Azure WebJobs is a great way for running any kind of script or executable as a background process in connection with an Azure App Service Web Site or App. You can upload an executable or script as a WebJob and run it either on a schedule or continuously. The WebJob can perform any function you can stick into a command line script or program and using the Azure WebJobs SDK, you can trigger actions to happen as a result of inputs from a number of sources, for example:

1. A message arriving on an Azure Storage queue;
2. An Azure Storage blob being created or updated;
3. A message arriving on an Azure Service Bus queue.

WebHooks provide a simple mechanism for sending event notification across web applications and external services. For example, you can receive a WebHook when someone sends money to your PayPal account, or when a message is posted to Slack, or a picture is posted to Instagram. The opportunities for integrating services using WebHooks are endless. ASP.NET WebHooks provide support for both sending and receiving WebHooks allowing your ASP.NET applications to easily integrate with other services.

If you are new to ASP.NET WebHooks, then check out the blog Introducing Microsoft ASP.NET WebHooks Preview. For an introduction for how to use ASP.NET WebHooks for sending WebHooks, please see Sending WebHooks with ASP.NET WebHooks Preview. For scaling up and out when sending WebHooks, please see the blog New Year Updates to ASP.NET WebHooks Preview.

In this blog we will describe how to send ASP.NET WebHooks from inside an Azure WebJob as a result of a message arriving on an Azure Storage Queue. However, there are many more possibilities for using these two technologies together.

The functionality described in this blog is available in the Microsoft ASP.NET WebHooks Nuget packages version 1.2.0-beta6a – remember to set the preview flag when looking for them in Visual Studio.

Sending WebHooks from Web Server

As described in the blog Sending WebHooks with ASP.NET WebHooks Preview, the basic model for sending WebHooks works as illustrated in this diagram:

Here we have a regular Web site (for example deployed in Azure) with support for registering WebHooks. WebHooks are triggered as a result of incoming HTTP requests, typically through an MVC controller or a WebAPI controller. The orange blocks are the core abstractions provided by ASP.NET WebHooks:

1. IWebHookStore: An abstraction for storing WebHook registrations persistently. Out of the box we provide support for Azure Table Storage and SQL but the list is open-ended.
2. IWebHookManager: An abstraction for determining which WebHooks should be sent as a result of an event notification being generated. The manager can match event notifications with registered WebHooks as well as applying filters.
3. IWebHookSender: An abstraction for sending WebHooks determining the retry policy and error handling as well as the actual shape of the WebHook HTTP requests. Out of the box we provide support for immediate transmission of WebHooks as well as a queuing model which can be used for scaling up and out, see the blog New Year Updates to ASP.NET WebHooks Preview for details.

The registration process can happen through any number of mechanisms as well. Out of the box we support registering WebHooks through a REST API but you can also build registration support as an MVC controller or anything else you like.

Sending WebHooks From WebJobs

The WebHook abstractions for the WebJob are the same as for the Web site allowing you to manage and send WebHooks in an identical manner. The difference is that you can now send WebHooks not just as a result of incoming HTTP requests but also as a result of messages being sent on a queue, a blob being created, or anything else that can trigger a WebJob:

Creating an Azure WebJob

In the blog New Developer and Debugging Features for Azure WebJobs in Visual Studio, you will find a great overview of how to create an Azure WebJob using Visual Studio. This can be used to set up a Command Line project including the Microsoft.Azure.WebJobs Nuget package. Alternatively you can see this sample project which contains the code below:

The project contains three pieces:

1. An App.config file where we configure the WebJob;
2. The usual Program static class with a Main entry method to the application;
3. A Function class where we will add a method to be invoked when a message arrives on a given Azure Storage Queue.

To configure the WebJob, we set three connection strings in the App.config file:

<connectionStrings>
  <add name="AzureWebJobsDashboard" connectionString="DefaultEndpointsProtocol=https;…" />
  <add name="WebHookListener" connectionString="DefaultEndpointsProtocol=https;…" />
  <add name="MS_AzureStoreConnectionString" connectionString="UseDevelopmentStorage=true;" />
</connectionStrings>

internal class Program
{
    /// <summary>
    /// Gets or sets the <see cref="IWebHookManager"/> instance to use.
    /// </summary>
    public static IWebHookManager Manager { get; set; }
 
    public static void Main(string[] args)
    {
        // Set up default WebHook logger
        ILogger logger = new TraceLogger();
 
        // Set the WebHook Store we want to get WebHook subscriptions from. Azure store requires
        // a valid Azure Storage connection string named MS_AzureStoreConnectionString.
        IWebHookStore store = AzureWebHookStore.CreateStore(logger);
 
        // Set the sender we want to actually send out the WebHooks. We could also 
        // enqueue messages for scale out.
        IWebHookSender sender = new DataflowWebHookSender(logger);
 
        // Set up WebHook manager which we use for creating notifications.
        Manager = new WebHookManager(store, sender, logger);
 
        // Initialize WebJob
        var listener = ConfigurationManager.ConnectionStrings["WebHookListener"].ConnectionString;
        JobHostConfiguration config = new JobHostConfiguration
        {
            StorageConnectionString = listener
        };
        JobHost host = new JobHost(config);
        host.RunAndBlock();
    }
}

public class Functions
{
    /// <summary>
    /// This method is triggered when a message arrives on the 'listener' queue on the
    /// the 'WebHookListener' Azure Storage Account. 
    /// </summary>
    public static async Task ProcessAsync([QueueTrigger("listener")] string message, TextWriter logger)
    {
        await logger.WriteLineAsync(message);
 
        // Send message to all subscribers as WebHooks. Use a predicate to filter
        // which receivers should get a WebHook request.
        await Program.Manager.NotifyAllAsync("event1", new { Message = message });
    }
}

Trying It Out

As there are several moving parts in getting this up and running, we will focus on the already existing sample code that you can find in the Microsoft ASP.NET WebHooks GitHub repository:

• CustomSender.WebJob: The WebJob project described above.
• CustomSender: A Web project having been set up to register and generate WebHooks as described in Sending WebHooks with ASP.NET WebHooks Preview.
• CustomReceiver: A WebHooks receiver project which can receive WebHooks sent by the WebJob and the Web Application.

To get the pieces put together, clone the ASP.NET WebHooks repository and open the WebHooks solution in Visual Studio. Configure the connection string settings for the WebJob as described above by editing the App.config file.

Now right-click on the solution in the Solution Explorer, select Set Startup Projects to include all three projects like this:

Now hit F5 to start the projects. You should see the WebJob starting up in a command line shell:

To verify that you receive WebHooks in the CustomReceiver project, set a breakpoint in the CustomWebHookHandler class like this:

Similarly you should see CustomSender project starting up with a Web page like this. Click on the buttons marked in red in the order illustrated here:

If everything is working OK, then the debugger should hit the breakpoint in the WebHook handler. This means that sending WebHooks from the Web Application works. Next, let’s try and generate a WebHook from the WebJob. First we need to create a queue called listener in the Azure Storage Account we provided in the App.config file. You can do that from the Cloud Explorer in Visual Studio by right-clicking on the Azure Storage Account and create a queue:

With the queue in place we can submit a message by double clicking on it and then add a message:

Once added, it will take some seconds but then you should see the message being sent to the WebHook receiver:

That is, now you can send WebHooks from WebJobs as well as from Web Applications!

Have fun!

Henrik

Two weeks ago, the ASP.NET team announced during the weekly ASP.NET Community Standup and on our blogs it was decided to rename ASP.NET 5 to ASP.NET Core 1.0. This announcement generated great questions that I’ll answer in this post. I’ll also update you on our progress with the ASP.NET Core and .NET Core releases.

Why Do I Still See ASP.NET 5 in Various Official Places?

It Looks Insoluble by David Goehring / CC BY 2.0

In the interest of transparency, we decided to disclose the name change before the changes were committed to GitHub. We didn’t want to surprise everyone with a flood of renames and changes to projects and documentation. Now that we are doing development in the open on the framework, tools, and documentation, you can see these changes in our code as we make them. We wanted to make a public statement about this change to ensure that you – our technical community – were all aware of the change at the same time, before code and documents started changing.

The current version that is available to download from NuGet and is compatible with Visual Studio tool is still called ASP.NET 5. You will find this now deprecated name still in place at www.asp.net/vnext until we are ready to ship a version of ASP.NET Core to customers. At that point, we will update the name online everywhere.

What are the versions for MVC and Web API?

The whole “ASP.NET 5 MVC 6 Web API 2″ sub-component versioning scheme was confusing. We’ve been working towards “One ASP.NET” now for years and we’re there. ASP.NET Core is versioned as 1.0 as it’s a near complete rewrite of ASP.NET with many new features and capabilities. It’s clearly a different product than ASP.NET 4.6.

ASP.NET Core includes MVC and Web API and they all share one version. They are all part of ASP.NET Core 1.0.

What Happened to the Release Date?

Over the last few months, we have been working through taking the ideas that were in DNX and merging those with some of the ideas that the .NET team had around building native applications on .NET Core. We want to deliver a consistent toolchain for all .NET Core applications, and Scott Hanselman has a great post on his blog covering the .NET toolchain.

The ASP.NET team has maintained a roadmap and schedule on GitHub, and over the last week the dates for RC2 and RTM were updated to ‘TBD’ (to be determined) and folks were confused as to why this change was made.

We thought that by the end of January 2016 we would have DNX features and experiences implemented within and on top of NET Core and the new CLI. We realized, along with other folks on GitHub and Twitter that we don’t have all those bits working together yet and we knew that we would miss the date. In this past week’s Community Standup video, Scott, Damian and Jon talked through this schedule change. We also heard the community loud and clear say that they’d rather we slow down a bit and let these bits bake. We are.

We’ve heard consistent feedback on the change from DNX to CLI: “great change, but why so late?” We agree. This change is the primary reason for our schedule slip. It’s clear to us now that we were running too fast and didn’t take the time to fully think this one all the way through. We’re sorry about that, particularly to the early adopters that took a bet on DNX. We hope that you’ll continue to come along for the ride and adopt the changes in the Core platform.

The .NET and ASP.NET teams could have made up some new dates to publish, but they wouldn’t be as accurate as we feel we could deliver without further review of our current state and the new tools we want to be sure we deliver. As soon as we have the new ASP.NET and .NET Core tools working together we will update the roadmap with more appropriate dates for ASP.NET and the .NET team will update their roadmap with dates for .NET Core. The two teams are working hard on the framework and tools, and we hope to be able to revise the roadmap with a more accurate schedule in the next few weeks.

We anticipate that this will push the RTM schedule back, but not by much. We will continue to be transparent about the framework as we develop in the open. We’ll publish dates on the roadmap soon, but not before we – and you – can count on them.

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

The team started with an initial discussion of the MSDN WebDev blog post – “An Update on ASP.NET Core and .NET Core” The team previously assumed that folks would watch the standup video, and have resolved to publish a blog post and we will continue to publish show notes on the webdev blog so that the show information can be more search-engine friendly. The team is improving messaging about the projects, and we plan to significantly improve it in the weeks ahead.

Some developers feel hurt by the changes in the ASP.NET Core renaming and schedule. Some customers have been very successful with ASP.NET 5 and the transition to ASP.NET Core has not affected them at all. The project is still early, not released and fully supported yet. If you need to avoid any significant changes to your framework, this framework is not for you yet. ASP.NET 4.6 is rock solid and does not have any large API changes happening. The team is learning how to make this style of development work, and they are getting closer to a better development model.

Links of the Week:

Steve Desmond wrote Performance is Paramount  about adding some static caching and tuning to his web server significantly improved his performance.  Damian commented that Response Caching is not available yet, but will be coming as part of the framework.

K. Scott Allen shared Downloading and serving node resources in an ASP.NET Core application

Questions and Answers:

Question: “Be Part of the Conversation” overlay on YouTube is annoying
— This is how Google wants you to join the interactive conversation on Google Hangouts

Question: Did I miss the story of RC2?
— Watch last weeks video and read the blog post.  Re-platforming on .NET CLI is taking longer than expected, and to ensure that we will deliver a killer product we are backing off on the timeline and will issue dates when we are confident

Question: What’s the story about LightSwitch HTML?
— We are not involved with that team.  Ask Beth Massi for more details

Question: Any plans on allowing input pass-through of JSON.NET’s type-handling setting in MVC?
— Nothing specifically, MVC options available when configuring your app are exposed and you can plug that with the configuration you need.

Question: WebAPI as a product keeps being mentioned – but is not a product, its merged with MVC. Doesn’t this add to confusion?
— Naming is hard – ASP.NET Core has MVC features and WebAPI features (from the previous versions).  What is meant is that ASP.NET Core includes these things by default now.

Question: Will we see a configuration where we can point IIS to a directory and it just runs?
— We want this to be the finished product, but is still in progress.  The IIS platform handler needs to be configured to call the appropriate executable to host the application.  If the platform handler is installed, a properly loaded web.config with information for IIS in your project should enable this process.
Follow-up question: Will you have to use a ‘publish gesture’ to make this work?
—- You can configure a web.config with all of the options you need, and in theory deliver that file with your application to configure IIS properly

Question: When will ASP.NET Core ‘Hello World’ work with .NET Native?
— Not in scope for RTM.  The demo video on Channel 9 was a hack to show a proof-of-concept and is not being developed actively.

Question: Starting a personal project, a simple web app — should I start now with RC1 Update 1?
— Depends on your tolerance – the big rename update for your code will be addressed in a guide that will be shared when the RC2 ships.  If you like the experience in RC1, you should like the experience in RC2.  You will have some work to update to RC2 but we do not believe it will be difficult.

Question: I am porting a BIG enterprise app comprised of multiple ASP.NET apps in virtual directories.  Will we see support for support sharing or virtual directories in Kestrel?
— No support for port sharing in Kestrel, that’s an Http.Sys feature.  You can achieve both of these with IIS, and you should use those features in IIS.  We’re working to get IISExpress to work properly with the RC2, and will have more details about IIS Express and IIS when the RC2 is ready.  We want to be able to deliver a solution that supports hosting separate ASP.NET Core applications as virtual directories in the same IIS application.

Question: Any tools for ASP.NET Core that are recommended for tracking down memory leaks?
— The team is using dotPeek and dotMemory from JetBrains.  The Visual Studio tools work very well also, and the team uses all of them were each is better.  There are no great tools for Linux yet, but the team is using perf and the Mono tools to diagnose.

Question: Any update on the .tfignore issue?  AspNet/Tooling#18
— No update — we will follow-up

Question: I want to run ASP.NET Core as a desktop app and I need the context of the current user…
— This is how ASP.NET Core is currently recommended to be run – as a console application

Question: Should you use ConfigureAwait(false) in ASP.NET Core?
— No – this is primarily for use when a synchronization context is in use, and that’s not the case in ASP.NET Core.

Question: VS Crashes at least 5 times a day for me, why don’t you have these problems?
— This is typically a problem with extensions or environments.  We recommend that you try shutting off some extensions to see if that helps. Scott will follow-up with this caller.

Question: Is there any OData in the new WebAPI
— No — not yet

Question: Is VSCode broken on Linux, it doesn’t work for me?
— Reach out to @code to ask for help.  Lots of folks are finding success, the @Code team can help.

Question: What about code-contracts on ASP.NET Core?
— No idea.. Ask a question on the ASP.NET Home Repo

Question: Is the .NET Platform Standard being discussed anywhere?  The working docs are not being updated
— That’s right — its being implemented now

Question: How do you catch global exceptions, previously this could be checked in AppDomain.CurrentDomain?
— There is an issue on corefx discussing this right now

Question: The .NET CLI supports vbc, can I run an ASP.NET Core application on VB?
— Not yet.  The team needs to connect the end-to-end pieces to make that work.

Question: VS 2015 community and 2013 community running very slow when debugging with the HD thrashing
— We recommend using SSDs because they improve performance significantly.  Also, Scott recommends going into Windows Defender or any other anti-virus is thrashing your build process.  Scott excludes Devenv, MsBuild, compilers, and the folder that code is in.  If not on an SSD, Scott recommends creating a 2GB memory disk and moving your compile process there.  Also, try running the SysInternals process monitor and see what the disk is doing.  Scott found a backup application was causing his VS problems in the past.

Question: I want to use EF7, but I need to do spatial queries.
— Ask a question about spatial on EF Core GitHub repo.  Jon also points out that there is a way to run EF6 with ASP.NET Core

Question: How do we build ASP.NET Core applications from TFS services that are not exposed to the internet?
— Set up a local feed of NuGet packages inside your firewall and point your build agent at that

Question: People on Reddit and Blogs are obsessed with Native compilation into a single binary
— Neat, but not critical to ASP.NET success right now

Question: It feels like EF7 is not ready enough…
— We need more details about this in a focused discussion of those needs.  The team is focusing on the top 80% of features that applications need, and some features will not make the initial cut.

Question: I like the startup class features in ASP.NET Core like ConfigureServices, but when creating a Console app it doesn’t exist.  It would be nice to have consistency.
— The primitives that support ConfigureServices and DI are part of the web framework and are not in the console app.  You can add those features into a framework for a console application

The next ASP.NET Community Standup will be held live on Feb 16, 2016 from live.asp.net  Check in there to get the exact time in your timezone.  Join us, talk with the team and learn the latest about ASP.NET

We just added a couple of new features in ASP.NET WebHooks that makes it easier to build some nice integrations with Slack Slash Commands. These commands make it possible to trigger any kind of processing from a Slack channel by generating an HTTP request containing details about the command. For example, a command typed in a Slack channel can be configured to send an HTTP request to an ASP.NET WebHook endpoint where processing can happen:

/henrik Remember to buy flowers!

Parsing Slack Commands

In the post Updates to Microsoft ASP.NET WebHooks Preview we described the basics of how to use ASP.NET WebHooks with Slash Commands. That used a simple string to trigger the command without going into detail with what the command would look like. However, what if you want to build a Slash Command that can manage a list of users like this:

/list add <user>
/list list
/list remove <user>

public class SlackWebHookHandler : WebHookHandler
{
    public SlackWebHookHandler()
    {
        this.Receiver = SlackWebHookReceiver.ReceiverName;
    }
 
    public override Task ExecuteAsync(string generator, WebHookHandlerContext context)
    {
        // Get Slash Command data as a name value collection
        var command = context.GetDataOrDefault<NameValueCollection>();
 
        // Parse the text of the form 'action parameter'.
        var slashCommand = SlackCommand.ParseActionWithValue(command["text"]);
 
        // Look at action and parameter
        string action = slashCommand.Key;
        string parameter = slashCommand.Value;
 
        return Task.FromResult(true);
    }
}

/list add title=Remember to buy flowers!; assignedTo: henrik
/list list

public class SlackWebHookHandler : WebHookHandler
{
    public SlackWebHookHandler()
    {
        this.Receiver = SlackWebHookReceiver.ReceiverName;
    }
 
    public override Task ExecuteAsync(string generator, WebHookHandlerContext context)
    {
        // Get Slash Command data as a name value collection
        var command = context.GetDataOrDefault<NameValueCollection>();
 
        // Parse the text of the form 'action p1=v1; p2=v2; ...'.
        var slashCommand = SlackCommand.ParseActionWithParameters(command["text"]);
 
        // Look at action and parameters
        string action = slashCommand.Key;
        NameValueCollection parameters = slashCommand.Value;
 
        return Task.FromResult(true);
    }
}

Responding with Data, Images, and More

Just like it is possible to pass more complex commands, it is also possible to respond with structured data and even to include tabular data, images, and more. To facilitate this we have added the SlackSlashResponse class which helps you build a response to send back to Slack. In its simplest form, it takes just a string but you can add attachments to it containing structured text, tabular data, and images:

public class SlackWebHookHandler : WebHookHandler
{
    public SlackWebHookHandler()
    {
        this.Receiver = SlackWebHookReceiver.ReceiverName;
    }
 
    public override Task ExecuteAsync(string generator, WebHookHandlerContext context)
    {
        // Information can be returned using a SlackSlashResponse
        var slashReply = new SlackSlashResponse("Hello from ASP.NET WebHooks!");
 
        // Slash replies can be augmented with attachments containing data, images, and more 
        // The fallback description is used in clients that can only show plain-text replies.
        var att = new SlackAttachment("Attachment Text", "Fallback description")
        {
            Color = "#439FE0",
            Pretext = "This is an attachment!",
            Title = "Attachment title",
            ImageLink = new Uri("http://www.example.com"),                         
        };
 
        // Slash attachments can contain tabular data as well
        att.Fields.Add(new SlackField("Field1", "1234"));
        att.Fields.Add(new SlackField("Field2", "5678"));
 
        // A reply can contain multiple attachments
        slashReply.Attachments.Add(att);
 
        // Return slash command response
        context.Response = context.Request.CreateResponse(slashReply);
 
        return Task.FromResult(true);
    }
}

Trying it out

We provide a sample that shows both parsing commands and generating responses using the same model as outlined above. By setting up the Slash Command as described in the blog Updates to Microsoft ASP.NET WebHooks Preview and publishing an ASP.NET WebHook Slack Receiver with a handler like above you can get a structured response similar to this:

That’s it! Now you can process complex Slack Slash Commands and generate structured responses!

Happy Valentine’s Day!

Henrik

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

Links of the Week

• DocNet – A static documentation site generator from Frans Bouma for .NET 4.6
• DocFx – A documentation generator for .NET Core from Fanie Reynders
• ASP.NET Monsters – A podcast talking about ASP.NET Core cutting edge tricks and techniques
• Doug Ludlow published a tutorial on using Angular2, JSPM, and ASP.NET together
• Paweł Grudzień wrote a walk through of the .NET CLI
• Pluralsight released a ‘play by play’ course featuring John Papa and Shayne Boyer walking through ASP.NET Core 1.0 development
• Microsoft Web Platform Day in Glasgow - Feb. 18, 2016
• Mike Brind wrote an article about View Components in ASP.NET Core
• Shannon Deminick shared the Smidge project on GitHub that implements bundling and minification for ASP.NET Core.
• Matthew Jones posted a good article on how to get started writing middleware for ASP.NET Core

Accomplishments

Why does Damian have a gavel in the ASP.NET team room?  During a security review in the past, a security analyst brought the gavel so that they could interrupt the presenting engineers to point out items that need review.

The post-its on the wall behind Damian are older, from a different team and are not relevant any longer.

Over the last two weeks a number of planning meetings and discussions took place to discuss what is remaining for ASP.NET Core.  There is a set of data that the team is collecting and prioritizing in order to better estimate a final delivery date.  Among the items under discussion is a versioning story for delivering a first version that can be easily updated.  There are lots of implications to this including how projects get built, the frameworks and tools get updated, and the team wants to ensure that they get it correct.

There are roughly four key foundational documents that the team needs to agree on in order to have the final scope of deliverables.  Damian feels that these are not ‘Github Issues’ but a higher-level document and discussion that will generate issues that support these documents.  These documents cover roughly the following concepts:

• .NET Core CLI
• .NET Core Project Model
• .NET Standard Library
• .NET Platform Standard

The interesting thing about this release compared to prior releases is that the Microsoft teams are very much abiding by the transparency of an open-source project and you can see all of the changes and discussions that are taking place in developing the ASP.NET framework and tools.  Damian pointed out that a similar experience happened with Visual Studio 2010 when a beta was released and the feedback indicated that more work was needed. A delay was announced and in a closed-source manner the teams quietly worked through similar discussions that you are hearing about now prior to the release of Visual Studio 2010.  The result: a good product that a number of developers are still using today.

Questions and Answers:

Comment: If this is open source, there needs to be transparency

— We agree, once we have a delivery date confirmed we think developers will be able to start making decisions about how to proceed.  If you are working off of nightly builds, you may have to engage in changes between now and the release date.

Question: If ASP.NET Core is supposed to launch as a console application, when I have several web applications in a solution and I hit F5, will it launch in debug mode with several console windows?

— Not if they are configured to launch in IIS express – IIS Express will launch in the systray with the applications launched and managed in the scope of IIS Express with no window

Question: What is the status of ASP.NET Identity for ASP.NET Core

— User management UI is not part of ASP.NET Core, and a full product like Identity Server can handle and provide a user interface for this.  There is a self-serve identity registration and password management capability in the templates and framework.

Question: If ASP.NET Core is being delayed, will Entity Framework Core be able to get more features in?

— No… no one is able to get more features in because all teams are blocked by the same core engineering concept changes.

Question: Can the standup be run earlier?

— The standup is held at 10am PT one week and 3pm PT the next.

Question: Is SignalR being released before or after RTM since that date is being pushed out?

— After – we are not adding scope to the release.

Question:  Is “MVC6″ available on ASP.NET 4.6?

— No… the MVC capabilities in ASP.NET Core are part of ASP.NET Core, and not specific to MVC. MVC6 was named that because it had the same package name as MVC 5 and needed a new version number. Due to the rename it is now just MVC that is just part of ASP.NET Core.

Question: Can this ASP.NET Core project format be used with ASP.NET 4.6 projects?

— No, ASP.NET 4.6 does not support this capability

Question: Bower files are placed in wwwroot/lib – this puts them in source control.

— Hanselman has a blog post about how to move this content around using Gulp. Then exclude the lib folder from source control appropriately

Question: Will ASP.NET Core in IIS be hosted in w3wp.exe?

— No, the Http Platform Handler will be used — Scott has a blog post that demonstrates how this works with Ruby on Rails.

Question: How about integrating console windows into VS?

— Not yet… and out of scope of ASP.NET.  The package manager console and the new REPL in Visual Studio should get you a lot of the features you need.

Question:  Are there plans for supporting Oracle DB?

— This is an entity framework question — we’re working with partners to help support other drivers like Mongo and Postgres.  Big and obvious stuff like this is in the works. 

Question: When ASP.NET Core 1 is released, when will EF7 (now Entity Framework Core 1) and SignalR come out?

— Entity Framework Core is part of the release. SignalR is not on the schedule yet, we will let everyone know when we can plan to deliver that feature.  The team is not adding scope and is working hard to not drop scope from the release.  They are purposely not mentioning dates because they are focused on functionality right now.

Question:  What does the team think of Aurelia?

— Scott and Damian haven’t used it yet, but Jon has tried it and is happy with it.  It should work fine with ASP.NET Core because it is a front-end library that should work great with any server-side framework

Question: How is the performance work going?

— Good! There is a larger team engaged now that is prepping updates that will be submitted to TechEmpower benchmarks. It will get faster, as there are some known techniques that are still being implemented that will drive performance by another 20-30% This is the one area that is low-risk and could get more attention and benefit from a pushed out timeline.

Question: Can we have a type-safe configuration file? We have typescript and roslyn – why not strongly-typed?

— This was purposely designed to be extremely flexible to allow for many different configuration options.  Filip W. has a blog post that demonstrates adding this capability of code as configuration  Damian uses strongly-typed classes that are populated by config files, check the documentation for more details.  Scott prefers .INI files because he’s a child of the ’90s.

Comment: Thank you for putting Gulp into the new web templates — introduced a new developer to Gulp and they enjoy working with it now.

Question: Noticed that the team is using an internal version of Moq, are there any mocking frameworks available that support .NET Core?

— Not yet, the issue is that most have a dependency on a Castle.Windsor feature.  We submitted a PR to Moq to allow it to be able to support .NET Core, and we haven’t followed up to determine if it was accepted.

Question: Whats the best way to get session state into ASP.NET Core?

— Its there… it’s a new session API with providers for Redis and SQL.

Question:  Are there any renames coming like Microsoft.Extensions.*

— No… the tools may change , like the EF Command Line tool and the user secrets tool

Question:  Is there an example of using OAuth with Google?

— Its in the new default templates in Visual Studio, there are samples in the entropy repository. The sample one in the docs doesn’t show how to handle custom claims — look in the repo or ask a question in the Issues.

Question: Is there a way to get csproj files to automatically add files that are in the project path in a way like the new project.json project model does?

— There is a way to update the csproj content to include a folder with a wildcard, but Visual Studio doesn’t understand it.  This is one of the features of the new project model.

Question: Can we create a new HttpRequest and push it down the pipeline from inside that application for testing or a proxy?

— Yes, the team uses this for testing — the error handler middleware will reset and re-run the pipeline when there is an error.

Question: Several solutions with several projects referencing each other are creating problems when new commits are fetched. Dnu restore and then restart seems to be the only way out

— This is a problem that the team is working on.  The way around this seems to be to clsoe Visual Studio and sync from Git first so that Visual Studio does not kick off a dnu restore as the project is updated from Git.

Question:  If an application under Kestrel crashes, is there an automatic restart?

— Your front host-process like nginx or IIS knows how to restart the server process that its maintaining. If you’re not using a host-process and running kestrel directly then you should be able to re-run using the service process.

Question: Can we get a JToken from json config when the full key path isn’t specified?

— The config API only returns strings so that it is provider agnostic. The config primitives are all string-based so that you can change your configuration provider.

Question:  Calling MVC6 API using CORS from another app, all works fine when returning 200 and 404 status codes. When an unhandled exception returning a 500 status code is triggered, the access-control-origin header isn’t configured properly.

— There is CORS-middleware available that can be configured, but CORS is a browser-centric concern.  The CORS policy is only needed if you are doing anything that is not a simple GET.

Question:  Do you foresee a lot of API churn going forward?

— The APIs in the ASP.NET stack are very stable – the work is now in the packaging, installers, and under-the covers experience.

Question: How can I use Azure App Service Simple Auth with an ASP.NET Core application?

— The Azure feature is based on traditional ASP.NET features and will not available at launch of ASP.NET Core.

Question: Is it possible to have the build process create everything needed for the web app in one directory?

— This is one of the key scenarios the team is trying to define the story around.  How does the .NET CLI prepare content to be published is the question they’re working through.

Question:  What is the status on Http Basic, Digest or NTLM authentication on kestrel?

— NTLM and Digest will not be in 1.0, Damian needs to verify if Basic is included in 1.0 but does not think Basic auth middleware is built yet.

Question: What samples would you suggest to learn the latest bits? Is Music Store up to date?

— Not yet… the end-to-end story is not there yet, you would only get fragments. The new release isn’t ready until the .NET CLI stuff is ready. Dnx is out of date now and you should wait until the framework is a little more ready.  Jon also recommends checking out the MVC Samples repositories on GitHub.

Summary

Thank you for reading and your interest in ASP.NET.  We know the Community Standup is a good resource for those folks that want to be engaged with the team, and we look forward to sharing more with you next time.  Follow along at http://live.asp.net

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

Links of the Week

Ben Adams shared the good news of the ASP.NET Core Kestrel performance celebration on the Age of Ascent blog

Andreas Håkansson announced that he is now working full-time for an organization that is funding the development of the Nancy project for CoreCLR.

Steve Gordon published a nice post describing how to send emails from ASP.NET Core

Matthew Abbott wrote up a detailed description of how routing works in ASP.NET Core

From NDC London, Microsoft ASP.NET Security PM and all around nice-guy Barry Dorrans is featured in a video describing Security, Identity and Authorization in ASP.NET Core.

The architecture of StackOverflow.com, a huge ASP.NET MVC application, was published and discussed on Nick Craver’s blog.

Scott Allen wrote up a good technique for avoiding the service locator pattern in ASP.NET Core

Shayne Boyer shared some diagrams, code, and a good walk-through of using haproxy, nginx, Angular 2, ASP.NET Core, Redis, and Docker together

Anuraj wrote up a nice intro of getting started with Entity Framework Core migrations

NuGet Package of the Week

We’re starting the NuGet Package of the Week feature up again, and this week we decided to highlight Cake – the C# Make project:

Cake website

Cake (C# Make) is a cross platform build automation system with a C# DSL to do things like compiling code, copy files/folders, running unit tests, compress files and build NuGet packages.

Install it now for your application with the following command:

Install-Package Cake

Accomplishments

The ASP.NET team is still working through preparations and is not yet ready to share deliverable dates and could be ready to specify a deadline in the next few weeks.  The team is working very hard to ensure that the core foundational concepts are well defined for the initial release of ASP.NET Core.

Some of the MVC framework developers are working on performance improvements in TagHelpers.

There are no API changes planned, and the dev team is working through the re-platforming from dnx to .NET CLI.

Some folks are trying the dev branches of ASP.NET Core, and those branches are mostly converted off of dnx.  The dnx-based tooling still works with RC1 and will be converted over to .NET CLI for the next public release.  You can work with the nightly dev branch bits, but need to work closely with the correct NuGet feeds and .NET CLI tools.  Damian emphasized that the dev branches are a work in progress and not for the feint of heart.  Installers and appropriate installation management tools will be updated and delivered with the public release .

Questions and Answers

 Question: Will analyzers work again with ASP.Net Core? I know in ASP.NET 5 they didn’t

— They should work in ASP.NET Core, there is nothing special about ASP.NET Core compared to .NET Core.  The real question is will the analyzers work with .NET Core, and we believe that the answer will be yes.

Question:  With CLI the assemblies are stored on the disk(not like with DNX). Considering that .net native is far from finished can we assume that when an asp.net core app will be deployed then there will be dlls with IL byte code stored on the disk?

— Yes, the dnx dynamic compilation was demonstrated as a development-time feature.  .NET Core CLI has a clear compilation step that you an use to generate binaries and deliver to your production space.  You can also generate native binaries with an additional step to cross-gen your binaries.

Question: What’s the status on csproj -> project.json project references?

— Coming in RC2

Question:  Will you officially ship and support NodeServices for RTM?

— We would like to ship a beta at about the same time as the ASP.NET Core RTM.  It needs to be updated from dnx-compatible to the .NET CLI version of ASP.NET Core and we’re delaying that until the core framework are done.

Question:  What is the status of TFS continuous integration with ASP.NET Core?

— Not sure… you should be able to point your CI service to the solution file and that will build it or you could directly call the .NET CLI executable to build on the command-line.

Question: Will there be an intermediate release with dotnet CLI stuff and then RC2… or is that what the RC2 release be?

— At a minimum we want to get to a stable build with a good installer that will deliver templates and Visual Studio tooling.  You would be using MyGet feeds to get the nightly builds, but we don’t expect to do any more public releases before an RC2.

Question:  Does a core app need to be compiled for each platform?

— The goal is to be able to generate (by default) a portable application and run it on Mac or Linux and execute it by running “dotnet MYAPP” using the .NET CLI runtime that is running on the other machine.  You could take the extra step to generate binaries that don’t require the .NET runtime, but that stand-alone application makes it platform specific because you would need to compile in the runtime bits.

Question:  Is ASPNET core identity 100% backwards compatible with ASP.NET Identity – DB Schema, Hashing algorithm?

— Its not 100% compatible, but we are looking to build a point-release in the previous identity framework to provide a level of interoperability between identity on 4.6.x and identity on Core with a minimum of changes in 4.6.x

Question:  If you pre-jit binaries will the runtime still monitor execution to improve the performance of hot code-paths that the pre-jit static analysis may not optimise in the best possible manner. or can we rely on the static analysis/pre-jit being great?

— Cross-gen’ing an application probably will not work this way because the JIT step is skipped.

Question: Which dependency injection container is used in ASP.NET Core?

— We wrote our own baseline container that other containers that are more full-featured could implement and add their features to.  We expect other containers to be implemented and configured in web applications.

Question: Is anyone working with the Docker guys to create aspnet containers based on Alpine like they’re doing with all the other official images like Node and so on? (The Alpine base image is just 5MB compared to 200MB for ubuntu:14.04)

— Yes, we are working on an Alpine container

Question:  I want to know if I am right? if we build application with DNX we are talking about ASP.NET 5 (the old name), and building with the new DOTNET we are talking about ASP.NET Core.

— Correct: This is a point-in-time confusion during the version update.  Damian will refer to dnx if its the currently released ASP.NET 5 frameworks and .NET CLI if he is referring to the work underway for the next version of ASP.NET Core.

Question:  I tried to install dnx prerequisities on Ubuntu following the docs instrustions, but could not resolve dependencies.

— Not sure about the specifics based on this question – Ubuntu should work, we have been using 14.04 LTS some are using 15 and have run into some issues but we’re not sure if this is still the case.

Question:  Last week you talked about .net core docs, including the project system, did you see my pull request regarding that on the core-docs repo?

— These documents that Damian is working on are conceptual requirements documentations almost like a spec for project managers to be able to guide their development teams.  The document submitted looks fine, and will leave it for the .NET team to review.

Question:  What is the status of entity framework 7 to support stored procedures?

— We don’t think it does yet – issue 245 in GitHub looks like this is not yet implemented

Question:  How many GitHub Octopus t-shirts does Damian have?

— Just one, and he really likes to wear it to the stand-up

Question:  Will there be a authentication middleware specific for Active Directory Federation Services with OAuth2?

— This is OpenID-connect middleware, yes… this is already available

Finally, some folks were looking for some post-credits scene like in Ferris Bueller or the Marvel movies.. No, we’re not cool enough to produce that type of add-on to our videos.  We have some of our other technical issues that need to be straightened out first.

Thank you to everyone that tuned in to the live recording and asked questions.  The team is always looking forward to hearing for you.  Join us on March 1st at 23:45 UTC, 18:45 ET, 15:45PT or just check the timer at http://live.asp.net for exact time in your timezone as well as a reminder that you can add to your calendar.

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

This week, Damian was not able to make the meetup and in his place Eilon Lipton and Maria Naggaga sat in.  Eilon is the development manager for ASP.NET and Entity Framework and has been on the ASP.NET project for many years, worked on the original MVC implementation, and invented the ASP.NET UpdatePanel.  Maria Naggaga joins Scott Hanselman’s team for developer outreach and has been with Microsoft for 3.5 years, right out of college.  She works primarily with university students and early-stage startups to get them up and running with Microsoft technologies.

Community Links

James Chambers wrote up the notes from an previous discussion on how to optimize Visual Studio for speed.

Check out the Client-Side Library Installer extension for Visual Studio 2015 that our colleague Mads Kristensen has been working on

Steve Lasker published his notes about integrating docker throughout your development process.

An update has been released for Ben Foster’s SaasKit for building software as a service applications using ASP.NET Core

Mike Brind wrote an article about Encryption and Decryption in ASP.NET Core

The is a proxy library available in the ASP.NET organization on GitHub

TechEmpower, who manages the benchmarks ASP.NET’s Kestrel is comparing against, featured a post about the Kestrel performance benchmarks.

The ASP.NET Monsters podcast shared a screencast about Loading Settings from a Database in ASP.NET Core

Hisham published a post on Code Project about Localization Extensibility with ASP.NET Core

There’s a good series on getting started with ASP.NET Core and Angular from Fiyaz Hasan

Arvind Gehlot wrote a post about improving performance of ASP.NET MVC 5 (not ASP.NET Core)

There’s a new article from Eric Anderson about how to send emails with MailGun from ASP.NET Core

Norm Johanson wrote an article about ASP.NET Core deployment on Amazon Web Services

Rachel Weil published a video on Channel 9 about how to get started with Visual Studio Code

Questions and Answers

Question: What is the status of SignalR for Mac and Linux?

— SignalR is scheduled for delivery after the initial RTM of ASP.NET Core

Question:  What is being done to correct the system corruption created by ASP.NET 5 RC1 Update 1?

— The team has seen the issue report and will work to track this down

Question:  Is there a way to override a controller’s authorize on an action level?

— The hosts were not sure of the answer to this one, but recommend you ask this question on the issues list for MVC and refer to using filters and attributes.  Another good location to ask this question would be on StackOverflow.  Scott also recommends taking a look at the source code to see what is possible.

Question: What is your recommendation of having basic websocket functionality in ASP.NET Core application (one-way communication, no transport fallbacks)? Middleware or opening a channel in a MVC controller? With MVC we already have easy routing. Any downsides?

— Official support will not be available in RTM, but there is a preview version that is available. Its not completely at the quality level Microsoft wants to deliver of a fully-supported library.

Question:  Do we have an RC2 release date?

— Don’t have any yet, they will be posted on GitHub as soon as we know. The big things moving are the dnx -> .NET CLI change over. The next big thing is the change to the new .NET Standard target framework monikers.

Question:  Really excited about the docker post – I’ve got a PR for the ASP.NET docker image, any tips to help get that PR merged?

— We’re following up with the repo manager to check status

Question:  About the page rendering strategy: My understanding of ASP.NET MVC is, that the general procedure is to start rendering from a leafe (bottom, page) and going up until the root (top, layout), why is it not the other way around?

— The initial view rendered in MVC dictates which layout to reference and passes view data to that layout.  Someone could build a view engine that renders in a different order.  This isn’t a razor specific question, but rather the view engine.

Question:  I noticed Publish with precompilation still leaves razor pages as plaintext files. Will there be option to precompile/embed them in the near future?

— Precompilation of razor was cut from v1. Embedded razor views can be placed in a DLL and the EmbeddedFilesProvider can be used to deliver that content.

Question: What is the status of getting XML documentation compile options into project.json?

— This is not turned on by default, but the project.json file for any of the ASP.NET repositories on GitHub have this option activated by default in the compilationOptions element.  Eilon also recommends disabling the compiler warning with the nowarn property demonstrated in those project.json files.

Wrap Up

Maria will be presenting in Hong Kong at the Microsoft Cloud Roadshow on March 10 and 11.  We encourage our friends in Hong Kong to come out and say hello to Maria at the Roadshow.  Tune in on March 8th to learn more from the team.

We are very excited to announce the availability of ASP.NET WebHooks Release Candidate 1. Thank you for all the positive feedback, suggestions, pull requests, and comments to date – they are essential to the process so keep them coming!

WebHooks provide a simple mechanism for sending event notifications across web applications and external services. For example, you can subscribe to receive a WebHook when someone sends money to your PayPal account, or when a message is posted to Slack, or a picture is posted to Instagram – the opportunities are endless! When subscribing, you provide a callback URI where you want to be notified. When an event occurs in the service you subscribe to, a WebHook is sent to your callback URI with information about what happened so that your Web Application can process it accordingly. WebHooks happen without polling and with no need to hold open a network connection while waiting for event notifications.

ASP.NET WebHooks provides support for receiving WebHooks from other parties as well as sending WebHooks so that you can notify other parties about changes in your service:

• On the receiving side, it provides a common model for receiving and processing WebHooks from any number of WebHook providers. It comes out of the box with support for Azure Alerts and Kudu, BitBucket, Microsoft Dynamics CRM, Dropbox, GitHub, Instagram, MailChimp, PayPal, Pusher, Salesforce, Slack, Stripe, Trello, WordPress as well as IFTTT and Zapier, but it is easy to add more. It also supports queued processing of WebHooks so that they can be processed elsewhere.
• On the sending side it provides support for managing and storing subscriptions as well as for sending event notifications to the right set of subscribers. This allows you to define your own set of events that subscribers can subscribe to and notify them when things happens. ASP.NET WebHooks provides a lot of flexibility for sending and persisting WebHooks, scaling up and out your solution, as well as sending WebHooks from WebJobs and other places in addition to your Web Application. Out of the box, WebHooks subscriptions can be stored in Azure Table Storage or SQL, but they can actually be stored anywhere.

Currently ASP.NET WebHooks targets ASP.NET Web API 2 and ASP.NET MVC 5. It is available as Open Source on GitHub, and you can use it as preview packages from Nuget. For feedback, fixes, and suggestions, you can use GitHub, StackOverflow using the tag asp.net-webhooks, or send me a tweet.

We have a bunch of samples, blogs, and preliminary documentation. Below is a set of pointers that you may find helpful. If you are new to ASP.NET WebHooks, then check out the blog Introducing Microsoft ASP.NET WebHooks Preview.

Sending WebHooks

The following resources provide details about building support for sending WebHooks:

• Sending WebHooks with ASP.NET WebHooks Preview describes the basic model for handling WebHook subscriptions, generating event notifications, and for receiving such WebHooks. Also check out the associated sample of a basic Web Application sending custom WebHooks and a sample receiving custom WebHooks.
• The blog New Year Updates to ASP.NET WebHooks Preview Dec 2015 goes into details for how to send events to all users and how to scale up and out your solution using persistent queues. There is also a sample scaling out WebHooks by sending them to a queue.
• The blog Sending ASP.NET WebHooks from Azure WebJobs describes how to send WebHooks from WebJobs, which enable you to generate WebHooks triggered by a number of sources including queues, blogs, etc. See also the associated sample sending WebHooks from a WebJob.
• The blog Updates to Microsoft ASP.NET WebHooks Preview Nov 2015 describes how to store WebHook registrations in SQL and how to register WebHook modules with a dependency engine.

Receiving WebHooks

The following resources provide details about how to receive WebHooks:

• Sending and Receiving WebHooks triggered by workflows and custom workflow activities from Microsoft Dynamics CRM.
• Subscribing to Instagram listening for media posted within a given geo-location and associated sample.
• Subscribing to new and updated leads and opportunities from Salesforce.
• Subscribing to Slack WebHooks and Using Slack Slash Commands enabling rich commands with structured data, images, and more. Please also see associated sample.
• Integrating with IFTTT and Zapier to Monitor Twitter and Google Sheets and associated sample.
• Receiving WebHooks from Azure Alerts and Kudu (Azure Web App Deployment) and associated sample.
• Sample building a Bitbucket WebHooks receiver.
• Sample building a Stripe WebHooks receiver.

Tooling

Thanks to Brady Gaster, we we have a Preview of a WebHooks Visual Studio Extension!

As always, let us know what you think and have fun!

Henrik

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

Community Links

Steve Gordon explores extending the Identity SignInManager

Muhammad Rehan Saeed shared his ASP.NET TagHelper for Subresource Integrity – this caught the attention of Scott and Damian, and they are interested in looking at this a little further.

Norm Johanson wrote up an article on the Amazon AWS blog about Continuous Delivery to the Amazon Platform

Hisham Abdullah Bin Ateya published an article discussing Pluralization in ASP.NET Core.  Damian pointed out that pluralization is not currently supported directly in the framework and its nice to see the community working on some of these topics.

Paul Knopf shared some code on GitHub that supports starting a new project with React in ASP.NET

We also want to point out ReactJS.NET – a framework for using React with ASP.NET written by some of the contributors to the React project.

David Pine published his steps to get an Angular 2 SPA running on ASP.NET Core

From NDC London, Dominick Baier talked about security in ASP.NET Core

Also from NDC London, Steve Sanderson shows how to build better single-page-apps with ASP.NET Core

Sayed asked for some feedback on the ‘One ASP.NET dialog’ on GitHub.  Go read the issue and comment

Damien published a great article that shows how to use Angular 2 with OpenID Connect Implicit Flow and Identity Server 4.

The TurboLinks feature from Rails has been implemented on ASP.NET and the source is on GitHub in the TurboLinks.NET project from Tommy Parnell

Henrik announced WebHooks RC1 for ASP.NET 4.6

The ASP.NET Monsters published an article about building ASP.NET Core projects on AppVeyor

The ASP.NET Monsters also published a screencast discussing dependency injection in ASP.NET Core

Questions of the Week from Twitter

— Where should I file a bug for ASP.NET Core tooling?

File a bug on the ASP.NET Tooling repo on GitHub

— Can we address a lack of love for ES6 tooling in Visual Studio?

You can use either the NodeJS tools for Visual Studio or the WebCompiler extension to enable ES6 functionality

NuGet Package of the Week

This week we’re going to highlight the JSNLog project

JSNLog is a package that provides easy JavaScript-based client-side logging that connects to your server to deliver the information you want to log from the browser.   They have support for ASP.NET 4.x using an HTTP Handler or OWIN Middleware and the also have support for ASP.NET Core with a middleware component.

The project has been running since 2012 and has 34k downloads with a most recent release in Feb. 2016.  There is great documentation about the APIs, examples, and how-to get started videos on their website.

Install it now in your web application with the following command:

Install-Package JSNLog

Accomplishments

Damian reiterated that the team is committed to not declaring a delivery date until they are sure that they can make that date.  There have been many meetings over the last few weeks to iron out the design of the remaining items.  One item that Damian highlighted is the shared runtime that the .NET Core app can be programmed against, a mini-.NET runtime that could be shared and be redistributed as is currently done with dnx in the RC1.  The benefit of this shared runtime is that the managed runtime is specific to the machine and the shared runtime can be deployed with the application in a smaller package to any machine that supports it.  The team is ironing out how the .NET CLI will separate ths various concerns of this architecture.

The teams have a hackathon planned for early next week to review and plow through integration issues in the frameworks with a goal of delivering an installer for the frameworks.  Once that is accomplished, Damian feels confident he can set delivery dates for ASP.NET Core.

Scott pointed out that this is the balance that .NET and Java provide that separates them from NodeJS where the base framework is very small and everything comes from an npm package.  The base NodeJS project has many dependencies and packages that are installed prior to writing a line of code.

Damian emphasized that its important to get the structure of the framework and application model correct in .NET Core and ASP.NET Core 1.0 so that future versions can build on it and developers can have a killer product with the quality they expect from Microsoft.

Questions and Answers

Question: What is the profiling API situation in .NET Core?  Is it the same as .NET Framework?

— There is a profiling API in Core CLR and we know that some existing profiling tools just work in Windows.  In particular, we are using dotTrace.   The story on Linux and Mac is a little more confusing because those tools don’t work.  The CLR team is putting together guidance and tools that will help with this.  The current concept is that you would turn on a flag, probably with an environment variable, that will notify your application to emit profiling information that could be taken to a Windows machine and loaded into perfview. There are also some scripts being worked on that will allow your application to trace events on Linux with the perf tool.

Question:  Are WebForms possible as middleware on ASP.NET Core?

— Anything is possible, but it would be a gargantuan task

Question:  How legit is the NodeServices stuff from Steve Sanderson?

— Completely legit – the plan is to ship it as a beta in time for the RTM of ASP.NET Core.  More information about this topic can be seen in Steve’s presentation on Channel 9.

Question:  Can you confirm that SQL Azure does not work with ASP.NET Core RC1-Update1?

— SQL Azure most definitely works on this version, you may have another problem in your configuration

Question:  How can I leverage Azure Service Bus Brokered Messages without REST?

— The client has not been ported to .NET Core, and they are awaiting the WCF client to be ported.

Question:  Will there be an Express version of SQL Server on Linux for Dev?

— Unknown by the team at this point, but we do know that you can run the preview that was released in a Docker container.  That may be your initial dev story.  More information will be announced by the SQL Server team as they determine pricing, licensing, and other information around this new release.

Question:  Will a REPL be available in the new Core toolchain?

— It does exist, but its not clear if it will make it to the RTM.  At the moment, the team is considering cutting it out in order to complete RTM.

Question:  Is Kestrel the final name for the webserver or will it be branded?

— Yes, Kestrel is the name of the server.  We do not have plans to name it “ASP.NET Tiny WebServer Service Pack 1″

Question:  Given the timeframe, are there any surprise announcements for the Build conference?

— Nope, everything is open-source.  We promised to be transparent about the framework and tools, there are no surprises here.

Question:  What is the difference between net451 and dnx451 in project.json?

— net451 is desktop framework – dnx451 is .NET Core and dnx451 is going away in RC2

Question:  Can I host kestrel in a UAP application?

— No, the APIs for kestrel are not available in UAP

Question:  Can we add a SignalR refresh for Live.asp.net so that the video appears when broadcasting starts?

— Yes and no.. we have a pull-request for this and Damian has not implemented it yet because he is busy working towards the RTM of ASP.NET Core

Question: Could you use the ICU Message format for .NET pluralization

— We are actually using the ICU database format in .NET Core

Question:  What is the progress on the WCF client port?

— Pretty far along, needs some work like Service Bus syndication.  Not sure where it is or how to get it

Question:  Can you share anything about the Xamarin acquisition?

— Nope… only what has been announced publicly

Question:  Is there a .NET CLI story for scaffolding?

— Sayed and the team are working on this, and its out of scope for version 1.

Thank you to everyone that tuned in to the live recording and asked questions.  The team is always looking forward to hearing for you.  Join us on March 15th at 23:45 UTC, 18:45 ET, 15:45PT or just check the timer at http://live.asp.net for exact time in your timezone as well as a reminder that you can add to your calendar.

The Visual Studio extensibility ecosystem has been steadily growing in the past years and the community has built some really great extensions. Some of these extensions are specific to web development scenarios and are useful to almost all web developers using Visual Studio.

The only problem is to find all these relevant extensions.

That’s exactly the problem Web Extension Pack was created to fix. It’s an unofficial extension created by the Visual Studio Web Team that describes itself as the easiest way to set up Visual Studio for the ultimate web development experience. It installs web development specific extensions that has proven themselves over time to be stable and add a lot of value to web developers.

Here are some of the extensions that are included:

• Bootstrap Snippet Pack
• Browser Reload on Save
• Browser Sync
• Image Optimizer
• JavaScript Snippet Pack
• Web Analyzer

See the full list of extensions here.

An extension can be selected to be part of Web Extension Pack when it is:

• Stable – the extension won’t crash or hang Visual Studio
• Open source – gives the community a chance to participate
• Useful to the majority of web developers
• Curated by the Visual Studio Web Team

When installed, Web Extension Pack will look to see if Visual Studio is missing some of the extensions and if it does it will install them. It shows this progress dialog when installing extensions:

This all happens really fast and when all the missing extensions have been installed, the user is prompted to restart Visual Studio. Restarting is optional of course, but the installed extensions aren’t usable until a restart happens.

If there are some of the extensions being installed you don’t want, you can simply disable them in the Tools –> Extensions and Updates… dialog.

Another really cool thing is that when new extensions have been selected to be part of the Web Extension Pack, you don’t have to do anything to get this new extension. Web Extension Pack installs it automatically for you. Think of it as a push model where new features are being delivered to you automatically.

Go download Web Extension Pack and check out the source code on GitHub.

This is the first time we offer an extension like this and we would love your feedback. Did we select the right extensions? Should this concept be expanded to non-web scenarios too? Is it a great idea? Please sound off in the comments below.

With the coming changes in ASP.NET Core, our friend and intrepid reporter Seth Juarez sat down with ASP.NET Program Manager Pranav Rastogi to discuss the updates and improvements in the new ASP.NET Core authentication system:

Here are some of the highlights of their discussion and some sample code to get you started:

Pranav gave a quick definition of authentication compared to authorization:  Authentication validates who the user is and authorization validates access to the actions a user wants to perform.

The authentication scenarios in ASP.NET are still the same as in previous versions: OAuth can be enabled with providers available for Facebook, Twitter, Microsoft Account, and Google.  You can still manage a database of your own users with their own passwords on your application.  Additionally, two-factor authentication is easy to add to your application with code samples commented out of the initial ASP.NET Core project templates.

The four authentication options by default in a new web application are:

• No authentication
• Individual User Accounts – a security database will be created and you can configure individuals to access your application with a userid and password, an OAuth provider, or two-factor authentication, or any combination of these items.
• Work and School Accounts – Using Azure Active Directory
• Windows Authentication

Configuration of your controllers and actions to restrict access to logged on users are very similar to how they behaved before, with the added benefit of being able to configure security policies that define a collection of security claims that a user has been granted.  Claims can even be checked in the server-side code of razor views to determine segments of content to deliver to web visitors.

In the individual user account model, all access of the database goes through Entity Framework models by default.  You can change the connections and structure of the repository used by Entity Framework to meet your needs, and entity framework will generate or connect to your repository appropriately.

If you are using Yeoman generators to start an application, they will allow you to choose templates that will either create an application with security enabled similar to Individual User Accounts OR without authentication.  The secured code generated by Yeoman will use the Entity Framework SQLite provider in order to deliver a cross-platform compatible experience.

The following NuGet packages deliver the features necessary to enable individual user account access:

• Microsoft.AspNetCore.Authentication.Cookies
• Microsoft.AspNetCore.Authentication.Facebook
• Microsoft.AspNetCore.Authentication.Google
• Microsoft.AspNetCore.Authentication.MicrosoftAccount
• Microsoft.AspNetCore.Authentication.Twitter
• Microsoft.AspNetCore.Identity.EntityFramework

The packages for Facebook, Google, MicrosoftAccount, and Twitter are only needed if you are going to enable OAuth authentication from those sources.

Configure the entity framework storage with these two segments in Startup.cs – ConfigureServices method:

The default user model is stored in /Models/ApplicationUser.cs  You can add properties to this class to store those properties with the user identified in your application.  In the default project template, the username will be the same as the user’s email address.  If you add properties to your user model, you will also want to expand the RegisterViewModel appropriately to receive any extra fields that you want your users to submit at registration time.

Default account management and authentication views are stored in the /Views/Account The Controllers/AccountController contains the actions to manage the user.  The AccountController receives and provides a UserManager to manage the data about a user and the SignInManager is used to handle verification of a user’s credentials.

The _LoginPartial.cshtml demonstrates how to inspect the user object and determine if the user is authenticated and how to fetch the username

If you want to allow authentication from a third party provider like Facebook, there are guides on MSDN that will instruct you how to establish an account with that provider and capture your app keys to access that service.  These keys should be retrieved from configuration and stored for configuration using the secret manager.

More documentation can be found at docs.asp.net

We are very happy to announce along with our partners at DevExpress, a new version of the ASP.NET AJAX Control Toolkit is now available.  This version, labeled 16.1 delivers some documentation improvements, tutorials, and some long requested updates for existing controls.

This is the one year anniversary of the stewardship of the AJAX Control Toolkit with DevExpress, and we thank them for their service to maintain the project.  To help encourage further involvement with the project, its online source and managemenet has been moved to GitHub in the AjaxControlToolkit repository.  Documentation for the toolkit has also been migrated and is hosted on GitHub.

Issues from CodePlex have mostly been deactivated and redirected to GitHub.  You can report new issues on GitHub for the team to investigate.

You can also install the toolkit from a NuGet package.

More information about the improvements and details of the fixes can be found on the DevExpress blog.

After learning about Authentication in ASP.NET Core, our intrepid reporter Seth Juarez wanted to dig deeper into the ASP.NET Authorization story.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Notes and links from their discussion follow.

Authorization verifies that a user is permitted to access functionality, and requires some form of authentication in front of it.  Authentication confirms a user’s identity.

Barry pointed out that many developers in older versions of ASP.NET implemented their own AuthorizeAttribute, and did not fully implement the entire specification.  In ASP.NET Core, there is an authorize attribute, and it is a marker attribute that performs no actions.

Source code and samples discussed in this video were previously shared in a workshop Barry presented and are online at: https://github.com/blowdart/AspNetAuthorizationWorkshop

Authorization capabilities for ASP.NET Core are added and configured through the use of the Microsoft.AspNet.Authorization NuGet package.  The middleware used to handle cookies is delivered in the Microsoft.AspNet.Authentication.Cookies package.  These packages are included by default in the ASP.NET project templates that have security enabled.

There are two HTTP Status Codes that are very important in web security:

• HTTP 401 – Unauthorized: the current user is not authenticated
• HTTP 403 – Forbidden: the current user is authenticated by is denied access

The default MVC templates are configured to redirect HTTP 401 responses to a login page that will then return the logged-in user to the previously unauthorized page.

Cookie Authentication has five options:

• AuthenticationScheme – a string that identifies the authentication provider.  ‘Cookie’ and ‘Bearer’ are currently supported
• LoginPath – the path to the login page
• AccessDeniedPath – the path to the error page to show when the user is not authorized to access
• AutomaticAuthenticate – Run on every request and attempt to identify a user from a cookie’s contents
• AutomaticChallenge – Automatically redirect a 401 or 403 error to the appropriate path

There is a new AuthorizationPolicy capability in ASP.NET Core that can be defined to require authenticated users and Barry demonstrated how to use this policy in an MVC filter.  The AuthorizationPolicy and Filter can then be bypassed in the controllers that allow anonymous users with the new AllowAnonymous attribute.

Everything about our identity in ASP.NET Core is now claims-based.  That is: all attributes of the identity are defined as separate claims on the identity object.  Barry went on to explain that a principal can be composed of multiple identities.  The comparison is this: a principal is a unique individual but they may have multiple identification cards such as their driver’s license, passport, or employee id badge.  Those identification cards are their identity to those issuing organizations, just like your Twitter, Facebook, or Microsoft Account ID.

Barry showed us that the redirecturl querystring passed to our login page needs to verify that the url passed in local to our application, otherwise links could be constructed to bounce through your site that look like your visitors are visiting your application and are actually redirected to somewhere outside of your application.

One authorization strategy that was discussed by Barry and Seth is a secondary authentication when a user attempts to perform a task that requires an additional level of authorization.  Instead of simply rejecting a user as not allowed to access and administrative feature, you could configure your application to prompt for a two-factor authentication token or some additional piece of information.

The Authorize attribute now supports defining requirements for access using both roles or a policy.  The policies can be defined in code outside of the project and can inspect the identity for claims to compare against or they can execute any arbitrary code to test against.

Barry also clarified that MVC controllers with multiple Authorize attributes decorating them are all required to be met in order to grant access to the controller’s actions.

More details about ASP.NET Core security can be found at docs.asp.net

In the next video in this series, Barry and Seth will discuss more complex authorization scenarios.

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

Community Links

Muhammed Rehan Saeed responded to comments in this standup last week about his Subresources TagHelper with some updates

Hisham wrote an article about making PO files work with localization in ASP.NET Core

Shannon Deminick shared some content about how to do custom assembly loading with ASP.NET Core

Damien Bod explores secure file downloads using IdentityServer4, Angular 2, and ASP.NET Core

An update to his ASP.NET Core + Angular 2 SPA project template was shared by Shayne Boyer

Security Analyst extraordinaire Barry Dorrans recorded a video with Seth Juarez from Channel 9 discussing ASP.NET Core Authorization

Anthony Chu wrote about implementing Content Security Policy in ASP.NET Core

The ASP.NET Monsters video this week covers getting started with Docker.

Some guy named Hanselman shared his steps for building and running Visual Studio Code on a Raspberry Pi 3

Accomplishments

Damian has been in Building 25 with the ASP.NET Team, CLR Team and other teams working on an integration hackathon to get some of the bits more tightly integrated for ASP.NET Core, .NET Core, and the .NET CLI.  The team is next working through Visual Studio tools up and running.  Once the team has confidence in what comes out of the hackathon, they can set a schedule for the delivery of the frameworks.

The team is much closer to delivering the new shared framework model that will be the basis for ASP.NET Core applications.  By the end of this week, the team hopes to have an initial installer.

Questions and Answers

Question:  When will ASP.NET go live?

— No dates yet — the team is close to setting a date

Question: When will the VS Code team introduce debugging for ASP.NET Core?

— A preview was released last week that requires an RC2 nightly build.  It is very experimental at this time

Question: Will ASP.NET Full-framework run on Nano Server?

— No, Nano is built with .NET Core and does not support the full framework

Question: With Microsoft acquiring Xamarin, is Mono an officially supported platform for ASP.NET Core?

— No… there is no change as a result of Microsoft acquiring Xamarin

Question:  WebHooks are in RC for ASP.NET 4.6, what are the plans for using WebHooks in ASP.NET Core?

— No firm plans yet.  The team is focused on delivering webhooks for the full-stack and then will consider ASP.NET Core

Question:  The .tfignore thing – is that integrated with the project system and Visual Studio tooling?

— We don’t know the details on this and Scott will follow-up

Question:  Are you going to do another round of alphas and beta releases before RC2?

— No.. the next public release will be RC2

Question:  When is Barry Dorrans going to get his basic-auth code production ready?

— We don’t expect this to be completed anytime soon….

Question:  What is the story with web pages?

— Its on the roadmap for post-RTM.  There was a session about some concepts the team is kicking around in the ASP.NET Fall Sessions that you can review on Channel 9.

Question:  When will EF be production ready?

— It will be done when ASP.NET Core is done.  The team feels that there is an underlying issue that the commenter is looking for help with.

Question:  I was working with ASP.NET Core on a Raspberry Pi and it crashes quickly

— You’re probably working with it on Mono and an older version of that framework.  It shows the promise of the future and is not currently a focus of the team.  The team would probably focus on getting it working on Windows IoT first, and Raspbian later.

Question:  Are there any TFM updates happening post RC2?

— The team is trying to prevent any  additional TFMs from being created.  The new TFMs that are slated to be released with RC2 are:

• netstandard1.x for targeting the .NET Standard framework versions
• dnxcore50 is being replaced by netcoreapp1.0 representing apps built using the .NET Core CLI

You will see that the team is actively using these new TFMs in their code on GitHub

Question:  When can I expect my tooling request to be addressed?

— Scott will follow-up with the commenter

Question:  XUnit for Core seems a bit hard to get working and unpolished

— The team is using a fork of XUnit for their testing and will work with the XUnit team to get their source updated once the next version of ASP.NET Core and the .NET Core framework is released.  The private build of XUnit is available in the ASP.NET GitHub organization.

Question:  Where is the place to learn about the .NET Core library, NETCore TFMs and the like?  Do I need them if I’m using the full .NET Framework on Windows?

— There are a lot of heavy docs available, nothing in the ‘getting started’ model yet.  If you’re working with the full .NET framework on Windows you will have much less to think about than if you are trying to work with .NET Core on any OS.

Question:  Can you have WebAPI actions in the same controller as MVC actions?  This caused me some problems with routing.

— This should work – the old style verb-based API actions use a shim that brings in a base-class, but it should work.

<added by Jeff>

I ran some quick tests with RC1 and the following controller DOES work with a GET to an API endpoint and a GET to a /Search MVC endpoint

Question: Can we get some sense of actual progress made against the individual subprojects? MVC, EF, .NET Core?

— No, not really.. Damian doesn’t want the meeting to turn into a status report and there is no dashboard currently available for public consumption.

Question:  Browserlink appears to be missing and not working?

— It is not yet open-sourced and will be re-introduced at a later time

Question:  Why weren’t things like code-contracts, mocking, and testing built from the outset?

— The team is rebuilding the entire stack ad these things are going to be built on top of the the framework that the team has started.  Once the framework is done, these can be layered on top.

Question: VS TagHelpers are not showing code completion.  Is my install correct?

— There are two things that must be configured properly to enable Visual Studio intellisense for TagHelpers:  The Microsoft.AspNet.Tooling.Razor NuGet package must be referenced by your project and the @addTagHelper directive must be used at the top of your view or the top of your _ViewImports file.

Thank you to everyone that tuned in to the live recording and asked questions.  The team is always looking forward to hearing for you.  Join us on March 22nd at 20:00 UTC, 13:00 ET, 10:00PT or just check the timer at http://live.asp.net for exact time in your timezone as well as a reminder that you can add to your calendar.

ASP.NET developers who deploy their code to Azure App Service have remote debugging features available from the Visual Studio Server and Cloud Explorer windows. ASP.NET 4x projects can be debugged live in App Service by simply right-clicking your Web, Mobile, or API Apps in Cloud Explorer and clicking the “Attach Debugger” action. Under the hood, what happens during a remote debugging session is that the Visual Studio remote debugger attaches to the W3WP.exe process, in which the ASP.NET 4.x code executes. Since ASP.NET Core RC1 code is executed within the DNX.exe process, the remote debugging feature fails to light up breakpoints in ASP.NET Core applications automatically. This blog post will demonstrate in screen shots and a 2-minute video how ASP.NET Core developers can reap the benefits of remote debugging, too.

Remote Debugging made easy

Attaching to the remote debugger is simple. Below is a screen shot of the Cloud Explorer in Visual Studio, which exposes a series of actions hanging off of each Azure resource in my subscription. Note the “Attach Debugger” action in the bottom pane of the window. By clicking this action your Visual Studio instance will reach out to Azure and create a connection to the debugger process running in the App Service fabric.

As outlined in the original blog post announcing the availability of remote debugging, the debugger attaches to the W3WP.exe process, which hosts ASP.NET 4.x code in both IIS and on Azure App Service. Since ASP.NET Core RC1 applications run in the DNX.exe host process, attaching to the remote debugger via the traditional gesture in Cloud or Server explorer fails to enable your ASP.NET Core code breakpoints.

Attach to the DNX.exe Process

Luckily, the Visual Studio remote debugger offers you the capability of connecting to any of the running process on your Azure App Service. In fact, this ability is one of the reasons we’re able to enable remote debugging of your Azure WebJobs, which run as individual processes under the App_Data folder of your App Services (but that’s another story for another blog post).

In the video below you’ll see that I initialize a remote debugging session in the traditional manner, by clicking the Attach Debugger action in Cloud Explorer. Then I click on the Debug –> Attach to Process context menu item to pull up the Attach to Process dialog, shown below. Once open, I can select the site I want to debug from the Qualifier menu.

Once I select the desired Web App I want to debug from the menu the list of processes running on that App Service is visible. By clicking on the process named dnx.exe, I can attach to the host process running my ASP.NET Core code.

The video below demonstrates the entire process of attaching to a remote debugger instance so I can step through my ASP.NET Core code running live in Azure App Service. In under three minutes I’m able to connect my local Visual Studio instance to the code running in App Service.

Next Steps

This blog post demonstrates how to debug your ASP.NET Core applications during the RC1 time frame, which uses the process name dnx.exe. In the RC2 time frame the process name will change from being dnx.exe. When RC2 is released, we’ll provide guidance on attaching to ASP.NET Core RC2 apps on this blog, as well as when the ASP.NET Core framework reaches RTM and beyond. We’re also working on adding one-click support for ASP.NET Core applications to the Visual Studio tools as well, so that in the future you won’t need to perform the manual “Attach to Process” step. We’ll keep you posted on the progress of that tooling on this blog, too.

For now, enjoy the debugging capabilities with your ASP.NET Core RC1 code on Azure App Service!

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET Core framework over the previous week.  Within 30 minutes, Scott Hanselman, Damian Edwards, Jon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on live.asp.net where the meeting’s schedule is posted and hosted.

This week’s meeting is below:

This week, Jon was not on the call to share the community links of the week but Scott and Damian jumped right in to discussing the week’s accomplishments.

Accomplishments

The BUILD conference is ‘eating the world’ according to Scott.  He is focused on preparing and Damian is working through preparations for ASP.NET Core RC2.  The goal with the ASP.NET Core team is not to complete it for a conference date, but to deliver a product when it is properly completed with a set of high quality features.

Damian is hearing comments from the community that folks are ‘losing confidence’.  Microsoft is very invested in this effort, with more than five teams working on the framework and platforms.  The team is patching the RC1 dnx and dnu tooling so that it will interoperate with the .NET CLI version of the world when it arrives in RC2.

Scott pushed on this, and they decided to depart from the typical standup format and pair-program with the current, most unstable ASP.NET Core build.

We learned how to enable the unstable DNX feed using an environment variable:

SET DNX_UNSTABLE_FEED=https://www.myget.org/F/aspnetcidev/api/v2

This environment variable is then picked up by the dnvm (dot net version manager) utility and displayed when dnvm is executed at the command-line:

Scott then proceeded to update dnx to the latest version from the unstable feed with the command:

dnvm upgrade -u

He updated the CoreCLR version of the dnx with the following command:

dnvm upgrade -u -r coreclr

The folks who are following along with the latest ASP.NET Core work go through this dnx update process daily and it is not expected that this is something that will need to be done by developers when the RTM version of ASP.NET Core is published.

Damian showed Scott how to get the current nightly build of the .NET CLI.  They opened a browser and navigated to:  http://github.com/dotnet/cli   In the readme document, there is a list of installers for different processor architectures and operating systems.  Scott grabbed the binaries for the Windows x64 version that matched his machine and extracted the zip file into:

%LOCALAPPDATA%\Microsoft\dotnet\cli

Next, Scott put the location of the CLI folder that was just populated on his user path.

Scott was then able to run the dotnet command-line tool by executing `dotnet`

In this state, Scott’s machine bridged the .NET CLI and dnx tools.  The design implemented utilizes dnx to get RC1 tooling working in Visual Studio with the .NET CLI.  The tooling in Visual Studio is constructed so that it will use the version of dnx that is configured with the default alias.

Scott created a new project by executing “dotnet new” at the command-line and was then able to open that as a project in Visual Studio 2015 by instructing it to open the project.json file inside of the new project folder.  Damian pointed out that Visual Studio will call the dnx and dnu commands that will execute and behave the same as the dotnet commands.

Unfortunately, the random continuous integration package versions that Scott grabbed were not functioning properly and Scott was unable to use those versions to run a simple ‘Hello-World’ application.

Damian explained the ideal workflow for new ASP.NET Core developers: a developers starts with a click on a download button at the ASP.NET Website and receive the dotnet executable.  They should then be able to run dotnet new to start a new application, dotnet run to compile and run that application and then dotnet publish to place the output of the app in a separate folder appropriate for publication.  Once delivered, users should be able to run dotnet <assemblyname> to run the application that was published.

Questions:

Question: Why are you ‘wasting time’ keeping dnx running instead of focusing on .NET CLI?

— The new dnx is a shim layer that will enable Visual Studio to work with the .NET CLI builds.  This will be kept up until the new Visual Studio tools are ready to support .NET CLI.

Question: Is there support in Azure Cloud Service for Web Roles using ASP.NET Core?

— Nothing new… You would need to get it running manually on the webrole by creating a webrole deployment project to bring in the entire set of .NET Core tooling.  Scott did something similar with Ruby in the past.

Question: Is NETStandard the proper casing for the TFM?

— Yes, the NET is a marketing reference to the .NET Framework and should be uppercase.

Question: System.Net.Mail is not available yet on .NET Core.  Should I wait or use another library?

— Good question, check in the dotnet/corefx repo for an issue about this.  Previously, there was a blog post shared during the standup from Eric Anderson about using Mailgun to send emails.

Thank you to everyone that tuned in to the live recording and asked questions.  The team is always looking forward to hearing for you.  Join us on March 29th at 22:45 UTC, 18:45 ET, 15:45PT or just check the timer at http://live.asp.net for exact time in your timezone as well as a reminder that you can add to your calendar.

After learning about the new Authorization Policy model in ASP.NET Core, our intrepid reporter Seth Juarez wanted to learn about more complicated ASP.NET Authorization policies.  In the following video, he speaks with ASP.NET Security Analyst Barry Dorrans.  Last time, Barry showed us how to get started with the new ASP.NET Policy model.  Notes and links from their discussion follow.

Previously with ASP.NET you had to authorize based on the membership of a role or the value of a claim.  In the new ASP.NET Core Policies, these security requirements can be expressed through code and enforce more complicated and more realistic authorization requirements.

Barry explained that claims are properties of an Identity that are not necessarily stored in a Cookie, but for the purposes of this demo they are and that makes them very easy to use in multi-webserver scenarios.  Seth cautioned against storing entire data tables in a claim. Examples of good claims to store include name, birth date, email address.  If you need more information from a claim, you could store a single value in a claim and then use that value to look up in a database using a Claims Transformation.

Barry used the example of the American minimum age to drink, 21 years old to help define authorizing users.  He inserted his birth date as a claim record into the sample code, yes Barry’s birth date is June 8th – be sure to wish him a happy birthday.  We’d like to make the policy work in other countries where the minimum age may be 16, 18 or some other age.

To enforce this requirement for a policy, the MinimumAgeRequirement class was created that implements the AuthorizationHandler<MinimumAgeRequirement> base class and the IAuthorizationRequirement marker interface.  The Handle method provided by the base class is where the enforcement of this requirement takes place.  The AuthorizationContext that is passed in to this method is used to mark if the acting user passes this requirement by calling the Succeed method.  Other possible outcomes from this method are to not mark success on the context, indicating that the requirement is not met and allowing another class to attempt to handle it and finally you can mark the context with Fail that will stop all policy checks when there is a system error.

The new requirement is added to the policy by calling policy.Requirements.Add(new MinimumAgeRequirement(21)) in the Startup.ConfigureServices method.

In the real world, there may be multiple requirements that are logically OR’d together.  The next sample highlights an office security scenario where people can be admitted entrance with either an employee badge, a visitor badge, or a temporary employee badge.  In this case, the OfficeEntryRequirement is defined in one class and implements the marker IAuthorizationRequirement.  There is no fancy logic for this, just a check for a badge and that will be implemented by one of several AuthorizationHandler classes.  Barry implemented these as AuthorizationHandler<OfficeEntryRequirement> subclasses.   In the HasBadgeHandler, the Handle method inspected the claim for the BadgeNumber and the issuer of the claim to verify that it meets the security requirements for the office.  The second class was created to verify if a temporary badge was issued and the expiration date.

Barry demonstrated that a policy needs to be registered in the Startup.ConfigureServices methods and then the two handlers that were constructed need to be registered with the dependency injection framework so that they are available when testing the OfficeEntryRequirement.  At the end of the same ConfigureServices method, Barry added two registrations that mapped IAuthorizationHandler to the Handler classes he previously created.  These simple classes were registered as Singletons because they are simple and stateless.

In the multiple requirement handler scenario, all requirements will always be evaluated so that any side-effects of the requirement handlers like logging are still enabled.

Next, Barry and Seth looked at a demo about Resource-based Authorization.  This allows you to grant access based on the action a user wants to take on some resource, perhaps a document, that the user may or may not have access to.  This additional check can be enforced in AuthorizationHandler classes that implement a second type in the generic AuthorizationHandler<T,K> base class.  The second type is the resource to inspect in order to determine access.  However, the enforcement of the resource authorization can no longer take place in an Attribute, and needs to take place in an AuthorizationService.  In the MVC controller, Barry showed a test using the AUthorizationService.AuthorizeAsync method and in the case of failure returning a ChallengeResult that will route the user to an appropriate 403 Forbidden page or requests for additional credentials.

Seth pointed out that this new design of authentication and authorization can be built completely separate from the application and added in where appropriate as the application is constructed.  Additionally, this means that the policy and requirements code can be unit-tested.

Barry showed an additional sample where he injected the AuthorizationService into a razor view with the @inject directive and used the AuthorizationService to show and hide items in the user-interface.  This does not prevent access to the resource, just hides the user-interface components and the Controller class still requires the authorization check in place to prevent someone, like Seth, from navigating directly to the hidden menu items.

Barry suggests you work through the workshop on his GitHub repository and take a look at the other samples he has available.  Some are sarcastic, some are interesting samples that you could use.  All of the security features for the new ASP.NET Core are documented at docs.asp.net

In a recent Community Standup, one of the questions that was asked of the team was: “How do I get started with Dependency Injection in ASP.NET Core?”  This is where we’re going to answer your question, because in this post we’re going to share how dependency injection is used in ASP.NET Core and how you can configure it to meet your needs.

A Primer

Dependency Injection is an application design that enables class dependencies to be automatically added to an instantiated object.  The net effect is a loose coupling between classes, with dependencies provided to a class as constructor parameters or properties.  These parameters or properties typically reference an interface so that a concrete object that implements that interface can be passed in.  Consider the following class design:

This overly simple tax calculator class requires an ITaxingAuthorityRules object to be passed in to it in order to be created.  This interface implements a method called “CalculateTax” and returns a decimal.  In the use of this tax calculator class, I could pass in different implementations of the ITaxingAuthorityRules for different countries or for a personal tax versus a corporate tax or even pass in a fake object for the purposes of testing the CalculateTaxesDue method.  The promise of this approach is this decoupling of resources that no longer need to know how they are being used, but can be focused on doing one thing and doing it well.  We continue to use our TaxCalculator into the future with new taxing rules. In using the Dependency Injection design, its a common practice to use a container object that is used to construct all of the objects that will be used in the application.  This container is configured with knowledge of many of the default interface to concrete class mappings so that as interfaces are requested by new classes an appropriate class can be created and injected into the new class.

Dependency Injection in ASP.NET Core

With ASP.NET Core, dependency injection is a fundamental tenet of the framework.  All classes instantiated by the framework are done so through the container service that is maintained by the framework in a container and configured by default in the Startup/ConfigureServices method. This method looks like the following in an RC1 default template:

In this code, an EntityFramework context, the identity configuration, the MVC framework, and mappings for an IEmailSender and ISmsSender are configured for the dependency injection container to be able to inject into other classes that it creates.  The IServiceCollection object passed into this method has a number of methods and extension methods connected to it that enable this simple mapping and registration of services.  Typically when you want to register your own mappings with the container, you will use either the AddTransient or AddSingleton methods register your mappings.  The AddTransient method instructs the container to create a new instance of the designated class for each instance of each created class that requires it.  AddSingleton creates one instance and passes that instance into each created class that requires it.  More details about configuring the container are available in the ASP.NET Core docs.

I like to add the Configuration that was built in the constructor of the Startup class to the container with a statement in the ConfigureServices methods to reads like the following:

services.AddSingleton<IConfiguration>(_ => Configuration);

This will stash the current value of the Configuration property in the container and make the configuration accessible to my entire project when I need it.

Controllers

Controllers are very easy to inject dependencies into, and a great example is the constructor for the default AccountController:

This constructor accepts five input parameters and places their values into private readonly fields. These parameters were all configured by the ConfigureServices methods, except for the ILoggerFactory. This interface, along with the IApplicationBuilder and IHostingEnvironment are added to the container by the ASP.NET framework.  Without having to write methods to configure and load each of these dependencies, our AccountController class can start working with them.

Views

The Views in our project can have objects injected into them by the container by using the new @inject directive:

The syntax indicates that the first argument is the type to require and the second argument is the variable name that will be exposed to the rest of the razor page.

Other Containers

The default ASP.NET container is simple and does not offer the robust configuration and performance options that are available with other containers.  Fortunately, you can swap out the default container with one of the community-created full featured ones that is already available as a NuGet package.  Autofac is one that is already available for ASP.NET Core, and you can add it to your project by referencing both the Autofac and Autofac.Extensions.DependencyInjection packages.  Next, change the signature of the ConfigureServices method to return an IServiceProvider.  Finally, add some configuration code at the end of the method to copy the registered services over to Autofac and register it as the new service provider:

Very cool… now my web application is using Autofac to resolve dependencies.

Summary

Dependency Injection is a design pattern for your classes.  ASP.NET Core makes it easy to get started with this design pattern by shipping a container that you can use with your application.  Configure your application’s controllers, views, and other classes that are instantiated by the framework with parameters on the constructor method to have those types automatically created and passed in to your class.  You can learn more about ASP.NET Dependency Injection from our documentation.

In the Azure SDK 2.9 we’ve made it significantly more convenient for developers who use Azure App Service to host their Web, Mobile, API, and background-processing WebJob apps. We’ve heard from customers who use Azure Resource Manager (ARM) templates to create their Azure topologies that they’re rarely creating one web app or one API app. Applications have layers, services, and tiers. To accommodate this scenario in the Azure tools we’re enabling you the ability to create App Services as a secondary services during provisioning. This means that in addition to the “main event” of your app-creation experience you have the ability to create N secondary App Services to contain the other tiers of your application. This post will cover such a scenario using an example Visual Studio solution representing a typical App Service composite scenario.

Example Visual Studio Solution

Consider the Solution Explorer screen shot below as a Visual Studio solution representing a potential “true story” scenario. In this scenario, I’ve created an API that my Web and Mobile apps will use. Each of these apps will call the REST API, which will in turn drop messages onto an Azure Storage Queue. Messages will be picked from the queue as they arrive and processed using an Azure WebJob.

Whenever I debug my end-to-end app, my MVC layer is my typical default front end for my personal testing so that’s my startup project. I’ll right-click-publish the MVC project in Visual Studio.

After selecting Azure App Service from the Publish dialog I’ll have the option of either selecting from my existing App Services or to create a New App Service. When I opt for creating a new App Service I’ll see the Create App Service dialog below. Web is the pre-selected option for my MVC project, so I can leave that alone and opt for creating a new Resource Group and App Service Plan in which to contain my app’s code.

Once I’ve established the basics of my app’s hosting scenario I can follow up on the main event by clicking the Services tab. Once there, by selecting All from the Show menu I can see the new addition in this list as of SDK 2.9 – the App Service option.

Selecting the All option on the Services tab

By clicking the Add icon next in the list of App Service services providers I’m able to add a second (or third, or fourth) app to my new Resource Group. With each new tier I need in my overall topology, I can add a new App Service resource during the provisioning experience.

Adding secondary App Services on the Services tab

I’ll be able to specify which type and name of each App Service, as well as being given an opportunity to select the correct App Service Plan. In this case the dialog defaults to the single App Service Plan (the new one I’ll also create during this creation process) I’ll have in my Resource Group. The second App Service I’ll add to my topology will be a Mobile App to host my Mobile App project code.

Secondary service configuration

App Services I’ve added be visible both on the Services tab and back on the Summary section of the Hosting tab. The finalized Hosting tab below shows all of my to-be-created resources and an indicator that I’ll be creating a new Resource Group at the same time.

The completely-full Azure Resource Cart

At this point, I can click the Create button to deploy the Azure Resource Manager (ARM) template I’ve created as I’ve added the services to my cart. If I think I’ll be creating a subsequent staging or production environment from this template later using the Azure command-line tools or the Azure Resource Group project template and Visual Studio tools, I can click the Export button in the bottom-left section of the dialog to save the JSON representation of this topology to disk.

Summary

The Azure SDK 2.9 release includes the great new feature that enables multiple tiers during App Service provisioning. Once you create your multi-tier application topology, you can use the publishing features to publish code into the various App Services. Use the comments below to let us know if this is helpful, if you encounter issues, or if you have ideas on how we can improve this or other experiences building your Azure App Services using Visual Studio.

We had an amazing time at the Build 2016 conference last week.  We learned a lot from you our customers and we hope you learned a lot in our sessions.  However, we don’t want to limit the Build content to the folks that made it to San Francisco last week.  Here’s some of the great sessions that you can watch now from Channel 9 about ASP.NET, Web Development, and Open Source.

Breakout Session Videos

.NET Overview

Introducing ASP.NET Core

ASP.NET Core Deep Dive into MVC

Deploying ASP.NET Core Applications

Some sessions not specific to web topics, but interesting for web developers

Visual Studio 2015 Extensibility

Get Started with Open Source

Workshops

There were some great hands-on workshops at Build for those in attendance. Thanks to Jon Galloway and team, the projects are available on GitHub for you to download and try.

Follow-Up

We had a great time at Build 2016 and look forward to meeting with the community more in-person about the exciting changes in ASP.NET Core and Web Development.  Tune in on Tuesday for the next ASP.NET Community Standup and stop back to this blog every day for fresh web development content.