Recent Comments



Christof Jans
Today

re: Role based JWT Tokens in ASP.NET Core

Great post. I still have a question :

How do you invalidate a token ? How does a user log out ?


Rick Strahl
Tuesday

re: Debugging the Web Browser Control with FireBug

@manoj - Firebug is no longer around. Got discontinued... It was a skunkworx side project of FireFox and they eventually stopped supporting it and killed the script. The extended features were integrated into FireFox (long ago), but unfortunately that doesn't help for the scenario here I mention which is IE debugging in the Web Browser control. You can use older versions of Visual Studio (2017 and older) to connect to applications and use script debugging. See post here...

https://weblog.west-wind.com/posts/2017/Jul/06/JavaScript-Debugging-in-a-Web-Browser-Control-with-Visual-Studio


Rick Strahl
Tuesday

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

@Rob - yes I've seen this. This is caused by a version mismatch - usually happens if you installed the WebView2 runtime, then uninstall it and some other version (perhaps from a Canary build) is used instead.

This is frustrating - had that issue and then it magically went away when I re-installed the WebView2 runtime explicitly.

Microsoft is working to get the WebView2 runtime installed with Windows updates. Once we have a few rounds of this in I think it'll be pretty safe to pick an older version and just stick with that and according to what they are shooting for that should continue to work (ie. forward compatible). We won't know until we see this in the wild though and it'll probably take a few update cycles before enough machines get these WebView2 runtime updates.

But roughly that is my plan - wait it out until the runtime becomes more integrated and then pick an older version and just stay with that.


manoj
Tuesday

re: Debugging the Web Browser Control with FireBug

Hi, For me not getting Firebug debug window ? Is it due to link added in javascript not valid now ? Anyone has the updated link ?


Rob Kent
April 12, 2021

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

Thanks for a great writeup, which saved me a lot of time. Some of our clients installed the pre-release control (Evergreen) and didn't get the upgrade when it went to release, as expected. We saw the standard error and I added the detection code to our app so that they see a nice error panel.

We also had a different error on a dev machine which I think might be do to with the nuget package or the build on that machine:

"Unable to load DLL WebView2Loader.dll. The specified module could not be found."

Anybody else seen that one?

Thanks a lot


William Jones
April 08, 2021

re: Mirror your iOS Device Screen on Windows with the free 5KPlayer

Hey, 5KPlayer seems to be good for mirroring iOS device screen on Windows. Additionally, tools like Webex, R-HUB web video conferencing servers, Gomeetnow, Gotomeeting etc. are also widely used for mirroring iOS devices to Windows , MAC etc. and vice versa.


Rick Strahl
April 07, 2021

re: LiveReloadServer - A Generic Static Web Server with Live Reload based on .NET

@Witold - you can certainly run Blazor applications with the server. The live reload functionality is limited by Blazor's current state of view recompilation which is very slow and requires a Blazor App reload. I don't see a way around this for the current version.

In .NET 6 the new dotnet watch supposedly will have functioning live reload including hot-swapping assembly code, but we'll see how well this works. The .NET 5 live reload functionality has not worked reliably for me in any way 😦 - hopefully this will work as advertised in 6.


Witold
April 06, 2021

re: LiveReloadServer - A Generic Static Web Server with Live Reload based on .NET

What are the limitations of this with regard to Blazor?


Koushik
April 05, 2021

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

Hi Rick, You have written that "The runtimes are backwards compatible so you need a current or newer version of the Runtime relative to the SDK/Controls". Is there any document, preferably from Microsoft, supporting this claim? This would be of great help as we are moving from CefSharp to WebView2 but the compatibility concerns between the runtime and the SDK are preventing us from using the evergreen bootstrapper. Thanks, Koushik


Rick Strahl
April 03, 2021

re: Dealing with Anti-Virus False Positives

@Anne - As with anything, trusting the vendor who provides tools is key. I've never heard of InstallSimple but it looks like they have been around for some time. I kind of doubt that they'd plant a trojan on purpose as that would quickly kill their business. I'd suspect something else - like perhaps a component?

My process for dealing with small vendors is to do some due diligence. If a public vendor is doing something nefarious chances are it's been reported and you can find it online.

Also there are more widely used solutions including Inno Setup (which is what I use now), which is open source and actively developed. Very little chance that something out in the open ends up doing something malicious.


anne wilson
April 03, 2021

re: Dealing with Anti-Virus False Positives

Thanks Rick

Just for info, we had purchased an installer from http://installsimple.com/ and it turned out that it was an unknown trojan. This Trojan later had damaged 2 of our company computers. It was an unknown trojan at that time and our AV couldn't detect it, but later ZoneAlarm was able to detect as it was transmitting some data out to an external command control center.

So we decided that we whipped out our very own installer instead of using a third party installer such as InstallSimple or Installmate. Our own installer is now working fine, we learnt how to compressed our files and to retrieve them from our own installer.

Hence please be aware of installer software such as InstallSimple, we learnt a great lesson, our company operations were disrupted for 6 months and luckily none of our customers were affected. Just imagine fighting an unknown malware which surreptitiously steals and corrupt your data.


Rick Strahl
April 01, 2021

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

@bitbonk - yes you can ship a fixed runtime, but... it's huge. It'll add 70-80mb to your installation package as you are essentially installing a local version of Edge plus the runtime.

I wish they made a package that's just the runtime without the full Edge packaging. I'm OK with requiring users to have the latest Edge installed on their machines, but having a fixed runtime installed is really what's the main problem.


Rick Strahl
April 01, 2021

re: Wrestling with Clipboard Images in WPF

@Tom - I don't know but I assume, yes. WPF on Core is pretty much a straight recompile under core - very few things have been changed so for all intents and purposes things will work identically.

But you have to try it to be 100% sure.


bitbonk
April 01, 2021

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

There is also a Fixed Version distribution mode that doesn't require the runtime to be installed. Have you tried that and if so, have you had any success with that?


Tom
March 31, 2021

re: Wrestling with Clipboard Images in WPF

Do you know if WPF in .NET 5.0 has the same clipboard problems?


Vasu
March 25, 2021

re: Back to Basics: When does a .NET Assembly Dependency get loaded

Managed Assembly(C#) register as Com Component and it is dependent on another C# dll then how we can resolve run time reference.


Freddy Mora Silva
March 24, 2021

re: Taking the new Chromium WebView2 Control for a Spin in .NET - Part 1

How can you pass credentials to the webview2 control when loading a web page. The idea is to go to the specific page without presenting the login page. Of course we are using valid credentials


Sankar
March 23, 2021

re: Accepting Raw Request Body Content in ASP.NET Core API Controllers

Thank you!

Using the following with in the Post method, without any parameters. It works. Xdocument xDoc = Xdocument(Request.Body);


Andrew L Stanton
March 23, 2021

re: Creating Custom .NET Project Types with .NET CLI Project Templates

I think that would be a terrible idea as that would be an invitation for malicious code to execute.

With public or unknown/untrusted packages, yes. Its a different story when its a private repo with trusted private packages or where the code is helpful and not malicious.


Geir Sagberg
March 23, 2021

re: LiveReloadServer - A Generic Static Web Server with Live Reload based on .NET

Very handy tool, thanks a bunch! Slight note, the dotnet command should probably be:

dotnet tool install -g LiveReloadServer


Rick Strahl
March 22, 2021

re: Accepting Raw Request Body Content in ASP.NET Core API Controllers

@Sankar - Simplest: Read the raw body stream and stream into an XmlDocument or XLinq structure on an [HttpPost] action that doesn't have explicit parameters.

You can also create a custom filter for XML to parse generically but you'd be replacing the default XML entity parser that ASP.NET provides. Probably not worth it unless you have a lot of requests that share common parse logic.


Sankar
March 22, 2021

re: Accepting Raw Request Body Content in ASP.NET Core API Controllers

Hi Rick,

Thank you very much for the useful information. I wanted to receive a XML file in my POST request then validate the xml for any validations using the XSD and then process the file. What is best way to achieve this? I am testing through postman passing the file in the request body as binary but not working. Any suggestion is greatly accepted.


Tomáš
March 19, 2021

re: Accepting Raw Request Body Content in ASP.NET Core API Controllers

Really helpful and it saved me a lot of experiments with .NET core! Now I understand also the purpose of the formatters. Thank you very much.


Jorge
March 18, 2021

re: Custom Message Formatting in WCF to add all Namespaces to the SOAP Envelope

Hi! Thank you so much for this, the only issue is when I use the generic implementation the namespaces appear on the body and not on the Envelope ):


Rick Strahl
March 17, 2021

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

@Jussi - sure that should work. Whatever you do with the DOM happens to the DOM. But there are things that might make it not work:

  • Document not loaded yet (make sure you handle the completion events properly)
  • Script errors may not be noticed

Jussi Palo
March 17, 2021

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

Thanks, good stuff. Do you know why it is not possible to inject STYLE tags using ExecuteScriptAsync? Tried it via CoreWebView2_DOMContentLoaded and WebView2_NavigationCompleted and neither worked. The below JS works great if I inspect the WebView2 control and execute it in Console.

var style=document.createElement('style');style.type='text/css';style.innerHTML='h1{background-color:#fff}';document.getElementsByTagName('head')[0].appendChild(style)

Nepa
March 17, 2021

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

Popped back here looking for a link to part 3. Any time scales when this will go live? PS: Well written series with good technical detail, thanks.


Peter Brightman
March 17, 2021

re: VSIX Installer Extension Manifest and Visual Studio Version Numbers

Thanks for this article, it helped me a lot. Now my vsix appears for VS 2017 as well as VS 2019. I can also install the vsix, but when i use it in VS, i get a failure message, my TemplateWizard dll cannot be loaded somehow.


Rick Strahl
March 16, 2021

re: Role based JWT Tokens in ASP.NET Core

It's a custom class that I have in my AspNet utility library in Westwind.AspNetCore Nuget package. Source code here:

JwtHelper Class


Szilard
March 16, 2021

re: Role based JWT Tokens in ASP.NET Core

Thanks Rick!

Is the JwtHelper class part of a NuGet package or is it custom code?

I installed Microsoft.AspNetCore.Authentication.JwtBearer (which is required for AddJwtBearer), but it doesn't contain the JwtHelper class.

Thanks


Manuel
March 12, 2021

re: Web Browser Control & Specifying the IE Version

What tripped me up: there's a group policy setting which causes browser-emulation settings in HKCU to be ignored:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only = 1

'This is a Group Policy setting at Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/"Security Zones: Use only machine settings"'

Source: https://stackoverflow.com/questions/22321424/webbrowser-control-ignores-hkcu-registry-settings-values/22334392#22334392

Regards,
Manuel


Rick Strahl
March 11, 2021

re: Role based JWT Tokens in ASP.NET Core

@Nicholas - if I understand JWT Tokens correctly the hash is what makes this work. You can read the data, but you can't change it because you'd need the signing key.

If that wasn't the case, JWT Tokens would be pointless and we might as well pass a JSON string around 😃. The point is good though - you definitely don't want to pass information that can compromise the application in a token as it is readable if the token is captured - either by cookies or bearer tokens.


Nicholas Paldino
March 11, 2021

re: Role based JWT Tokens in ASP.NET Core

It might be splitting hairs, but consider a scenario where the token key for the mechanism is compromised.

In this scenario, someone could fabricate any claim/role they want.

If you wanted an added layer of security, would it be preferable to fetch the roles given the user ID?

Even if the signing token is compromised, attackers would still have to find a valid user with the appropriate roles to gain the desired access.


Branislav Petrović
March 11, 2021

re: Role based JWT Tokens in ASP.NET Core

Great and concise article, nicely written!

Thanks Rick!


Paul Speranza
March 11, 2021

re: Role based JWT Tokens in ASP.NET Core

Yep, I have done the auth Ground Hog Day shuffle.


onnorh
March 11, 2021

re: Role based JWT Tokens in ASP.NET Core

How would expiration of the token be handled by the calling client and the api controller?


Rick Strahl
March 10, 2021

re: Role based JWT Tokens in ASP.NET Core

@Osin - It's possible this has changed in recent versions. I had an open issue for this a while back but AFAIK that never was fully addressed. At the time the order of UseAuthentication() and UseAuthorization() was also important.

Ever since I've just made sure not to do it any differently because the behavior was subtly different.


Oisin Grehan
March 10, 2021

re: Role based JWT Tokens in ASP.NET Core

Great write up, Rick -- I went through similar hell recently with azure AD app registrations, scopes, audiences, issuers and application vs delegated permissions. One thing I might point out that will probably drive you nuts is that it's only the UseAuthorization() call that has to appear after UseRouting() and before MapEndpoints(). The UseAuthentication() call can appear before UseRouting() (though grouping authz/authn together makes perfect sense to me from an organizational standpoint!)


Travis Laborde
March 10, 2021

re: Role based JWT Tokens in ASP.NET Core

Great article as always. Good timing too for my uses 😃


Ali
March 09, 2021

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

Hi Rick, That's a great article. Thanks for sharing that. Have a question. How we could prevent WebView2 from caching (CSS & js)?


Rick Strahl
March 08, 2021

re: Deleting Problem Folders and Files on Windows: Could not find this Item Error

@Scott - if you deleted files, they are deleted and gone and you can't get them restored as you're doing it at the command line - they're not going to the recycle bin.

You can try tools like Recuva which can restore deleted files if they haven't been overwritten otherwise. This doesn't always work though especially if you don't do it immediately.


Scott Claus
March 07, 2021

re: Deleting Problem Folders and Files on Windows: Could not find this Item Error

I tried using this command to get rid of an errant file (it worked) and it ended up deleting (or making everything disappear) on my desktop...I'm getting some things back here and there by using Windows Recovery...I see some things I can't get to at the path \?\C:...any suggestions how to get the folders back that were obliterated by using this command? Gladly will donate if I can solve this problem...


Rick Strahl
March 03, 2021

re: Window Activation Headaches in WPF

@Daniel - the new instance does have focus, but the problem is the old one does not and that one is the one that should get activated. The new one is discarded because it's a singleton app and only one window - the original one - is used to host documents.

I am already sending signal to the old instance and that all works but the activation requires the code mentioned here.


Daniel Ashby
March 01, 2021

re: Window Activation Headaches in WPF

Assuming the new instance of MM has focus (because it was started from the shell by the user) you should simply be able to have it call AllowSetForegroundWindow with the process id of the singleton instance (or ASFW_ANY to let anybody else set foreground) and then use some kind of signal through your named pipe to tell the singleton to focus itself.

Or am I misunderstanding the situation?


Alan
March 01, 2021

re: Using Let's Encrypt with IIS on Windows

Hello Rick, great work on Let's encrypt ... I use it on my 4 domains with auto-update and it work really well . I think for non-commercial , startup and even for small businesses this is the way to go ... sometime small business owner who want a site dont understand very well that a domain name is not all what is needed, but on top developping the site come hosting fee , now SSL if you want any chances to be showing in a Search Engine .. so to be able to get a low cost/free certificate is obviously welcome ... cheer.


Scott
February 28, 2021

re: Deleting Problem Folders and Files on Windows: Could not find this Item Error

Hello, I tried using this for deleting a problematic file, and it ended up deleting all files on my desktop (and they're not in the recycle bin). Is there any way I can recover them? Thanks,


Jonesie
February 26, 2021

Rick Strahl
February 19, 2021

re: Working with IWebHostEnvironment and IHostingEnvironment in dual targeted ASP.NET Core Projects

@Rob - If you're only running .NET 5.0, just replace all instances of IHostingEnvironment with IWebHostingEnvironment. It's a built-in class.

If you multi-host for mutliple environments (for a component or middleware library most likely) then you may need the code I describe in this post. For Web applications, just replace and move on.


Rob Achmann
February 19, 2021

re: Working with IWebHostEnvironment and IHostingEnvironment in dual targeted ASP.NET Core Projects

In aspnet Core 5 MVC web app, it too complains that IHostingEnvironment is deprecated, so I just want to use IWebHostingEnvironment in it's place. I try to, but it says CS0051 in inconsistent access error when trying to pass it to a controller contructor.. I didn't write IWebHostingEnvironment... So what's the proper implementation of this interface in a AspNet 5 Core MVC controller to access a file in the hosted environment?


Ian
February 18, 2021

re: Excluding Files and Folders in Visual Studio Web Site Project

FYI Rick the code snipped showing files and folders syntax has some typos.

  • It shows a folder opening tag (<ExcludeFoldersFromDeployment>) and a file closing tag (</ExcludeFilesFromDeployment>).
  • The surrounding tag says <ProjectGroup> but should be <PropertyGroup>

Excellent resource dude, thanks.