DEV Community: Fabrício Marcondes Santos

Automating Deployments with GitHub Actions and Azure App Service

Fabrício Marcondes Santos — Mon, 23 Sep 2024 23:37:12 +0000

Introduction

Keeping your applications up-to-date and running efficiently is crucial to your project’s success. But how do you ensure every new code is automatically tested, integrated, and deployed? The answer lies in automating deployments using CI/CD (Continuous Integration/Continuous Deployment). GitHub Actions and Azure App Service form a powerful combination that allows you to automate the deployment process for .NET applications, ensuring your updates are always consistent and secure.

In this post, we’ll show you how to set up CI/CD pipelines using GitHub Actions to automate the deployment of .NET applications to Azure App Service.

What is GitHub Actions?

GitHub Actions is a workflow automation platform that allows you to create and run pipelines directly in your GitHub repositories. You can automate tasks such as testing, builds, and deployments whenever code is updated.

What is CI/CD?

CI/CD (Continuous Integration/Continuous Deployment) is a methodology that allows you to integrate and deliver code continuously. In practice, this means that every code change is automatically tested and deployed, ensuring your application is always up to date in production.

Prerequisites

Before we begin, make sure you have:

Azure Account: If you don’t have one yet, you can create one here.
GitHub Account: Go to GitHub to create a repository for your code.
Azure App Service Created: The application you want to deploy to Azure.
ASP.NET Application in GitHub: The .NET application is already in GitHub, and you want to automate its deployment.

Step-by-Step: Automating Deployments with GitHub Actions

Step 1: Creating a Service Principal in Azure

First, we need to configure a Service Principal in Azure, which is a security identity that GitHub Actions will use to authenticate and deploy to Azure App Service.

Open the Azure CLI and run the following command to create a Service Principal:

az ad sp create-for-rbac --name "github-deploy" --role contributor \
  --scopes /subscriptions/{your-subscription-id}/resourceGroups/{your-resource-group} \
  --sdk-auth

Replace {your-subscription-id} with your Azure subscription ID and {your-resource-group} with the name of your resource group.
The command will generate an output with the credentials for the Service Principal in the following format:

{
  "clientId": "YOUR_CLIENT_ID",
  "clientSecret": "YOUR_CLIENT_SECRET",
  "subscriptionId": "YOUR_SUBSCRIPTION_ID",
  "tenantId": "YOUR_TENANT_ID",
  ...
}

Copy this output. We will use it to configure secrets in GitHub.

Step 2: Adding Secrets to GitHub

Now, we will add the Azure credentials as secrets in GitHub.

In GitHub, go to your application’s repository.
Click Settings and then Secrets and Variables.
Add the following secrets:
- AZURE_CREDENTIALS: Paste the full JSON generated by the Azure CLI.
- AZURE_WEBAPP_NAME: The name of your application in Azure App Service.

Step 3: Creating the GitHub Actions Workflow File

Next, we will configure the GitHub Actions workflow file to deploy the application whenever new changes are pushed to the repository.

In your GitHub repository, create a new folder called .github/workflows.
Inside this folder, create a YAML file called azure-deploy.yml with the following content:

name: Deploy ASP.NET Core App to Azure

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Setup .NET Core
      uses: actions/setup-dotnet@v2
      with:
        dotnet-version: '6.0.x'

    - name: Build project
      run: dotnet build --configuration Release

    - name: Run tests
      run: dotnet test --no-build --verbosity normal

    - name: Publish project
      run: dotnet publish -c Release -o ./publish

    - name: 'Deploy to Azure Web App'
      uses: azure/webapps-deploy@v2
      with:
        app-name: ${{ secrets.AZURE_WEBAPP_NAME }}
        publish-profile: ${{ secrets.AZURE_CREDENTIALS }}
        package: ./publish

Workflow Explanation:

on: push: The pipeline will trigger whenever there’s a push to the main branch.

Setup .NET Core: Configures the environment to use the .NET 6.0 version.

Build project: Builds the application.

Run tests: Runs unit tests.

Publish project: Publishes the app to a ./publish folder.

Deploy to Azure Web App: Deploys the app to Azure using the secrets set up earlier.

Step 4: Testing the Pipeline

Now that the pipeline is set up, make a small change to your code and push it to the main branch. GitHub Actions will be triggered, and you can monitor the deployment process in the Actions tab of your repository.

Benefits of Using GitHub Actions with Azure

Automating the deployment process with GitHub Actions brings several benefits:

Full Automation: Ensure that every time new code is pushed to the repository, it is automatically tested and deployed, eliminating manual errors.
Deep Integration with Azure: GitHub Actions offers native integrations with Azure services, making setup and deployment easier.
Scalability: As your application grows, you can easily adjust the pipeline to include additional tests, build in multiple environments, and more.

Conclusion

Automating your deployments with GitHub Actions and Azure App Service is an efficient way to ensure your application is always up-to-date and in production with minimal manual effort. CI/CD pipelines allow you to focus on development while automation takes care of the rest.

Step-by-Step: Deploying a .NET Web App to Azure

Fabrício Marcondes Santos — Thu, 19 Sep 2024 22:02:30 +0000

Introduction

Imagine you've developed an amazing web application in .NET, and now you want to make it accessible to the world. One of the most efficient and scalable ways to do this is by deploying your application to Azure App Service. Azure provides a complete solution for hosting your applications without the need to manage servers, allowing you to focus on what really matters: development.

In this tutorial, we'll walk you through the process of deploying an ASP.NET application to Azure App Service, from creating the resource to deploying the application.

What is Azure App Service?

Azure App Service is a managed hosting platform that allows you to easily create and deploy web applications, APIs, and even mobile apps. It offers automatic scaling, built-in security, and support for multiple programming languages such as .NET, Java, Node.js, Python, and more.

For .NET developers, Azure App Service is the natural choice for hosting applications securely and at scale.

Prerequisites

Before starting, make sure you have the following:

Azure Account: If you don’t have one yet, you can create one here.
Visual Studio 2019/2022 or Visual Studio Code: Installed on your computer.
.NET Core SDK: Ensure the latest version of the .NET SDK is installed.

Step-by-Step Guide to Deploy Your Web App to Azure

Step 1: Creating the Web App in Visual Studio

Open Visual Studio and create a new ASP.NET Core Web Application project.

Select the ASP.NET Core Web App (Model-View-Controller) option.

Choose the latest version of .NET Core and configure the project name.

Build your application by adding controllers, views, and necessary logic.
Run the project locally to ensure everything works correctly.

Step 2: Creating the App Service in Azure

Now that your application is ready, let’s set it up on Azure.

Go to the Azure portal and sign in.
Navigate to "App Services" in the portal menu and click "Create".
Fill in the required details:

Resource Group: Create a new one or select an existing
one.

App Name: Choose a unique name for your app.

Publish: Select "Code".

Runtime Stack: Select the .NET version your app is using
(e.g., ".NET 6").

Region: Choose the nearest region for better latency.

Hosting Plan: Choose the Service Plan that best suits your needs. To start, the free plan (F1) is a great option for small projects.
Review and Create: Click "Review + Create", and after reviewing, click "Create" to provision the resource.

Step 3: Deploying the Web App to Azure

In Visual Studio, right-click your project and select Publish.
Choose Azure as the deployment target and click Next.
Sign in to your Azure account directly from Visual Studio if you haven’t already.
Select the App Service you just created as the deployment target.
Configure the deployment options, review the settings, and click Publish.
Visual Studio will now automatically deploy your application to Azure App Service. Once completed, the URL of your published application will be displayed.

Step 4: Verifying the Deployed Application

Once the deployment process is complete, your application will be available at the App Service URL.

Visit the provided URL to see your application live.

Test the application online to ensure everything works as
expected.

Additional Tips

Auto Scaling: Azure App Service allows you to configure automatic scaling based on traffic, ensuring your app can handle spikes in usage without issues.
Monitoring: Use Application Insights in Azure to monitor your app’s performance and identify bottlenecks.
Automated Deployments: For larger projects, you can configure GitHub Actions or Azure DevOps for continuous deployments whenever code changes are made.

Conclusion

Deploying an ASP.NET application to Azure App Service is a straightforward and efficient process. With just a few steps, you can make your application accessible to the world with scalable, secure infrastructure managed by Azure. If you’re new to Azure, App Service is a great starting point for hosting your .NET applications.

Unveiling Azure: The Future of Cloud for .NET Developers

Fabrício Marcondes Santos — Sun, 15 Sep 2024 22:38:51 +0000

Introduction

Imagine Azure as a vast toolbox in the cloud that offers scalable and flexible solutions for your .NET applications. Azure, Microsoft’s cloud platform, not only provides computational power and storage but also a complete ecosystem for developing, managing, and monitoring your applications efficiently and securely.

For .NET developers, Azure is the natural extension of their skills, enabling the creation of robust solutions in the cloud with full integration into the Microsoft stack.

What is Azure?

Azure is Microsoft’s cloud computing platform, offering a wide range of services to help businesses and developers build, test, deploy, and manage applications. Whether creating a simple web app or a complex machine learning solution, Azure has the infrastructure and tools needed to take your idea from concept to production.

Why Use Azure for .NET Applications?

For developers using .NET, Azure offers a series of benefits that make cloud development simpler and more integrated:

Full Integration with .NET: Azure is optimized to work with .NET, allowing you to use your existing knowledge to build powerful cloud solutions without needing to learn a new ecosystem.
On-Demand Scalability: With Azure, you can start small and scale as your application grows. Whether increasing processing power or storage, Azure makes it easy to scale without complications.
Automation Tools: Azure offers tools like Azure DevOps and GitHub Actions to help automate the development lifecycle, including CI/CD (Continuous Integration and Delivery).
Managed Services: Azure provides a range of managed services, such as databases, storage, authentication, and AI APIs, making it easier to build complete applications without managing complex infrastructure.
Security: With a focus on security, Azure provides encryption at rest, integrated network security, and compliance with industry standards like GDPR.

Key Azure Services for .NET Developers

Here are some of the most commonly used Azure services by .NET developers:

Azure App Service: A fully managed service for hosting web apps, APIs, and mobile apps. With native .NET support, it's a great choice for hosting your applications securely and at scale.
Azure Functions: A serverless platform that lets you run small pieces of code on-demand, without managing servers. Ideal for automation and background tasks.
Azure SQL Database: A fully managed relational database service optimized for use with .NET, with support for transactions, automatic backups, and recovery.
Azure Blob Storage: A scalable storage solution for any type of unstructured data, such as files, images, or backups.
Azure Service Bus: A messaging service that facilitates communication between different components and services of your application.

Practical Example of .NET Integration with Azure

Let’s consider a practical example: you're developing a web application in ASP.NET Core. With Azure App Service, you can easily host this application in the cloud, configure automatic backups, monitor performance with Application Insights, and automate deployments using GitHub Actions. The entire development and operations cycle can be managed with ease and efficiency.

Conclusion

Azure is one of the most powerful cloud platforms available, especially for .NET developers. With a wide range of services, built-in security, and on-demand scalability, it enables you to build, test, and deploy robust solutions quickly and efficiently. If you haven't explored Azure yet, now is the time to start!

Encrypting Columns in .NET Without Third-Party Dependencies

Fabrício Marcondes Santos — Sat, 17 Aug 2024 17:14:15 +0000

Introduction
Imagine you have a vault where you store confidential information. To ensure that no one else has access, you need a secure key that encrypts and decrypts this data. In programming, this concept is implemented using encryption, and ensuring your information is secure is essential.

In my recent .NET project, after upgrading to .NET 8, I realized that the 'EntityFrameworkCore.EncryptColumn' NuGet package was no longer compatible. Instead of being tied to a potentially abandoned package, I decided to create my own encryption solution. I'll share with you how I implemented this functionality to protect sensitive data without relying on third-party packages.

Why Create Your Own Solution?
Relying on third-party packages can be risky, especially if those packages are no longer maintained or regularly updated. Creating your own solution offers several advantages:

Total Control: You have complete control over how the data is encrypted and decrypted.
Flexibility: You can adjust the implementation as needed without waiting for external updates.
Security: Ensures that the libraries and methods used are secure and compatible with the latest version of .NET.

Implementing Column Encryption
Here's how you can implement column encryption in Entity Framework Core using a custom approach:

1. Create the 'EncryptColumnAttribute'
This attribute will be used to mark the properties that need to be encrypted.

[AttributeUsage(AttributeTargets.Property, AllowMultiple = false, Inherited = false)]
public sealed class EncryptColumnAttribute : System.Attribute
{
}

2. Create the Encryption Converter
The 'EncryptionConverter' converts property values for encryption and decryption.

internal sealed class EncryptionConverter : ValueConverter<string, string>
{
    public EncryptionConverter(IEncryptionProvider encryptionProvider, ConverterMappingHints mappingHints = null) 
        : base(x => encryptionProvider.Encrypt(x), x => encryptionProvider.Decrypt(x), mappingHints)
    {
    }
}

3. Extension for Configuring the ModelBuilder
This extension allows you to configure the 'ModelBuilder' to apply encryption to properties marked with the 'EncryptColumn' attribute.

public static class ModelBuilderExtension
{
    public static void UseEncryption(this ModelBuilder modelBuilder, IEncryptionProvider encryptionProvider)
    {
        if (modelBuilder is null)
            throw new ArgumentNullException(nameof(modelBuilder));
        if (encryptionProvider is null)
            throw new ArgumentNullException(nameof(encryptionProvider));

        var encryptionConverter = new EncryptionConverter(encryptionProvider);
        foreach (IMutableEntityType entityType in modelBuilder.Model.GetEntityTypes())
        {
            foreach (IMutableProperty property in entityType.GetProperties())
            {
                if(property.ClrType == typeof(string) && !IsDiscriminator(property))
                {
                    object[] attributes = property.PropertyInfo.GetCustomAttributes(typeof(EncryptColumnAttribute), false);
                    if(attributes.Any())
                        property.SetValueConverter(encryptionConverter);
                }
            }
        }
    }

    private static bool IsDiscriminator(IMutableProperty property) 
        => property.Name == "Discriminator" || property.PropertyInfo == null;
}

Interface for the Encryption Provider This interface defines the methods for encrypting and decrypting values.

public interface IEncryptionProvider
{
    string Encrypt(string value);
    string Decrypt(string value);
}

5. Implement the Custom Encryption Provider
The 'CustomEncryptionProvider' class implements the 'IEncryptionProvider' interface using the AES algorithm for encryption.

public class CustomEncryptionProvider : IEncryptionProvider
{
    private readonly byte[] _key;
    private readonly byte[] _iv;

    public CustomEncryptionProvider(IOptions<EncryptionOptions> options)
    {
        var key = options.Value.Key;
        if (string.IsNullOrEmpty(key))
        {
            throw new ArgumentNullException(nameof(key));
        }

        _key = Encoding.UTF8.GetBytes(key);
        _iv = new byte[16];
    }

    public string Encrypt(string value)
    {
        if (string.IsNullOrEmpty(value))
            return string.Empty;

        byte[] array; 

        using (Aes aes = Aes.Create())
        {
            aes.Key = _key;
            aes.IV = _iv;

            ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    using (StreamWriter streamWriter = new StreamWriter((Stream)cryptoStream))
                    {
                        streamWriter.Write(value);
                    }
                    array = memoryStream.ToArray();
                }
            }
        }
        return Convert.ToBase64String(array);
    }

    public string Decrypt(string value)
    {
        if (string.IsNullOrEmpty(value))
            return string.Empty;

        using (Aes aes = Aes.Create())
        {
            aes.Key = _key;
            aes.IV = _iv;
            ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);

            var buffer = Convert.FromBase64String(value);
            using (MemoryStream memoryStream = new MemoryStream(buffer))
            {
                using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream, decryptor, CryptoStreamMode.Read))
                {
                    using (StreamReader streamReader = new StreamReader((Stream)cryptoStream))
                    {
                        return streamReader.ReadToEnd();
                    }
                }
            }
        }
    }
}

6. Configuration in the 'DbContext'
In your 'DbContext', configure the 'ModelBuilder' to use encryption.

public class Context : DbContext
{
    private readonly IConfiguration _config;
    private readonly IEncryptionProvider _provider;

    public Context(IConfiguration config, IEncryptionProvider encryptionProvider)
    {
        _config = config;
        _provider = encryptionProvider;
    }

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.UseEncryption(_provider);
    }
}

7. AppSettings and Startup Configuration
Add the encryption settings in 'appsettings.json' and configure the service in 'Startup'.

"Encryption": {
    "Key": "Insert your key here"
}

services.Configure<EncryptionOptions>(Configuration.GetSection("Encryption"));

8. Marking Properties for Encryption
Now you can mark the properties you want to encrypt with the '[EncryptColumn]' attribute.

public class Message
{
    public Guid Id { get; set; }
    [EncryptColumn]
    public string Message { get; set; }
}

Conclusion
By creating your own encryption solution, you no longer rely on third-party libraries that may be outdated or abandoned. This implementation not only solves the compatibility issue with .NET 8 but also strengthens your application's security by avoiding external dependencies.

Using Redis with .NET

Fabrício Marcondes Santos — Fri, 02 Aug 2024 21:57:54 +0000

Introduction

Imagine you have a very busy library and need an efficient system to store and retrieve information quickly. Redis is like a super-fast librarian who knows exactly where each book is and can fetch it in the blink of an eye.

In today’s post, we’ll explore how to use Redis with .NET to improve the performance and scalability of your applications.

What is Redis?

Redis is an in-memory data structure store, used as a database, cache, and message broker. It is known for its speed and support for various data structures such as strings, hashes, lists, sets, and more.

Why Use Redis with .NET?

Integrating Redis into your .NET applications can bring several benefits:

Performance: Storing data in memory makes data retrieval extremely fast.
Scalability: Redis can handle large volumes of data and concurrent accesses.
Flexibility: Support for multiple data structures allows a wide range of use cases.

Setting Up Redis with .NET
Step 1: Install Redis

Before you begin, you need to have Redis installed and running. You can install Redis locally or use a cloud Redis service like Azure Redis Cache or Amazon ElastiCache.

Step 2: Add NuGet Package

Add the StackExchange.Redis package to your .NET project. This is the most popular Redis client for .NET.

dotnet add package StackExchange.Redis

Step 3: Configure the Redis Connection

In your .NET code, configure the connection to Redis. Here’s an example of how to do this in an ASP.NET Core application.

using StackExchange.Redis;

public class RedisCacheService
{
    private readonly ConnectionMultiplexer _redis;
    private readonly IDatabase _db;

    public RedisCacheService()
    {
        _redis = ConnectionMultiplexer.Connect("localhost");
        _db = _redis.GetDatabase();
    }

    public void SetValue(string key, string value)
    {
        _db.StringSet(key, value);
    }

    public string GetValue(string key)
    {
        return _db.StringGet(key);
    }
}

Step 4: Use Redis in Your Application

Now, you can use the RedisCacheService to store and retrieve data in your application.

public class HomeController : Controller
{
    private readonly RedisCacheService _cacheService;

    public HomeController(RedisCacheService cacheService)
    {
        _cacheService = cacheService;
    }

    public IActionResult Index()
    {
        _cacheService.SetValue("greeting", "Hello, Redis!");
        var value = _cacheService.GetValue("greeting");

        ViewBag.Message = value;
        return View();
    }
}

Practical Example: Data Caching

Let’s look at a practical example of using Redis for data caching. Suppose you have an application that fetches data from an external API. Using Redis as a cache can reduce latency and load on the external API.

public class DataService
{
    private readonly HttpClient _httpClient;
    private readonly RedisCacheService _cacheService;

    public DataService(HttpClient httpClient, RedisCacheService cacheService)
    {
        _httpClient = httpClient;
        _cacheService = cacheService;
    }

    public async Task<string> GetDataAsync(string url)
    {
        var cachedData = _cacheService.GetValue(url);
        if (!string.IsNullOrEmpty(cachedData))
        {
            return cachedData;
        }

        var response = await _httpClient.GetStringAsync(url);
        _cacheService.SetValue(url, response);

        return response;
    }
}

Conclusion

Using Redis with .NET is like having a super-efficient librarian who can store and retrieve information in record time. By integrating Redis into your application, you can significantly improve performance and scalability.

Authentication and Authorization: Best Practices for Your Application

Fabrício Marcondes Santos — Wed, 24 Jul 2024 21:20:19 +0000

Introduction

Security is like a game of chess: every move must be well thought out. Similarly, when implementing authentication and authorization in your .NET applications, it’s crucial to follow best practices to ensure your data and users are protected.

In today’s post, we’ll share tips and recommended practices to ensure the security of your .NET applications.

The Importance of Security

Authentication and authorization are critical processes to ensure that only authorized users can access specific resources in your application. Implementing these practices correctly is essential to protect sensitive data and prevent unauthorized access.

Best Practices for Authentication and Authorization

1. Use Strong Passwords and Secure Hashing

Always require users to create strong passwords and use secure hashing algorithms to store these passwords. ASP.NET Core Identity, for example, uses the PBKDF2 hashing algorithm by default.

services.AddIdentity<IdentityUser, IdentityRole>(options =>
{
    options.Password.RequireDigit = true;
    options.Password.RequiredLength = 8;
    options.Password.RequireNonAlphanumeric = false;
    options.Password.RequireUppercase = true;
    options.Password.RequireLowercase = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();

2. Implement Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring users to provide two or more forms of verification before accessing the application.

services.Configure<IdentityOptions>(options =>
{
    options.SignIn.RequireConfirmedEmail = true;
    options.Tokens.EmailConfirmationTokenProvider = "emailconfirmation";
});

3. Manage User Sessions with Secure Cookies

Use secure cookies to manage user sessions, ensuring that authentication information is protected.

services.ConfigureApplicationCookie(options =>
{
    options.Cookie.HttpOnly = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    options.Cookie.SameSite = SameSiteMode.Strict;
});

4. Limit Login Attempts

Implement limits for login attempts to prevent brute force attacks. ASP.NET Core Identity allows you to configure this behavior easily.

services.Configure<IdentityOptions>(options =>
{
    options.Lockout.MaxFailedAccessAttempts = 5;
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(15);
    options.Lockout.AllowedForNewUsers = true;
});

5. Use Claims and Roles for Authorization

Use claims and roles to control access to different parts of the application based on user permissions.

[Authorize(Roles = "Admin")]
public IActionResult AdminOnly()
{
    return View();
}

6. Validate Input Data

Always validate input data to prevent injection attacks and other common vulnerabilities.

[HttpPost]
public IActionResult Create([FromBody] CreateModel model)
{
    if (ModelState.IsValid)
    {
        // Process the data
    }
    return BadRequest(ModelState);
}

Conclusion

Security is a game of chess: every move must be well thought out. Implementing these best practices in authentication and authorization will ensure that your .NET application is well protected against threats and unauthorized access.

Step by Step: Implementing Authentication with Identity

Fabrício Marcondes Santos — Tue, 23 Jul 2024 19:29:19 +0000

Introduction

Imagine you have a building and need to ensure that only authorized people can enter. You hire an electronic doorman to verify users' identities at the entrance. ASP.NET Core Identity works similarly, acting as this electronic doorman that controls access to your application.

In today’s post, we’ll create a practical tutorial on how to set up and use ASP.NET Core Identity for authentication.

What is ASP.NET Core Identity?

ASP.NET Core Identity is a library that simplifies the implementation of authentication and authorization in .NET applications. It provides ready-to-use functionalities to manage users, passwords, roles, and claims.

Step-by-Step Guide to Set Up ASP.NET Core Identity

Step 1: Add NuGet Packages

First, add the necessary packages to your project:

dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore
dotnet add package Microsoft.EntityFrameworkCore.SqlServer

Step 2: Configure DbContext and Identity

Create an ApplicationDbContext class that inherits from IdentityDbContext:

public class ApplicationDbContext : IdentityDbContext<IdentityUser>
{
    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
        : base(options)
    {
    }
}

In the Startup.cs file, configure the Identity service:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

    services.AddIdentity<IdentityUser, IdentityRole>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

    services.AddControllersWithViews();
}

Step 3: Configure Authentication Middleware

In the Configure method of Startup.cs, add the authentication and authorization middlewares:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
        endpoints.MapRazorPages();
    });
}

Step 4: Create Registration and Login Pages

Create controllers and views to allow users to register, log in, and log out. ASP.NET Core Identity provides scaffolding to make this task easier:

dotnet aspnet-codegenerator identity -dc ApplicationDbContext

This will create the basic authentication pages for your application.

Conclusion

ASP.NET Core Identity is like an electronic doorman that verifies users' identities, ensuring that only authorized people have access to your application. By following these steps, you can implement authentication efficiently and securely in your .NET applications.

Security in Focus: Authentication in .NET

Fabrício Marcondes Santos — Mon, 22 Jul 2024 21:27:57 +0000

Introduction

Imagine you have a house with several doors. To ensure only authorized people can enter, you distribute keys to those who have permission. Similarly, authentication in web applications is like these keys: only authorized users can access certain areas of the application.

In today’s post, we’ll explore the importance of authentication in web applications and how .NET makes this process easier.

The Importance of Authentication

Authentication is a critical process in any web application. It ensures that only legitimate users can access sensitive resources and information. Without proper authentication, your applications are vulnerable to unauthorized access, compromising data security.

Authentication in .NET

.NET offers various tools and libraries to implement authentication simply and securely. One of the main libraries is ASP.NET Core Identity, which provides a comprehensive solution for managing users, passwords, and roles.

Setting Up ASP.NET Core Identity

Let’s see how to set up ASP.NET Core Identity in a .NET application:

Step 1: Add NuGet Packages

Add the necessary packages to your project:

dotnet add package Microsoft.AspNetCore.Identity.EntityFrameworkCore
dotnet add package Microsoft.EntityFrameworkCore.SqlServer

Step 2: Configure DbContext and Identity

Create an ApplicationDbContext class that inherits from IdentityDbContext:

public class ApplicationDbContext : IdentityDbContext<IdentityUser>
{
    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
        : base(options)
    {
    }
}

In the Startup.cs file, configure the Identity service:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

    services.AddIdentity<IdentityUser, IdentityRole>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

    services.AddControllersWithViews();
}

Step 3: Configure Authentication Middleware

In the Configure method of Startup.cs, add the authentication and authorization middleware:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();

    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
        endpoints.MapRazorPages();
    });
}

Step 4: Create Registration and Login Pages

Create controllers and views to allow users to register, log in, and log out. ASP.NET Core Identity provides scaffolding to make this task easier:

dotnet aspnet-codegenerator identity -dc ApplicationDbContext

Conclusion

Authentication is like the key to a door: only authorized people can enter. In .NET, we implement this with ASP.NET Core Identity, which simplifies user management and secure authentication implementation.

Protecting Your Applications: Error Middlewares

Fabrício Marcondes Santos — Sat, 20 Jul 2024 19:35:35 +0000

Introduction
Imagine you are driving a car and, suddenly, something unexpected happens. Airbags deploy to protect you and your passengers. Implementing error middlewares in your .NET application is like having those airbags: they protect your application when something goes wrong, ensuring resilience and security.

In today’s post, we’ll explore how to implement error middlewares to improve the resilience and security of your .NET application.

What Are Error Middlewares?
Error middlewares are components that intercept unhandled exceptions in the application, allowing you to log, handle, and respond to these errors appropriately. They are essential to ensure that the application continues to function safely and that users receive friendly error messages.

Implementing an Error Middleware
Let’s create a simple middleware to capture exceptions and log the error details:

Step 1: Creating the Middleware

public class ErrorHandlingMiddleware
{
    private readonly RequestDelegate _next;
    private readonly ILogger<ErrorHandlingMiddleware> _logger;

    public ErrorHandlingMiddleware(RequestDelegate next, ILogger<ErrorHandlingMiddleware> logger)
    {
        _next = next;
        _logger = logger;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        try
        {
            await _next(context);
        }
        catch (Exception ex)
        {
            _logger.LogError(ex, "An unexpected error occurred!");
            await HandleExceptionAsync(context, ex);
        }
    }

    private static Task HandleExceptionAsync(HttpContext context, Exception exception)
    {
        context.Response.ContentType = "application/json";
        context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;

        var response = new { message = "Internal Server Error. Please try again later." };
        var jsonResponse = JsonSerializer.Serialize(response);

        return context.Response.WriteAsync(jsonResponse);
    }
}

Step 2: Registering the Middleware

Now, let’s register the middleware in the application’s request pipeline:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseMiddleware<ErrorHandlingMiddleware>();

    // Other middlewares...
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseRouting();
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
    });
}

Enhancing Resilience and Security
Implementing error middlewares brings several benefits:

Resilience: Ensures the application continues running even after an unexpected error.
Security: Prevents exposing sensitive error details to end users.
Maintenance: Makes it easier to identify and fix issues through detailed exception logging.

Conclusion

Implementing error middlewares is like having airbags in a car: they protect your application when something goes wrong, ensuring it continues to operate safely and efficiently. By capturing and handling exceptions appropriately, you improve the resilience and security of your .NET application.

Unraveling Middlewares in .NET

Fabrício Marcondes Santos — Fri, 19 Jul 2024 21:51:30 +0000

Introduction
Imagine driving in a busy city. Traffic officers are strategically positioned to direct and control the flow of vehicles, ensuring everyone reaches their destination safely and efficiently. Similarly, middlewares in .NET act like these traffic officers, directing and controlling the flow of data in an application.

In today's post, we'll explore the concept of middlewares, understand how they work, and discover why they are fundamental to the architecture of .NET applications.

What Are Middlewares?
Middlewares are software components that form a request and response processing pipeline in a web application. Each middleware can perform operations before and after passing the request to the next middleware in the pipeline. They are essential for tasks like authentication, logging, error handling, and more.

How Do Middlewares Work?
When a request arrives at the server, it passes through a series of middlewares, each performing a specific action. Think of it as a processing chain where each link can modify the request or response.

Here's a simple example of how to configure middlewares in .NET:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseRouting();

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
    });
}

In this example, we have several middlewares configured in the pipeline, including HTTP redirection, static files, routing, authentication, and authorization.

Why Are They Important?
Middlewares are crucial to the architecture of .NET applications for several reasons:

Modularity: They allow functionalities to be broken down into small, reusable components.
Flexibility: You can easily add, remove, or reorder middlewares to change the application's behavior.
Maintainability: They simplify maintenance and evolution of the application by isolating responsibilities.

Practical Example
Let's create a simple middleware that logs the processing time of each request:

public class RequestTimingMiddleware
{
    private readonly RequestDelegate _next;

    public RequestTimingMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        var watch = Stopwatch.StartNew();
        await _next(context);
        watch.Stop();
        var elapsedMs = watch.ElapsedMilliseconds;
        Console.WriteLine($"Request took {elapsedMs} ms");
    }
}

public static class RequestTimingMiddlewareExtensions
{
    public static IApplicationBuilder UseRequestTiming(this IApplicationBuilder builder)
    {
        return builder.UseMiddleware<RequestTimingMiddleware>();
    }
}

And to register this middleware in the pipeline:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseRequestTiming();
    // Other middlewares...
}

Conclusion
Just as traffic officers control and direct the flow of vehicles, middlewares in .NET manage the flow of data, ensuring your application runs efficiently and securely. Understanding and utilizing middlewares is essential for developing robust and scalable web applications.

Advanced Entity Framework: Mapping and Queries

Fabrício Marcondes Santos — Thu, 18 Jul 2024 20:30:13 +0000

Introduction
Imagine you are organizing a large closet. Each shelf needs to be well-categorized and each item in its proper place so you can find everything easily. Similarly, mapping in Entity Framework (EF) helps keep our data well-structured and accessible.

Today’s post will explore more advanced Entity Framework concepts, focusing on relationship mapping and creating complex queries.

Relationship Mapping
In Entity Framework, relationships between entities are mapped using navigation properties. Let’s see how to map different types of relationships:

One-to-Many Relationship

An author can have many books, but each book has only one author. Let’s map this relationship:

public class Author
{
    public int AuthorId { get; set; }
    public string Name { get; set; }
    public ICollection<Book> Books { get; set; }
}

public class Book
{
    public int BookId { get; set; }
    public string Title { get; set; }
    public int AuthorId { get; set; }
    public Author Author { get; set; }
}

Many-to-Many Relationship

Imagine a book can have multiple authors and an author can have written multiple books. This is a many-to-many relationship:

public class Book
{
    public int BookId { get; set; }
    public string Title { get; set; }
    public ICollection<BookAuthor> BookAuthors { get; set; }
}

public class Author
{
    public int AuthorId { get; set; }
    public string Name { get; set; }
    public ICollection<BookAuthor> BookAuthors { get; set; }
}

public class BookAuthor
{
    public int BookId { get; set; }
    public Book Book { get; set; }

    public int AuthorId { get; set; }
    public Author Author { get; set; }
}

One-to-One Relationship

A book can have one specific detail, and that detail belongs to only one book. Here’s how to map this relationship:

public class Book
{
    public int BookId { get; set; }
    public string Title { get; set; }
    public BookDetail BookDetail { get; set; }
}

public class BookDetail
{
    public int BookDetailId { get; set; }
    public string Summary { get; set; }
    public int BookId { get; set; }
    public Book Book { get; set; }
}

Complex Queries

Querying data using LINQ is one of EF’s most powerful features. Let’s look at some examples of complex queries:

Query with Filters and Sorting

Let’s fetch books by a specific author, sorted by title:

using (var context = new LibraryContext())
{
    var authorBooks = context.Books
        .Include(b => b.Author)
        .Where(b => b.Author.Name == "Example Author")
        .OrderBy(b => b.Title)
        .ToList();
}

Query with Grouping

Let’s group books by author and count how many books each author has written:

using (var context = new LibraryContext())
{
    var authorGroups = context.Books
        .GroupBy(b => b.Author.Name)
        .Select(g => new 
        {
            Author = g.Key,
            BookCount = g.Count()
        })
        .ToList();
}

Query with Joins

Let’s fetch book details along with author information:

using (var context = new LibraryContext())
{
    var booksWithDetails = context.Books
        .Include(b => b.BookDetail)
        .Include(b => b.Author)
        .ToList();
}

Conclusion
Just like organizing a closet helps us find everything easily, mapping and queries in Entity Framework allow us to keep our data well-structured and accessible. Mastering these advanced concepts makes development with .NET more efficient and powerful.

Fundamentals of Entity Framework: Simplifying Data Access in .NET

Fabrício Marcondes Santos — Wed, 17 Jul 2024 22:31:44 +0000

Introduction
Imagine you are building a large library of books. Organizing, cataloging, and finding information quickly can be a challenge. Now, think of Entity Framework (EF) as an intelligent librarian that makes this process easy for your .NET applications.

Entity Framework is an Object-Relational Mapper (ORM) that allows developers to work with a database using .NET objects, eliminating the need to write most of the data access code. Let's explore the fundamentals of Entity Framework and understand why it is such a powerful tool.

What is Entity Framework?
Entity Framework is a Microsoft technology for .NET that automates the mapping between domain objects and relational database tables. With it, you can:

Define the data model as C# classes.
Query and manipulate data using LINQ (Language Integrated Query).
Manage database versioning through migrations.

Key Components of Entity Framework

DbContext: It is the main point of interaction with Entity Framework. It manages the connection to the database and is used to query and save data.

public class LibraryContext : DbContext
{
    public DbSet<Book> Books { get; set; }
    public DbSet<Author> Authors { get; set; }
}

DbSet: Represents a collection of entities in the context, i.e., a table in the database.

public class Book
{
    public int BookId { get; set; }
    public string Title { get; set; }
    public int AuthorId { get; set; }
    public Author Author { get; set; }
}

Entity Models: These are classes that represent database tables. They are mapped to columns in the database.

Basic Configuration
To start using Entity Framework, you need to configure the DbContext. Here is an example of how to configure the database connection:

public class LibraryContext : DbContext
{
    public LibraryContext(DbContextOptions<LibraryContext> options)
        : base(options)
    {
    }

    public DbSet<Book> Books { get; set; }
    public DbSet<Author> Authors { get; set; }
}

And in the configuration file:

{
  "ConnectionStrings": {
    "LibraryDatabase": "Server=(localdb)\\mssqllocaldb;Database=LibraryDb;Trusted_Connection=True;"
  }
}

Querying Data
With Entity Framework, you can query data using LINQ, which is a powerful and expressive way to write queries:

using (var context = new LibraryContext())
{
    var books = context.Books
        .Include(b => b.Author)
        .Where(b => b.Title.Contains("C#"))
        .ToList();
}

Migrations
Migrations allow you to manage changes to the database schema over time. You can create a migration using the command:

dotnet ef migrations add InitialCreate

And then apply the migrations to the database:

dotnet ef database update

Conclusion
Entity Framework is an essential tool for .NET developers who want to simplify data access and focus more on the business logic of their applications. With its mapping power, LINQ queries, and database migrations, it transforms application development into a more efficient and enjoyable task.