Recent Comments

May 13, 2022

re: WebView2 Flashing when changing TabControl Tabs

Hi Rick, Thank you for your excellent post and I have some diffirent idea about the flash of WebView2 here. It is base your achievement 😃.

I will be glad to discuss with you.

Rick Strahl
May 11, 2022

re: Debouncing and Throttling Dispatcher Events

If it's on this blog it's free to use.

I'm not going to put a bloody license on every bit of code I post.

May 11, 2022

re: Debouncing and Throttling Dispatcher Events

Hi Rick, What is the license for the above DebounceDispatcher code? Thanks in advance!

May 09, 2022

re: Adding minimal OWIN Identity Authentication to an Existing ASP.NET MVC Application

Thanks Rick, finally an article which cleared the clutter and highlighted the essential pieces.

My setup: My app is a .net 4.6 framework app and is not using system.web.mvc, instead it is a layered app. It is called by a frontend in angular, which calls api routes which in turn land on the .net app controllers which are based on system.web.http and uses token based authentication. Currently, we use AuthenticationFilterAttribute for implementing authentication.

We now need to integrate this app with external login providers like google, fb etc.

My question is as follows:

  1. Do i need to add system.web.mvc to use owin startup class, ChallengeResult (inhereting from HttpUnauthorizedResult which is only in system.web.mvc and and all related code)?

  2. Can I continue to use token based authentication, or will Cookie based authentication need to be used in order to have the external 3rd parties integrated?

  3. Will I need to remove the AuthenticationFilterAttribute and just have the owin startup be r responsible for authentication?

Thanks for your help.

May 06, 2022

re: Missing Sharing Tab in Windows Explorer and Sharing with PowerShell

Thanks so much, the cmdlet worked for me, everything else was correctly set, but yet the Sharing was missing in mine.

May 05, 2022

re: Accessing RouteData in an ASP.NET Core Controller Constructor

agree with Jason... Still relevant in .NET 6 and also works great for Razor Pages (not just MVC). thank you!

Richard McDaniel
May 04, 2022

re: Gotcha: Entity Framework gets slow in long Iteration Loops

For those looking for an alternative using EF Core 5+ there is the ChangeTracker.Clear method. You can use this method to clear all entities from the change tracker once you no longer need them instead of creating a new DbContext in cases where turning off change tracking is not an option. This method is much more efficient than iterating through all the tracked entities and detaching them and is the preferred method of clearing the tracker.

May 02, 2022

re: Windows Authentication with HttpClient

Hi Rick.

Just wanted to tell you how great a resource you and your blog have been throughout my entire development career. Fifteen years now and I still find your posts helpful and relevant. So thank you for sharing, teaching, and leading the way for many of us.

Alois Kraus
April 30, 2022

re: A .NET Color Console Helper

I have updated it a bit to support also clipped output which is very useful with non wrapping consoles such as Windows Terminal. The code is located here: Perhaps ETWAnalyzer could help you to extract some weird TPL tasks states from tests which are running with ETW profiling. See what you can do with the dump command. With async code I have found -firstlastduration interesting because some methods of the compiler generated state machine are executing sync first and the rest after the await much later which gives you a good estimate how long the async methods was really executing.

April 28, 2022

re: Routes, Extensionless Paths and UrlEncoding in ASP.NET

Hi Rick,

Thank you for your post!

The only special character I cannot find the solution for is plus (+). When I use plus character in route (or encoded value %2B) the routing does not working at all - it opens the default page.

For example: - ok - ok - ok - routing not working - routing not working

Is there any way to encode plus character to use it in the route?



Rick Strahl
April 26, 2022

re: Async and Async Void Event Handling in WPF

@George - yes that should also work for the same reason that Task.Delay() works as the first line in the handler.

April 26, 2022

re: Async and Async Void Event Handling in WPF

Hi there i am new to Wpf and async paradigm and i was wondering if the following code would work properly ?

private async void TreeFavorites_MouseMove(object sender, MouseEventArgs e)
    await MouseMoveTask(sender, e);

private async Task MouseMoveTask(object sender, MouseEventArgs e)
    if (e.LeftButton != MouseButtonState.Pressed) return;
    if (Model.ActiveEditor == null || 
       !(await Model.ActiveEditor.IsEditableDocument()))
    var selected = TreeFavorites.SelectedItem as FavoriteItem;
    if (selected == null) return;

    var mousePos = e.GetPosition(null);
    var diff = startPoint - mousePos;
    if (Math.Abs(diff.X) > SystemParameters.MinimumHorizontalDragDistance * 2
        || Math.Abs(diff.Y) > SystemParameters.MinimumVerticalDragDistance * 2)
        var effect = DragDropEffects.Move;
        if (Keyboard.IsKeyDown(Key.LeftCtrl))
            effect = DragDropEffects.Copy;

        var treeViewItem = WindowUtilities.FindAnchestor<TreeViewItem>((DependencyObject) e.OriginalSource);
        if (treeViewItem == null) return;

        // add both files and text
        var dragData = new DataObject(DataFormats.FileDrop, new string[] {selected.File});
        // *** Hangs here - until moved out of WebView when dropping
        dragData.SetText(selected.File + "|" + selected.Title);
        DragDrop.DoDragDrop(treeViewItem, dragData, effect);

April 26, 2022

re: Async and Async Void Event Handling in WPF

Rick, find "the the" in your blog text and you will find a repeated "the" word... 😉

April 26, 2022

re: Back to Basics: Rewriting a URL in ASP.NET Core

You mind adding in big, black, bold, letters that app.UseRouting(); has to be placed after app.use

yea, it's "obvious" in retrospect, but it's not something one might actually notice for several hours of testing...

April 24, 2022

re: Async and Async Void Event Handling in WPF

It would be interesting to see a "reference" implementation using a JoinableTaskFactory, since the VisualStudio.Threading.Analyzers Package will flag both async void (with and Dispatcher calls (with as issues.

April 23, 2022

re: Using the WebView control to capture HTTP Request Content

Hi, first if all thanks this post was very useful. But i have one question if you know how did you determine if is a http 1.1 or 2.0 request the one that was made.

April 23, 2022

re: Async and Async Void Event Handling in WPF

Have you tried using a TaskCompletionSource? It should be a better solution than Task.Delay(1).

April 22, 2022

re: Publish Individual Files to your Server in Visual Studio 2012.2

Hi, thank you for your article, I've been using "Publish" for years but I never understood how to select a specific server or publishing profile in general. When you click on Publish I don't have choices, it will publish the file right away using the current profile. This is a major draw-back as I need to publish the whole project anyway the very first time in order to be able to select the profile/server I want to work with, after that I can use Publish single file. Thank you.

Rick Strahl
April 21, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

@Gunnar - you can specify the name of the cookie that is created when you authenticate. It's one of the optional configuration values you can provide in the AuthenticationProperties structure.

Gunnar Stensby
April 20, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

Say you want to integrate two systems that both have cookie authentication. The user has to be logged in to both systems at the same time.

Instead of JWT_OR_COOKIE it would be something like COOKIE1_AND_COOKIE2…

How would you approach that?

April 20, 2022

re: Connection Failures with Microsoft.Data.SqlClient 4 and later

Hey Rick! Been wondering for past 30 minutes what might be wrong with my connection. I even tested my previous projects and connection worked all fine. Despite setting up everything as per my previous projects the connection open method always failed until I found your solution.

Thanks for this!

April 09, 2022

re: Role based JWT Tokens in ASP.NET Core APIs

Hi! Thanks for the detailed explanation. I am working on a demo API that uses Jwt authorization. I am stuck however, on assigning roles to users on registration/creation. In addition, I envisaged an app where only a user with the "Admin" role can successfully interact with the /registration endpoint. Your example clearly demonstrates how to add claim to the Jwt that will be returned to the user and the user object retrieved from the Db already has the list of roles as part of its property which is very different from what I am trying to achieve. I have spent the last 3 days hopping from one blog to blog and stackoverflow too, I get even more confused because I saw similar issues like this one that bring even more confusion as the use of RoleManager is not very clear from these posts. Can you,perhaps in your free time, explain how RoleManager/IdentityRole would come in handy in this context?

Alois Kraus
April 07, 2022

re: WPF Hanging in Infinite Rendering Loop

I still have this exception with .NET 4.8 4.8.4770.0. I have opened a MS call for this one. Lets see if that is a regression of an earlier fix, or if it is a long standing issue.

Todd Davis
April 01, 2022

re: Connection Failures with Microsoft.Data.SqlClient 4 and later

I hadn't come across your posts in a while, but this issue totally hit me today and my first reaction was "OH THAT GUY!" - thanks as always.

Steve Hunt
April 01, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

I know this was for non-Identity auth but just for the sake of it - and just because I went through the same multi-auth pain only a couple of months ago, there are only a couple of important changes to use Identity. Namely:

  • replace the AddCookie call with AddDefaultIdentity<T>() (and, perhaps, AddEntityFrameworkStores)
  • in the AddPolicyScheme call, instead of
    return CookieAuthenticationDefaults.AuthenticationScheme;
    return IdentityConstants.ApplicationScheme;

Perhaps I'm a bit stupid or naive but it took me ages to realise/understand that the Identity auth uses a different name for its cookie scheme.
[The Authenticate endpoint is a little different 'cos you need to defer to, or use, the Identity code for the cookie but the key is that scheme name.]

March 31, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

"In my case, the scenario is my Swagger/OpenAPI endpoint which should require a login to access. This endpoint is served directly by the Web Server and consumed in the browser, so it can't use a Bearer token."

You can add authentication to OpenAPI by adding a OpenApiSecurityRequirement to the operation's Security dictionary. The key needs to match a security definition added in the AddSwaggerGen options callback, where you define the flow.

The following is how I've configured our OpenID/OAuth client credentials endpoint definitions. (I've removed some internal sensitive code around policy and scope names, but it should be close enough )

public void Apply(OpenApiOperation operation, Swashbuckle.AspNetCore.SwaggerGen.OperationFilterContext context)
    var requiredScopes = new[] { "Scope1", "Scope2" };
    var scheme = new OpenApiSecurityScheme
      Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }

    operation.Security.Add(new OpenApiSecurityRequirement()
      [scheme] = requiredScopes.ToList()
services.AddSwaggerGen(c =>
  c.AddSecurityDefinition("oauth2", new Microsoft.OpenApi.Models.OpenApiSecurityScheme
    Type = Microsoft.OpenApi.Models.SecuritySchemeType.OAuth2,
    Flows = new Microsoft.OpenApi.Models.OpenApiOAuthFlows
      ClientCredentials = new Microsoft.OpenApi.Models.OpenApiOAuthFlow
        TokenUrl = ...,
        Scopes = new Dictionary<string, string> 
          ["Scope1"] = "First scope",
          ["Scope2"] = "Second scope",

Dru Sellers
March 31, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

THANK YOU, I was just starting down the path of trying to solve this.

Chaim Brykman
March 31, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

Also, if you know your non-SPA (cookie-based) app is residing in a different path (aspx, for example), you can set the path attribute of the generated cookie to match that path. Then, only requests to /aspx/* would contain the cookie and SPA will remain unaffected.

Rick Strahl
March 30, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

@Dalibor - Good point but it depends on how sensitive the application is. In my application for example, 90% of interaction will be read only unauthenticated and only very few requests that are authenticated, so it wouldn't matter much. For an app that is 99% SPA and 1% something else it might make sense to separate the cookie out - not only for security but also to reduce request size perhaps.

Good point to make here. I'll add a note into doc.

Dalibor Carapic
March 30, 2022

re: Combining Bearer Token and Cookie Authentication in ASP.NET

Nice article, but if you have different authentications for different endpoints wouldn't it be easier simply to flag them to use different schemas in the Authorize attribute (
You could then have separate login for each.
As it is you are supporting authentication to your API endpoint with Cookies which is not strictly needed and potentially increases the attack surface (sorry if sounding pedantic here, its not my intent, I'm just curious).

Rick Strahl
March 29, 2022

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

@Dean - Cookies are persisted in the user profile that's specific to your WebView when you create the environment. If you reuse the browser environment in the same folder each time then any browser state should persist across usages. Perhaps you're using a new location each time, or wiping out the browser folder each time?

March 29, 2022

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

Rick, really nice article. You have a great way of explaining things in a very understandable way. Well done. I would be very interested to know how to deal with cookies. I'm writing a winforms desktop application and logging in to a membership website with a standard username and password. However, upon each restart of the application I'm forced to log in again. Right now I don't see a way to save and restore cookies in order to retain the login status. Any ideas?

Rick Strahl
March 24, 2022

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

@Rick - that's not possible with the WebView - there's no DOM object model that is accessible from .NET. You can only do this work inside of the Web Browser using JavaScript that you invoke. You can inject the JavaScript into the document if necessary (ie. if you don't control the source) and then call that from .NET to perform a task and or return a result.

Rick Ellison
March 23, 2022

re: Chromium WebView2 Control and .NET to JavaScript Interop - Part 2

Hi Rick interesting Article since I am not able to find hardly and information on using Webview2 in the application. My application donwloads a map from google for the users based on information they enter and google has not blocked IE11 from accessing the data. I do have 2 questions for you. Would it be possible in java (which I know little of.) to be able to pass out of the java something like this.

Dim document As System.Windows.Forms.HtmlDocument = Webbrowser.Document
WebSource.Text = document.Body.InnerHtml

And so far I have not found how to create a routine like this in java.

For Each element As HtmlElement In Webbrowser.Document.GetElementsByTagName("button")
            If element.InnerText = "Next" Then
            End If
        Loop Until Webbrowser.IsBusy = False

Any help or pointers to where to find how to handle this would be appreciated.. Rick

Randall Carter
March 23, 2022

re: Resetting Entity Framework Migrations to a clean Slate

This was an excellent post I came across two years ago and have used it half-dozen times since. It has saved my bacon from a lot of hassles, especially when refactoring a large project with a lot of schema changes.

Paul Gruet
March 22, 2022

re: Fixing Visual Studio Intellisense Errors

Deleting the .vs file works, but the problem comes back quickly. I didn't see the problem at all until updating Visual Studio (Microsoft Visual Studio Community 2019, Version 16.11.11) > Does anyone know of a way to permanently fix this?

March 16, 2022

re: Fixing Visual Studio Intellisense Errors

THanks - been battling with this for months!

March 15, 2022

re: Using CSS Transitions to SlideUp and SlideDown

great post! thanks for the example, not all heros wear cape

Sinethemba Paula
March 14, 2022

re: Use Powershell to bind SSL Certificates to an IIS Host Header Site

I have issues installing and binding a certificate with powershell. The certificate installs correctly and the binding is correct as well but on binding, the SSL certificate is not selected. I get the below error:

SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.

My script:

$secureString = convertto-securestring "pass" -asplaintext -force

Import-PfxCertificate -FilePath "D:\Data\SSL\"  -CertStoreLocation Cert:\LocalMachine\My -Password $secureString

$cert = (Get-ChildItem cert:\LocalMachine\My | where-object { $_.Subject -like "*$hostname*" } | Select-Object -First 1).Thumbprint
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert hostnameport="${hostname}:443" certhash=$cert certstorename=MY appid="$guid"
New-WebBinding -name $iisSite -Protocol https  -HostHeader $hostname -Port 443 -SslFlags 1

Anyone knows what could be causing this issue?

Rick Strahl
March 10, 2022

re: Creating a Static Web Content Project for Publishing with WebDeploy

@Dan - Not sure what you're asking. This is a static Web site, there's no CORS on the client - CORS is handled on the server. This doesn't handle any server configuration - the server is going to be there already and you're just pushing content. For the IIS Site that is receiving the files you can affect configuration via web.config with the deployment but that's about it.

March 10, 2022

re: Creating a Static Web Content Project for Publishing with WebDeploy

Hi Rick. Thanks for sharing the post! How do you deal with cross origin issues when the Angular frontends access the backend? Do you enable CORS? Or do you somehow have everything on the same origin? Also, how do you handle securing the API calls from the Angular frontends?

Rick Strahl
March 04, 2022

re: Excluding Files and Folders in Visual Studio Web Site Project

Yeah that bugs me too. The profiles have moved several times in recent versions and to make things worse, VS 2022 can't read profiles directly: It creates .pubxml files, but when you try to import a profile it looks for .publish-settings which are different. The only way this works is via a setting in the .csproj.user file that points at an existing .pubxml file:

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="">

March 03, 2022

re: Mysteriously stubborn IIS 401.2 Errors

Thank you! This saved me! Spent many hours playing with all possible settings, but turns out my web.config was corrupted somehow and this is what did the trick:

The fix in my case was to copy the web.config.default to web.config and voila everything snapped back to working.

These values are defined in the .NET master configuration web.config file which lives in:



March 03, 2022

re: Connection Failures with Microsoft.Data.SqlClient 4 and later

that made all my dependent tests suddenly to fail, when everything was building... doh... thanks for the post, a lifesaver 😉

March 02, 2022

re: JavaScript JSON Date Parsing and real Dates

This looks like a really good, robust solution and it's going in our project today. In a previous life, I had a custom reviver function to do this in my custom Http library. In the modern world, with Axios, that's no longer an option, so globally modifying the JSON object will do the trick. Axios is hermetically sealed, which is a bit surprising.

If I can make 2 comments: Native javascript date serialization no longer sucks, and, as a result, moment.js is no longer necessary (or maintained). Second, it would be great if this was an npm.

February 27, 2022

re: Excluding Files and Folders in Visual Studio Web Site Project

Publish profiles now seem to be located under Project Properties (the little wrench icon, not the Properties page). Took 4-eva to find em, too; why does MSFT make the stupidest simplest repetitive task so hard to find in help/bugs/etc.? At least as of 16 and 17 versions of VS.

February 17, 2022

re: Accessing RouteData in an ASP.NET Core Controller Constructor

this is still relevant in .NET 6 - thanks for the post! love your blog

Rick Strahl
February 10, 2022

re: West Wind WebSurge 2.0 is here

@Doug - WebSurge on its own doesn't 'fish out' any values. But you can:

  • Use the Capture tool to capture urls while you navigate
  • Use an OpenAPI/Swagger import if that's available

I show both in the video. The latter requires that the site exposes the OpenAPI/Swagger endpoints in order to be able to import from there.

February 10, 2022

re: West Wind WebSurge 2.0 is here

This is awesome, thanks. I'll be playing with this pretty much all weekend long!

Doug Dodge
February 08, 2022

re: West Wind WebSurge 2.0 is here

Hi Rick!

Dumb question time 😃. I have not used WebSurge, but am pivoting to where I may. I noticed what appeared to be tests that indicated knowledge of your album site. I was curious to know if testing a site required prior knowledge or does WebSurge "fish out" the links and then present you with the ability to manually add good or bad values?

Thanks! And thanks again for your contributions over the years to the community, writ large.