tools installed.
I'm trying to recycle an app pool hosted in a IIS 7.5 server (local to the code). I wrote the same code (in VB.NET) but it throws an "Unknown error (0x80005000)". Did you encounter a similar error? The only other interesting thing about my code is that its wrapped up in a Windows Service Application. The service keeps running and invokes the code to recycle the app pool every 60 secs (for testing sake). Is there anything that's wrong about what I'm doing here?
@Stefan - I'm using the .NET Core 2.0 SDK Preview tooling and VS 2017.3 Preview 1. Perhaps you're using current release of VS 2017 and perhaps with a project.json rather than the SDK tooling? I'm not sure all I can see is that it's not working and when asked that came back as a known issue at the moment.
@Rick I'm not sure I get the difference. My code targets .NET Framework 4.5.2 and .NET Standard 1.3 ("net452;netstandard1.3") and I get to chose between net452 and netstandard1.3 in the dropdown. When I compile it compiles for both .NET 4.5.2 and .NET Standard 1.3. Care to explain how it differs from your code? π
@Stefan - you can change the target framework, but only if you have a single target. If you target multiple frameworks it doesn't show anything (because the UI wouldn't work for that).
What a coincidence, I have been thinking about writing a similar post for some time now. Great post! π I just wanted to point out that in VS 2017 you can actually change the target framework from Visual Studio in the dropdown just below the tabs with open files.
Screenshot: https://drive.google.com/file/d/0B6H3S-PTnF26NmJfY1JId2p1ZUU/view?usp=sharing (where it says "tusdotnet(netstandard1.3)")
Thank you Rick, your article saved me a lot of pain. Just wanted to add that I also needed to add the Access-Control-Allow-Origin header to my global error handler otherwise Angular would spit out an error with message 'Response with status: 0 for URL'. Hope this helps someone.
app.UseExceptionHandler(appBuilder => { appBuilder.Run(async context => { context.Response.Headers.Add("Access-Control-Allow-Origin", "*"); // I needed to add this otherwise in Angular I Would get "Response with status: 0 for URL" context.Response.StatusCode = 500; await context.Response.WriteAsync("Internal Server Error"); }); });
@Michael - not directly but you can reference a resource in each resource set which forces the resource sets to load.
Personally I don't think I would do that - let it lazy load. Individually the overhead should be minimal (for RESX especially and for DB other than the very first DB access as well) and I think it's better to take a small first time hit when needed than trying to load them all up front.
@Will - I haven't used it but I suspect you need to ensure that the package is added only to the .NET Standard target not the full framework ones since those have it as part of the System.Configuration reference.
System.Configuration
Hey Rick, great article.
I noticed you're using ConfigurationManager there. There is currently a preview build out for System.Configuration.Configuration manager for NetStandard 2.0. Have you tried to use it at all?
I'm getting an error complaining that ConfigurationManager is found within multiple namespaces after adding it, despite having removed all references to the System.Configuration assembly.
Anyway wasnt sure if you had any ideas about that.
Thanks for the good write up!
Hi Rick
I have implemented Globalization on MVC 5 platform. Just wanted to know, is it possible to load all resourcesets and resources on Application_Startup.
Thanks in advance
Michael
Thank you so much for your article. I'm just getting started with Angular, though I've been an ASP.NET developer for 15 years. I'm trying out your code, and I'm getting an error on the "$http.get" line in the service call. The error is "Object doesn't support property or method 'success'". I'm using the simple example from Plunker. Here's the code:
var PeopleApp = angular.module('peopleApp', []); PeopleApp.controller('peopleController', ['$scope', 'peopleService', function ($scope, peopleService) { getPeople(); function getPeople() { peopleService.getPeople() .then(function(ppl) { $scope.people = ppl; console.log($scope.people); }) (function() { $scope.status = 'Unable to load people data: ' + error.message; console.log($scope.status); }); } }]); PeopleApp.factory('peopleService', ['$http', function ($http) { var peopleService = { people: [], getPeople: getPeople }; return peopleService; function getPeople() { return $http.get('/People/GetJsonPeople') .success(function(data) { PeopleService.getPeople = data; }); }; }]);
I'm hoping you (or someone else) could tell me what's awry. I've verified that the call to "GetJsonPeople" is working. (This is in my ASP.NET MVC controller.)
I have a peculiar problem with BrowserControl. Rendering performance degrades over time if I run IE in parallel. If I use Fire Fox or Chrome no such issue exist under same conditions. Any idea?
@Gaz - also struggling with this. The only way to really make this work is DI (ie. expose your component as DI provider accessible for the main app) or alternately rely on static vars to push the data through the application. Realistically the latter is basically what we do in classic .NET apps - the difference is that the configuration system was always there and it's not in .NET core until you startup DI and the rest of the .NET Core infrastructure.
If you ask me - this is a serious design flaw but it is what is. It's easier to use in the most common use cases - it's just a clusterfuck if you have generic .NET (not ASP.NET) components that depend on configuration.
The other problem is that the default DI container is dependent on ASP.NET - so if you want to use DI outside of ASP.NET in a standalone component you have to use a different DI container.
I've been thinking about creating a wrapper around configuration that makes that easier.
Let's say I store my connection string in this appsettings.json file. What's the best way to access it via a data access class? I can easily retrieve the value in a Controller, but then do I have pass the configuration object to every class the controller uses so it can use the connection string to access data?
Thanks, Kevin
Thanks for the article Rick. I've been looking to experiment with Core, but I'm used to code separation and class libraries for my data and logic where possible. In practice, this is great for sharing my libraries between multiple websites and services.
This would mean that my data context would sit in a class library, but the way the Core application settings work makes it quite difficult (or code heavy) to actually use the settings from my web application in the class library.
So far, passing through the settings from the web application to the class library on each method is the only way I've got it to work. It seems so much more work and complexity than the machine/web/app.config hierarchy.
Have you found a good way of actually using a class library that accesses properties of the application config (e.g. the ConnectionStrings)?