Code Inside Blog

Taming Big .NET Solutions: Centralizing Build Settings and NuGet Versions

Tue, 03 Mar 2026 23:59:00 +0000

Many .NET projects start as a small prototype, but after a few iterations they grow into a sizable Visual Studio solution with dozens — sometimes hundreds — of projects. At this point, managing common project settings becomes painful:

A NuGet package needs an update → you touch multiple project files. A new .NET version is released → update every project manually. Metadata like company name or product name starts to drift across projects.

If this sounds familiar, this guide is for you.

The Root of the Problem: The .csproj File

<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <LangVersion>13.0</LangVersion>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <AssemblyVersion>1.0.0.0</AssemblyVersion>
    <FileVersion>1.0.0.0</FileVersion>
    <InformationalVersion>1.0.0.0</InformationalVersion>
    <Company>Cool Company</Company>
    <Product>Cool Product</Product>
    <Copyright>...</Copyright>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.6.2" />
    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.3" />
  </ItemGroup>
</Project>

Common pain points:

Hard-coded compiler settings (target framework, language version, nullable settings).
Metadata drift (company, product, copyright).
NuGet versions spread across all projects.

Luckily, .NET provides clean solutions using: Directory.Build.props, Directory.Build.targets, and Directory.Packages.props.

Directory.Build.props

This file is loaded before the build starts and allows you to define default settings for all projects in the solution. Values can still be overridden inside individual .csproj files.

Example:

<Project>
  <PropertyGroup>
    <LangVersion>latest</LangVersion>
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
    <Nullable>enable</Nullable>
    <AssemblyVersion>1.0.0.0</AssemblyVersion>
    <FileVersion>1.0.0.0</FileVersion>
    <InformationalVersion>1.0.0.0</InformationalVersion>
    <Company>Cool Company</Company>
    <Product>Cool Product</Product>
    <Copyright>...</Copyright>
  </PropertyGroup>
  <!-- or if you want to set a global output directory -->

  <PropertyGroup>
    <OutDir>C:\output\$(MSBuildProjectName)</OutDir>
  </PropertyGroup>

</Project>

How MSBuild Locates Directory.Build.props

MSBuild searches the directory tree upwards from the project location until it finds a file with that name. It stops at the first match, unless you explicitly chain them, which can be useful - depending on your directory structure.

Directory.Build.targets

While .props files provide early defaults, .targets files are loaded later, making them ideal for:

Extending build steps
Overriding MSBuild targets
Inserting Before/After hooks
Running custom build logic

Example:

<Target Name="BeforePack">
  <Message Text="Preparing NuGet packaging for $(MSBuildProjectName)" />
</Target>

Real-world Example: Muting Warnings:

When you build older branches of a big solution, NuGet may raise vulnerability warnings (NU1901–NU1904). If the solution uses TreatWarningsAsErrors=true, the build will fail — even though the old state is intentional. Solution using Directory.Build.targets:

<Project>
  <PropertyGroup>
    <!-- Mute all vulnerabilities and don't escalate warnings as errors -->
    <!-- Uncomment these lines if you need to build an older version (with open vulnerabilities!):
      <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
      <NoWarn>NU1901, NU1902, NU1903, NU1904</NoWarn>
    -->
  </PropertyGroup>
</Project>

Directory.Packages.props

This file might be the most important - this enabled Central NuGet Package Management.

The idea is, that you add all your needed NuGet packages in a Directory.Packages.props file like this:

<Project>
  <PropertyGroup>
    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
  </PropertyGroup>

  <ItemGroup>
    <PackageVersion Include="Newtonsoft.Json" Version="13.0.1" />
  </ItemGroup>
</Project>

Inside your actual myProject.csproj you just reference the package, but without the actual version number!

...

<ItemGroup>
  <PackageReference Include="Newtonsoft.Json" />
</ItemGroup>

This way you have one central file to update your NuGet package and don’t need to scan all existing .csproj-files. This way, you update a package version once, and every project in your solution automatically picks it up.

Note: You can add multiple Directory.Packages.props in your directory tree.

How to deal with exceptions - e.g. one project needs an older/newer package?

If you have this scenario, you always can define an VersionOverride inside your .csproj like this:

<PackageReference Include="Microsoft.Extensions.Logging" VersionOverride="9.0.6" />

Tooling

The Visual Studio UI is work with the Directory.Packages.props as well. If you want to start, just try these .NET CLI helper:

dotnet new buildprops
dotnet new buildtargets
dotnet new packagesprops

There is also a tool to convert an existing solution automatically using:

dotnet tool install CentralisedPackageConverter --global
central-pkg-converter /SomeAwesomeProject

From my experience: In our complex solution it worked ok-ish. 80% was migrated, not sure what the problem was. I guess nowadays you can assign an AI to write this file :)

Summary

With just three small files, even a complex multi-project .NET solution becomes cleaner and easier to maintain:

Directory.Build.props: Defines shared defaults like language version, company name, or build settings.
Directory.Build.targets: Extends and customizes the build pipeline — ideal for automation and global rules.
Directory.Packages.props: Centralizes NuGet version management and prevents version drift across projects.

The migration effort is small, but the payoff in structure and maintainability is huge.

Hope this helps!

How to debug Microsoft Teams Apps

Sat, 13 Dec 2025 23:59:00 +0000

Debugging Microsoft Teams Apps: A Practical Guide

You’ve built a Microsoft Teams app.
It installs fine, loads correctly — and yet something behaves not quite as expected.

Welcome to debugging Teams apps.

Because Teams apps are essentially web applications running inside a host (Teams), debugging them is mostly web debugging — with a few Teams-specific twists. This article walks through a practical approach, from the easiest options to the most powerful (and least documented) ones.

Start Simple: Debugging in Teams Web

The easiest way to debug a Teams app is by using Teams in the browser.

Why?

You get direct access to standard browser developer tools
Console logs, network requests, and DOM inspection work exactly as expected
You can attach your debugger directly to your own web application

For many issues — especially UI problems, authentication flows, or API calls — this is often all you need.

When the Issue Only Happens in the Desktop App

Unfortunately, not all problems reproduce in Teams Web.

Some issues only appear in the Windows desktop client, for example:

Differences in authentication behavior
Embedded browser quirks
Desktop-specific Teams APIs
Caching or storage behavior

In these cases, browser dev tools alone won’t get you very far.

So what are your options?

Option 1: Enable the Teams Public Preview

If Public Preview is enabled for your account, Teams exposes additional debugging options.

To turn on the Public Preview go to Settings -> About Teams:

After that a new item in the tray menu appears:

Pros:

Access to a built-in debug menu
Easier inspection of app behavior inside Teams

Cons:

Public Preview may not be allowed in many organizations
It can introduce unrelated UI or behavior changes
Not ideal for production-like debugging

Because of these trade-offs, Public Preview is not always a viable solution — especially in enterprise environments.

Option 2: Enable Engineering Tools (Most Powerful)

If you need full insight into what the Teams client is doing, this is the most powerful (and least advertised) option.

By enabling the internal Engineering Tools, you get access to advanced debugging capabilities directly in the desktop client.

I discovered this method in an MS Support forum — so it’s somewhat documented :-).

How to Enable Engineering Tools in the Teams Client (Windows)

Navigate to the following folder: %localappdata%\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams (Yes - the path is weird, but it’s real)
Create a file named configuration.json
Add the following content:

{
  "core/devMenuEnabled": true
}

After this restart Microsoft Teams and right-click the Teams icon in the system tray and you should see “Engineering Tools”.

This menu offers much more options (and is probably used for the MS Teams Development and Support Teams). For my needs the “Open Dev Tools” was “good enough”.

Be aware: Some options might be dangerous. It’s called “Engineering Tools” for a reason. Use at your own risk.

Summary

Debugging Teams apps mostly relies on familiar web development tools. The challenge is finding the right way to activate them inside the Teams environment.

Hope this helps!

Understanding stdin, stdout and stderr in .NET

Wed, 05 Nov 2025 23:59:00 +0000

Confession time:
It’s almost embarrassing to admit this — but after years of writing .NET code and using the terminal daily, I recently discovered that you can redirect the error output of a program using 2>.

So I decided to write this post — partly as a note to my future self, and partly for anyone else who’s ever thought:
“Wait… why are there two output streams?”

Overview

When you build console applications or CLI tools in .NET, sooner or later you’ll encounter these basic “input”/”output”-streams:

stdin — standard input (like keyboard, files, or pipes) or in C# Console.In, Console.ReadLine()
stdout — standard output or in C# Console.Out, Console.WriteLine()

Besides the “standard output” there is a special output just for errors or warnings:

stderr - Error or diagnostic messages or in C# Console.Error, Console.Error.WriteLine()

Having a dedicated error stream means your program can separate data output (for other programs or files) from diagnostic messages (for humans).

A Simple Example

Let’s build a small C# program that reads from stdin, writes to stdout, and reports problems on stderr.

using System;

class Program
{
    static void Main()
    {
        Console.WriteLine("== Start ==");

        string? line;
        int lineCount = 0;

        // Read from stdin
        while ((line = Console.ReadLine()) != null)
        {
            lineCount++;

            // Normal output
            Console.WriteLine($"[{lineCount}] {line}");

            // Print errors separately
            if (line.Contains("error", StringComparison.OrdinalIgnoreCase))
            {
                Console.Error.WriteLine($"Line {lineCount}: contains the word 'error'");
            }
        }

        Console.WriteLine("== End ==");
    }
}

When you run it and type some lines and include the word error, the output will look like this:

== Start ==
[1] Hello
[2] error found
Line 2: contains the word 'error'
[3] test
== End ==

Why 2> means stderr

If you run the same app like this with the same input:

.\SampleConsoleApp.exe 2> err.txt

The Line 2: contains the word 'error' will be redirected into the err.txt.

Input as file

Let’s say you have a file that should be used as an input, then you could invoke the program like this:

.\SampleConsoleApp.exe < input.txt

Input with pipes

You can also use the | operator to use this as input stream:

"error" | .\SampleConsoleApp.exe 2> err.txt

Final thoughts

The standard streams are one of those Unix-era ideas that aged perfectly. They make it easy to connect programs like Lego bricks — and .NET gives you full access to them.

Hope this helps!

MSI and MST files

Tue, 05 Aug 2025 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know – thanks!

What is an MSI?

Let’s start simple: An MSI (Microsoft Installer) is a package used to install software on Windows. The MSI contains everything needed to install the software, such as files, registry changes, and custom actions.

An MSI also includes properties—for example, the install location or custom values that need to be applied during installation.

You can install an MSI interactively (by double-clicking it) or by using the msiexec command.

A more complex msiexec command can look like this:

msiexec /qb /i "installer.msi" APPLICATIONFOLDER="C:\Program Files\customSoftware" SOMEPROP="SomeValue" SOMEOTHERPROP="SomeOtherValue"

Ok… and what is an MST?

An MST (Microsoft Transform) is a file that contains a set of modifications for an MSI installation. All those properties (and more) that you would pass via command line can be “baked into” an MST file.

You can apply an MST during installation like this:

msiexec /i setup.msi TRANSFORMS=custom.mst /qn

Pros / Cons

Pros:

If you want to apply the same settings across multiple installations and keep them stored in one place, an MST is a good solution.

Cons:

The MST file, like the MSI itself, is a binary file and can only be edited with tools like Orca.

Both file formats are quite old, but I recently learned that MST files are still a thing—and quite useful if you’re dealing with automated or enterprise software deployments.

Hope this helps!

Fuslogvw.exe - blast from the past.

Thu, 01 May 2025 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

Fuslogvw.exe – Wait, What? Ohhh!

This might sound like a blast from the .NET past – but this little tool actually saved our day during a real customer issue.

Here’s the situation: We had a good old .NET Framework app (yes, still alive and kicking!) that worked perfectly everywhere – except on a few mysterious machines. Right on startup: Crash. No clear error, just some DLL failing to resolve its dependencies.

But! The error message did mention something called Fuslogvw.exe (Docs) – a tool I had never actually used before. So let’s take a look.

What does Fuslogvw.exe do?

In short: it logs how assemblies are loaded, where they were found, and – more importantly – where they weren’t.

If you have Visual Studio installed, you can start it via the developer prompt and type: fuslogvw.

The tool itself looks like it hasn’t changed since the Windows XP days, but hey – it gets the job done:

At the end, you get handy little reports like this one:

*** Assembly Binder Log Entry  (3/5/2007 @ 12:54:20 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from:  C:\WINNT\Microsoft.NET\Framework\v2.0.50727\fusion.dll
Running under executable  C:\Program Files\Microsoft.NET\FrameworkSDK\Samples\Tutorials\resourcesandlocalization\graphic\cs\graphicfailtest.exe
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: DisplayName = graphicfailtest.resources, Version=0.0.0.0, Culture=en-US, PublicKeyToken=null
 (Fully-specified)
LOG: Appbase = C:\Program Files\Microsoft.NET\FrameworkSDK\Samples\Tutorials\resourcesandlocalization\graphic\cs\
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = NULL
Calling assembly : graphicfailtest, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null.
===

LOG: Processing DEVPATH.
LOG: DEVPATH is not set. Falling through to regular bind.
LOG: Policy not being applied to reference at this time (private, custom, partial, or location-based assembly bind).
LOG: Post-policy reference: graphicfailtest.resources, Version=0.0.0.0, Culture=en-US, PublicKeyToken=null
LOG: Attempting download of new URL file:///C:/Program Files/Microsoft.NET/FrameworkSDK/Samples/Tutorials/resourcesandlocalization/graphic/cs/graphicfailtest.resources.DLL.
LOG: Attempting download of new URL file:///C:/Program Files/Microsoft.NET/FrameworkSDK/Samples/Tutorials/resourcesandlocalization/graphic/cs/graphicfailtest.resources/graphicfailtest.resources.DLL.
LOG: Attempting download of new URL file:///C:/Program Files/Microsoft.NET/FrameworkSDK/Samples/Tutorials/resourcesandlocalization/graphic/cs/graphicfailtest.resources.EXE.
LOG: Attempting download of new URL file:///C:/Program Files/Microsoft.NET/FrameworkSDK/Samples/Tutorials/resourcesandlocalization/graphic/cs/graphicfailtest.resources/graphicfailtest.resources.EXE.
LOG: All probing URLs attempted and failed.

And in our case, that was exactly what we needed: One of the machines had an old, incorrect DLL sitting in the Global Assembly Cache (GAC) – something that shouldn’t have been there at all. It got loaded, messed everything up, and was a pain to track down… until Fuslogvw pointed us right to it.

What about .NET Core / modern .NET?

Fuslogvw won’t help you there – things work differently in the new world. But there are other tools like dotnet trace that can help with similar issues.

Hope this helps!

Update an old SPFX Project

Tue, 11 Mar 2025 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

Last week I had to upgrade an old SharePoint Framework (SPFX) project, and surprisingly, the process was smoother than expected.

For those unfamiliar, SPFX is a framework for building extensions for SharePoint Online. Here is an example of an SPFX extension: Microsoft Docs.

The upgrade approach I took was a combination of:

Creating a completely new SPFX project to see the latest project structure.
Using the M365 CLI to generate a step-by-step upgrade guide.

Overall, it turned out to be a pretty smooth experience and the CLI was quite new for me, and I wanted to document it here.

Hope this helps!

Handling Multiple ASP.NET Core Policies with Manual Authorization Checks

Tue, 25 Feb 2025 00:30:00 +0000

ASP.NET Core Policies

ASP.NET Core policies provide a structured and reusable way to enforce authorization rules across your application. The built-in features are very flexible, but we had trouble with one scenario - but depending how you write your “Requirements” this might even be possible with the built-in features. Our approach was to use the authorization service to check certain policies manually - which works quite good!

The Challenge: Combining Policies with OR Logic

In one of our API use cases, we needed to allow access either for certain clients (e.g., specific admininstrative applications) or for certain users in the database. The two approaches differ:

Client Authorization: This is relatively straightforward and can be handled using the built-in RequireClaim approach.
User Authorization: This required checking database permissions, meaning a custom authorization requirement was necessary.

Since both authorization paths are valid, they need to be evaluated using OR logic: if either condition is met, access should be granted.

Solution: Using the Authorization Service for Manual Policy Checks

Instead of relying solely on [Authorize] attributes, we can leverage the IAuthorizationService to manually check policies in our code.

Step 1: Define the Authorization Policies

In Program.cs, we define multiple policies:

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy(KnownApiPolicies.AdminApiPolicyForServiceAccount, policy =>
    {
        policy.RequireClaim("scope", "admin-client");
    });
    options.AddPolicy(KnownApiPolicies.AdminApiPolicyForLoggedInUserAdministrator, policy =>
    {
        policy.Requirements.Add(new DbRoleRequirement(Custom.UserAdminInDatabase));
    });
});

Step 2: Manually Validate User Authorization

Using IAuthorizationService, we can manually check if the user meets either of the defined policies.

private async Task<AuthorizationResultType> ValidateUserAuthorization()
{
    var user = User;

    var serviceAccountAuth = await _authorizationService.AuthorizeAsync(user, KnownApiPolicies.AdminApiPolicyForServiceAccount);
    if (serviceAccountAuth.Succeeded)
    {
        return AuthorizationResultType.ServiceAccount;
    }

    var userAuth = await _authorizationService.AuthorizeAsync(user, KnownApiPolicies.AdminApiPolicyForLoggedInUserAdministrator);
    if (userAuth.Succeeded)
    {
        return AuthorizationResultType.LoggedInUser;
    }

    return AuthorizationResultType.None;
}

Step 3: Apply the Authorization Logic in the Controller

[HttpGet]
public async Task<ActionResult<...>> GetAsync()
{
    var authResult = await ValidateUserAuthorization();
    
    if (authResult == AuthorizationResultType.None)
    {
        return Forbid(); // Return 403 if unauthorized
    }
    
    using var contextScope = authResult switch
    {
        AuthorizationResultType.ServiceAccount => // ... do something with the result,
        AuthorizationResultType.LoggedInUser => // ...,
        _ => throw new UnauthorizedAccessException()
    };
    
    return Ok(_userService.GetUsers(...));
}

Recap

We use the IAuthorizationService.AuthorizeAsync method to check multiple policies and depending on the outcome, we can handle it depending on our needs. This approach retains the same overall structure as the “default” policy-based authorization in ASP.NET Core but provides more flexibility by allowing policies to be evaluated dynamically via the service.

Keep in mind (as mentioned at the beginning): This is just one way of handling authorization. As far as we know, it works well without drawbacks while offering the flexibility we need.

Azure Resource Groups are not just dumb folders

Wed, 29 Jan 2025 23:30:00 +0000

General

An Azure Resource Group is more or less one of the first things you need to create under your Azure subscription because most services need to be placed in an Azure Resource Group.

A resource group has a name and a region, and it feels just like a “folder,” but it’s (sadly) more complicated, and I want to showcase this with App Service Plans.

What is an App Service Plan?

If you run a Website/Web Service/Web API on Azure, one option would be Web Apps-Service.

If you are a traditional IIS developer, the “Web Apps-Service” is somewhat like a “Web Site” in IIS.

When you create a brand-new “Web Apps-Service,” you will need to create an “App Service Plan” as well.

The “App Service Plan” is the system that hosts your “Web App-Service.” The “App Service Plan” is also what actually costs you money, and you can host multiple “Web App-Services” under one “App Service Plan.”

All services need to be created in a resource group.

Recap

An “App Service Plan” can host multiple “Web App-Services.” The price is related to the instance count and the actual plan.

Here is a screenshot from one of our app plans:

So far, so good, right?

A few months later, we created another resource group in a different region with a new app plan and discovered that there were more plans to choose from:

Especially those memory-optimized plans (“P1mV3” etc.) are interesting for our product.

The problem

So we have two different “App Service Plans” in different resource groups, and one App Service Plan did not show the option for the memory-optimized plans.

This raises a simple question: Why and is there an easy way to fix it?

Things that won’t work

First, I created a new “App Service Plan” within the same resource group as the “old” “App Service Plan,” but this operation failed:

Then I tried to just move the existing “App Service Plan” to a new resource group, but even then, I could not change the SKU to the memory-optimized plan.

The “reason” & solution

After some frustration - since we had existing services and wanted to maintain our structure - I found this documentation site.

Scale up from an unsupported resource group and region combination

If your app runs in an App Service deployment where Premium V3 isn’t available, or if your app runs in a region that currently does not support Premium V3, you need to re-deploy your app to take advantage of Premium V3. Alternatively newer Premium V3 SKUs may not be available, in which case you also need to re-deploy your app to take advantage of newer SKUs within Premium V3. …

It seems the behavior is “as designed,” but I would say that the design is a hassle.

The documentation points out two options for this, but in the end, we will need to create a new app plan and recreate all “Web App-Services” in a new resource group.

Lessons learned?

At first glance, I thought that “resource groups” acted like folders, but underneath—depending on the region, subscription, and existing services within that resource group—some options might not be available.

Bummer, but hey… at least we learned something.

WinINet, WinHTTP and the HttpClient from .NET

Thu, 09 Jan 2025 00:30:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

A customer inquiry brought the topic of “WinINet” and “WinHTTP” to my attention. This blog post is about finding out what this is all about and how and whether or not these components are related to the HttpClient of the .NET Framework or .NET Core.

General

Both WinINet and WinHTTP are APIs for communication via the HTTP/HTTPS protocol and Windows components. A detailed comparison page can be found here.

WinINet

WinINet is intended in particular for client applications (such as a browser or other applications that communicate via HTTP). In addition to pure HTTP communication, WinINet also has configuration options for proxies, cookie and cache management.

However, WinINet is not intended for building server-side applications or very scalable applications.

WinHTTP

WinHTTP is responsible for the last use case, which even runs a “kernel module” and is therefore much more performant.

.NET HttpClient

At first glance, it sounds as if the HttpClient should access WinINet from the .NET Framework or .NET Core (or .NET 5, 6, 7, …) - but this is not the case.

Instead:

The .NET Framework relies on WinHTTP. Until .NET Core 2.1, the substructure was also based on WinHTTP.

Since .NET Core 2.1, however, a platform-independent “SocketsHttpHandler” works under the HttpClient by default. However, the HttpClient can partially read the Proxy settings from the WinINet world.

The “WinHttpHandler” is still available as an option, although the use case for this is unknown to me.

During my research, I noticed this GitHub issue. This issue is about the new SocketsHttpHandler implementation not being able to access the same WinINet features for cache management. The topic is rather theoretical and the issue is already several years old.

Summary

What have we learned now? Microsoft has implemented several Http stacks and in “modern” .NET the HttpClient uses its own handler.

Hope this helps!

Microsoft Defender Performance Analyzer

Thu, 21 Nov 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

A customer notified us that our product was slowing down their Microsoft Office installation at startup. Everything on our side seemed fine, but sometimes Office took 10–15 seconds to start.

After some research, I stumbled upon this: Performance analyzer for Microsoft Defender Antivirus.

How to run the Performance Analyzer

The best part about this application is how easy it is to use (as long as you have a prompt with admin privileges). Simply run this PowerShell command:

New-MpPerformanceRecording -RecordTo recording.etl

This will start the recording session. After that, launch the program you want to analyze (e.g., Microsoft Office). When you’re done, press Enter to stop the recording.

The generated recording.etl file can be complex to read and understand. However, there’s another command to extract the “Top X” scans, which makes the data way more readable.

Use this command to generate a CSV file containing the top 1,000 files scanned by Defender during that time:

(Get-MpPerformanceReport -Path .\recording.etl -Topscans 1000).TopScans | Export-CSV -Path .\recording.csv -Encoding UTF8 -NoTypeInformation

Using this tool, we discovered that Microsoft Defender was scanning all our assemblies, which was causing Office to start so slowly.

Now you know: If you ever suspect that Microsoft Defender is slowing down your application, just check the logs.

Note: After this discovery, the customer adjusted their Defender settings, and everything worked as expected.

Hope this helps!

OpenAI API, LM Studio and Ollama

Tue, 17 Sep 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

I had the opportunity to attend the .NET User Group Dresden at the beginning of September for the exciting topic “Using Open Source LLMs” and learned a couple of things.

How to choose an LLM?

There are tons of LLMs (= Large Language Models) that can be used, but which one should we choose? There is no general answer to that - of course - but there is a Chatbot Arena Leaderboard, which measures the “cleverness” between those models. Be aware of the license of each model.

There is also a HuggingChat, where you can pick some models and experiment with them.

For your first steps on your local hardware: Phi3 does a good job and is not a huge model.

LM Studio

Ok, you have a model and an idea, but how to play with it on your local machine?

The best tool for such a job is: LM Studio.

The most interesting part was (and this was “new” to me), that you run those local models in an local, OpenAI compatible (!!!) server.

OpenAI Compatible server?!

If you want to experiment with a lightweight model on your system and interact with it, then it is super handy, if you can use the standard OpenAI client and just run against your local “OpenAI”-like server.

Just start the server, use the localhost endpoint and you can use a code like this:

using OpenAI.Chat;
using System.ClientModel;

ChatClient client = new(model: "model", "key",
        new OpenAI.OpenAIClientOptions()
        { Endpoint = new Uri("http://localhost:1234/v1") });

ChatCompletion chatCompletion = client.CompleteChat(
    [
        new UserChatMessage("Say 'this is a test.'"),
    ]);

Console.WriteLine(chatCompletion.Content[0].Text);

The model and the key don’t seem to matter that much (or at least I worked on my machine). The localhost:1234 service is hosted by LM Studio on my machine. The actual model can be configured in LM Studio and there is a huge choice available.

Even streaming is supported:

AsyncCollectionResult<StreamingChatCompletionUpdate> updates
    = client.CompleteChatStreamingAsync("Write a short story about a pirate.");

Console.WriteLine($"[ASSISTANT]:");
await foreach (StreamingChatCompletionUpdate update in updates)
{
    foreach (ChatMessageContentPart updatePart in update.ContentUpdate)
    {
        Console.Write(updatePart.Text);
    }
}

Ollama

The obvious next question is: How can I run my own LLM on my own server? LM Studio works fine, but it’s just a development tool.

One answer could be: Ollama, which can run large language models and has a compatibility to the OpenAI API.

Is there an Ollama for .NET devs?

Ollama looks cool, but I was hoping to find an “OpenAI compatible .NET facade”. I already played with LLamaSharp, but LLamaSharp doesn’t offer currently a WebApi, but there are some ideas around. My friend Gregor Biswanger released OllamaApiFacade, which looks promising, but at least it doesn’t offer a real OpenAI compatible .NET facade, but maybe this will be added in the future.

Acknowledgment

Thanks to the .NET User Group for hosting the meetup, and a special thanks to my good friend Oliver Guhr, who was also the speaker!

Hope this helps!

Entity Framework Core 8.0 Breaking Changes & SQL Compatibility Level

Sun, 08 Sep 2024 23:59:00 +0000

We recently switched from .NET 6 to .NET 8 and encountered the following Entity Framework Core error:

Microsoft.Data.SqlClient.SqlException: 'Incorrect syntax near the keyword 'WITH'....

The EF code uses the Contains method as shown below:

var names = new[] { "Blog1", "Blog2" };

var blogs = await context.Blogs
    .Where(b => names.Contains(b.Name))
    .ToArrayAsync();

Before .NET 8 this would result in the following Sql statement:

SELECT [b].[Id], [b].[Name]
FROM [Blogs] AS [b]
WHERE [b].[Name] IN (N'Blog1', N'Blog2')

… and with .NET 8 it uses the OPENJSON function, which is not supported on older versions like SQL Server 2014 or if the compatibility level is below 130 (!)

See this blogpost for more information about the OPENJSON change.

The fix is “simple”

Ensure you’re not using an unsupported SQL version and that the Compatibility Level is at least on level 130.

If you can’t change the system, then you could also enforce the “old” behavior with a setting like this (not recommended, because it is slower!)

...
.UseSqlServer(@"<CONNECTION STRING>", o => o.UseCompatibilityLevel(120));

How to make sure your database is on Compatibility Level 130?

Run this statement to check the compatibility level:

SELECT name, compatibility_level FROM sys.databases;

We updated our test/dev SQL Server and then moved all databases to the latest version with this SQL statement:

DECLARE @DBName NVARCHAR(255)
DECLARE @SQL NVARCHAR(MAX)

-- Cursor to loop through all databases
DECLARE db_cursor CURSOR FOR
SELECT name
FROM sys.databases
WHERE name NOT IN ('master', 'tempdb', 'model', 'msdb') -- Exclude system databases

OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @DBName

WHILE @@FETCH_STATUS = 0
BEGIN
    -- Construct the ALTER DATABASE command
    SET @SQL = 'ALTER DATABASE [' + @DBName + '] SET COMPATIBILITY_LEVEL = 150;'
    EXEC sp_executesql @SQL

    FETCH NEXT FROM db_cursor INTO @DBName
END

CLOSE db_cursor
DEALLOCATE db_cursor

Check EF Core Breaking Changes

There are other breaking changes, but only the first one affected us: Breaking Changes

Hope this helps!

Connection Resiliency for Entity Framework Core and SqlClient

Mon, 02 Sep 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

If you work with SQL Azure you might find this familiar:

Unexpected exception occurred: An exception has been raised that is likely due to a transient failure. Consider enabling transient error resiliency by adding ‘EnableRetryOnFailure’ to the ‘UseSqlServer’ call.

EF Core Resiliency

The above error already shows a very simple attempt to “stabilize” your application. If you are using Entity Framework Core, this could look like this:

protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
    optionsBuilder
        .UseSqlServer(
            @"Server=(localdb)\mssqllocaldb;Database=EFMiscellanous.ConnectionResiliency;Trusted_Connection=True;ConnectRetryCount=0",
            options => options.EnableRetryOnFailure());
}

The EnableRetryOnFailure-Method has a couple of options, like a retry count or the retry delay.

If you don’t use the UseSqlServer-method to configure your context, there are other ways to enable this behavior: See Microsoft Docs

Microsoft.Data.SqlClient - Retry Provider

If you use the “plain” Microsoft.Data.SqlClient NuGet Package to connect to your database have a look at Retry Logic Providers

A basic implementation would look like this:

// Define the retry logic parameters
var options = new SqlRetryLogicOption()
{
    // Tries 5 times before throwing an exception
    NumberOfTries = 5,
    // Preferred gap time to delay before retry
    DeltaTime = TimeSpan.FromSeconds(1),
    // Maximum gap time for each delay time before retry
    MaxTimeInterval = TimeSpan.FromSeconds(20)
};

// Create a retry logic provider
SqlRetryLogicBaseProvider provider = SqlConfigurableRetryFactory.CreateExponentialRetryProvider(options);

// Assumes that connection is a valid SqlConnection object 
// Set the retry logic provider on the connection instance
connection.RetryLogicProvider = provider;
// Establishing the connection will retry if a transient failure occurs.
connection.Open();

You can set a RetryLogicProvider on a Connection and on a SqlCommand.

Some more links and tips

These two options seem to be the “low-level-entry-points”. Of course could you wrap each action with a library like Polly.

During my research I found a good overview: Implementing Resilient Applications.

Hope this helps!

UrlEncode the Space Character

Tue, 20 Aug 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

This might seem trivial, but last week I noticed that the HttpUtility.UrlEncode(string) encodes a space ` ` into +, whereas the JavaScript encodeURI(string) method encodes a space as %20. This brings up the question:

Why?

It seems that in the early specifications, a space was encoded into a +, see this Wikipedia entry:

When data that has been entered into HTML forms is submitted, the form field names and values are encoded and sent to the server in an HTTP request message using method GET or POST, or, historically, via email.[3] The encoding used by default is based on an early version of the general URI percent-encoding rules,[4] with a number of modifications such as newline normalization and replacing spaces with + instead of %20. The media type of data encoded this way is application/x-www-form-urlencoded, and it is currently defined in the HTML and XForms specifications. In addition, the CGI specification contains rules for how web servers decode data of this type and make it available to applications.

This convention has persisted to this day. For instance, when you search something on Google or Bing with a space in the query, the space is encoded as a +.

There seems to be some rules however, e.g. it is only “allowed” in the query string or as form parameters.

I found the question & answers on StackOverflow quite informative, and this answer summarizes it well enough for me:

| standard      | +   | %20 |
|---------------+-----+-----|
| URL           | no  | yes |
| query string  | yes | yes |
| form params   | yes | no  |
| mailto query  | no  | yes |

What about .NET?

If you want to always encode spaces as %20, use the UrlPathEncode method, see here.

You can encode a URL using with the UrlEncode method or the UrlPathEncode method. However, the methods return different results. The UrlEncode method converts each space character to a plus character (+). The UrlPathEncode method converts each space character into the string “%20”, which represents a space in hexadecimal notation. Use the UrlPathEncode method when you encode the path portion of a URL in order to guarantee a consistent decoded URL, regardless of which platform or browser performs the decoding.

Hope this helps!

dsregcmd, WAM and 'Connected to Windows'-Accounts

Tue, 06 Aug 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

I was researching if it is possible to have a “real” single-sign-on experience with Azure AD/Entra ID and third-party desktop applications and I stumbled across a few things during my trip.

“Real” SSO?

There are a bunch of definitions out there about SSO. Most of the time, SSO just means: You can use the same account in different applications.

But some argue that a “real” SSO experience should mean: You log in to your Windows Desktop environment, and that’s it - each application should just use the existing Windows account.

Problems

With “Integrated Windows Auth,” this was quite easy, but with Entra ID, it seems really hard. Even Microsoft seems to struggle with this task, because even Microsoft Teams and Office need at least a hint like an email address to sign in the actual user.

Solution?

I _didn’t__ found a solution for this (complex) problem, but I found a few interesting tools/links that might help achieve it.

Please let me know if you find a solution 😉

“dsregcmd”

There is a tool called dsregcmd, which stands for “Directory Service Registration” and shows how your device is connected to Azure AD.

PS C:\Users\muehsig> dsregcmd /?
DSREGCMD switches
                        /? : Displays the help message for DSREGCMD
                   /status : Displays the device join status
               /status_old : Displays the device join status in old format
                     /join : Schedules and monitors the Autojoin task to Hybrid Join the device
                    /leave : Performs Hybrid Unjoin
                    /debug : Displays debug messages
               /refreshprt : Refreshes PRT in the CloudAP cache
          /refreshp2pcerts : Refreshes P2P certificates
          /cleanupaccounts : Deletes all WAM accounts
             /listaccounts : Lists all WAM accounts
             /UpdateDevice : Update device attributes to Azure AD

In Windows 11 - as far as I know - a new command was implemented: /listaccounts

dsregcmd /listaccounts

This command lists all “WAM” accounts from my current profile:

The ...xxxx... is used to hide information

PS C:\Users\muehsig> dsregcmd /listaccounts
Call ListAccounts to list WAM accounts from the current user profile.
User accounts:
Account: u:a17axxxx-xxxx-xxxx-xxxx-1caa2b93xxxx.85c7xxxx-xxxx-xxxx-xxxx-34dc6b33xxxx, user: [email protected], authority: https://login.microsoftonline.com/85c7xxxx-xxxx-xxxx-xxxx-34dc6b33xxxx.
Accounts found: 1.
Application accounts:
Accounts found: 0.
Default account: u:a17axxxx-xxxx-xxxx-xxxx-1caa2b93xxxx.85c7xxxx-xxxx-xxxx-xxxx-34dc6b33xxxx, user: [email protected].

What is WAM?

It’s not the cool x-mas band with the fancy song (that we all love!).

WAM stands for Web Account Manager and it integrates with the Windows Email & accounts setting:

WAM can also be used to obtain a Token - which might be the right direction for my SSO question, but I couldn’t find the time to test this out.

“Connected to Windows”

This is now pure speculation, because I couldn’t find any information about it, but I think the “Connected to Windows” hint here:

… is based on the Email & accounts setting (= WAM), and with dsregcmd /listaccounts I can see diagnostic information about it.

“Seamless single sign-on”

I found this troubleshooting guide and it seems that there is a thing called “seamless single sign-on”, but I’m not 100% sure if this is more a “Development” topic or “IT-Pro” topic (or a mix of both).

TIL

I (and you!) have learned about a tool called dsregcmd.

Try out the dsregcmd /status, it’s like ipconfig /all, but for information about AD connectivity.

WAM plays an important part with the “Email & accounts” setting and maybe this is the right direction for the actual SSO topic.

Open questions…

Some open questions:

Why does dsregcmd /listAccounts only list one account when I have two accounts attached under the “WAM” (see screenshot - a Azure AD account AND an Microsoft account)?
Where does “Connected to Windows” come from? How does the browser know this?
What is “seamless single-sign-on”?

Hope this helps!

SQL ConnectionString: Encrypt & Trust Server Certificate

Mon, 22 Jul 2024 23:59:00 +0000

This is more of a “Today-I-Learned” post and not a “full-blown How-To article.” If something is completely wrong, please let me know - thanks!

In our product, we store all data in an MS SQL database. One of our clients had issues with the SQL connection, and I want to share what I learned about SQL Encryption and how (some) properties of the Connection String affect the behavior.

Basic SQL Connection String

In general, we have a pretty easy setup:

Our application reads a typical connection string that looks like this Data Source=your-sql-server.yourcorp.local;Initial Catalog=database_x;User ID=username;Password=password_here;MultipleActiveResultSets=True;Encrypt=False or (for Windows Authentication) Integrated Security=true instead of User ID=username;Password=password_here, and uses the (new) Microsoft.Data.SqlClient to connect to the database.

Let’s look at all applied properties:

Data Source points to the actual network address of the SQL Server instance.
Initial Catalog points to the actual database.
MultipleActiveResultSets is a good topic for another blogpost. I always enabled it in the past because of some Entity Framework issues, but it seems MARS is only needed and useful in certain scenarios.
The auth part is handled via IntegratedSecurity or User-Id

Since Version 4.0 of the Microsoft.Data.SqlClient the Encrypt property defaults to true instead of false, and now we are entering the field of encryption…

Encryption

We usally use Encrypt=False, because in most cases, there is no proper certificate installed on the SQL Server - at least this is our experience with our clients. If a client has a proper setup, we recommend using it, of course, but most of the time there is none.

With Encrypt=True, the data between the client and the server is TLS encrypted (and this is a good thing, and the breaking change therefore had a good intention).

If you are interested how to set it up, this might be a good starting point for you: Configure SQL Server Database Engine for encrypting connections

In some cases, your client might not be able to trust the server certificate (e.g. there is just a self-signed cert installed on the SQL server). Then you can disable the certification validation via TrustServerCertification, but this shouldn’t be used (at least in production) or handled with care. If the certificate doesn’t match the name of the Data Source, then you can use HostNameInCertificate.

What have I learned?

I already knew about Encrypt=True or Encrypt=False, but the behavior of TrustServerCertification (and when to use it) was new for me. This Stackoverflow-question helped me a lot to discover it.

Hope this helps!

LLamaSharp: Run a ChatGPT like system on your hardware for dummies

Wed, 15 May 2024 23:59:00 +0000

TL;DR summary: Check out the LLamaSharp Quick Start and you will find everything that you need to know

ChatGPT (and all those Microsoft Copilots out there that were build on top of this) is currently the synonym for AI based chat systems. As a dev you can just use the Azure OpenAI Services and integrate this in your app - I blogged about this last year.

The only “downside” is, that you rely on a cloud system, that costs money and you need to trust the overall system and as a tech nerd it is always “cool” to host stuff yourself. Of course, there are a lot of other good reasons why hosting such a system yourself is a good idea, but we just stick with “it is cool” for this blogpost. (There are tons of reasons why this is a stupid idea as well, but we might do it anyway just for fun.)

Is there something for .NET devs?

My AI knowledge is still quite low and I’m more a “.NET backend developer”, so I was looking for an easy solution for my problem and found “LLamaSharp”.

This blogpost and my experiment was inspired by Maarten Balliauws blog post “Running Large Language Models locally – Your own ChatGPT-like AI in C#”, which is already a year old, but still a good intro in this topic.

LLamaSharp

From their GitHub Repo:

LLamaSharp is a cross-platform library to run 🦙LLaMA/LLaVA model (and others) on your local device. Based on llama.cpp, inference with LLamaSharp is efficient on both CPU and GPU. With the higher-level APIs and RAG support, it’s convenient to deploy LLM (Large Language Model) in your application with LLamaSharp.

Be aware: This blogpost is written with LLamaSharp version 0.12.0 - Maartens blogpost is based on version 0.3.0 and the model he was using is not working anymore.

This sounds really good - let’s checkout the quick start

The basic steps are easy: Just add the LLamaSharp and LLamaSharp.Backend.Cpu NuGet package to your project and then search for a model… but where?

The model

From the quick start:

There are two popular format of model file of LLM now, which are PyTorch format (.pth) and Huggingface format (.bin). LLamaSharp uses GGUF format file, which could be converted from these two formats. To get GGUF file, there are two options:

Search model name + ‘gguf’ in Huggingface, you will find lots of model files that have already been converted to GGUF format. Please take care of the publishing time of them because some old ones could only work with old version of LLamaSharp.

Convert PyTorch or Huggingface format to GGUF format yourself. Please follow the instructions of this part of llama.cpp readme to convert them with the python scripts.

Generally, we recommend downloading models with quantization rather than fp16, because it significantly reduce the required memory size while only slightly impact on its generation quality.

Okay… I ended up using the huggingface-search-approach and picked the Phi-3-mini-4k-instruct-gguf, because I heard about it somewhere.

Code

After the initial search and download I could just copy/paste the quick start code in my project and hit run:

using LLama.Common;
using LLama;

string modelPath = @"C:\temp\Phi-3-mini-4k-instruct-q4.gguf"; // change it to your own model path.

var parameters = new ModelParams(modelPath)
{
    ContextSize = 1024, // The longest length of chat as memory.
    GpuLayerCount = 2 // How many layers to offload to GPU. Please adjust it according to your GPU memory.
};
using var model = LLamaWeights.LoadFromFile(parameters);
using var context = model.CreateContext(parameters);
var executor = new InteractiveExecutor(context);

// Add chat histories as prompt to tell AI how to act.
var chatHistory = new ChatHistory();
chatHistory.AddMessage(AuthorRole.System, "Transcript of a dialog, where the User interacts with an Assistant named Bob. Bob is helpful, kind, honest, good at writing, and never fails to answer the User's requests immediately and with precision.");
chatHistory.AddMessage(AuthorRole.User, "Hello, Bob.");
chatHistory.AddMessage(AuthorRole.Assistant, "Hello. How may I help you today?");

ChatSession session = new(executor, chatHistory);

InferenceParams inferenceParams = new InferenceParams()
{
    MaxTokens = 256, // No more than 256 tokens should appear in answer. Remove it if antiprompt is enough for control.
    AntiPrompts = new List<string> { "User:" } // Stop generation once antiprompts appear.
};

Console.ForegroundColor = ConsoleColor.Yellow;
Console.Write("The chat session has started.\nUser: ");
Console.ForegroundColor = ConsoleColor.Green;
string userInput = Console.ReadLine() ?? "";

while (userInput != "exit")
{
    await foreach ( // Generate the response streamingly.
        var text
        in session.ChatAsync(
            new ChatHistory.Message(AuthorRole.User, userInput),
            inferenceParams))
    {
        Console.ForegroundColor = ConsoleColor.White;
        Console.Write(text);
    }
    Console.ForegroundColor = ConsoleColor.Green;
    userInput = Console.ReadLine() ?? "";
}

The result is a “ChatGPT-like” chat bot (maybe not so smart, but it runs quick ok-ish on my Dell notebook:

Summary

After some research which model can be used with LLamaSharp it went really smoothly (even for a .NET dummy like me).

Hope this helps!

dotnet dev-certs https - How .NET Issues Your Local Dev HTTPS Certificate

Fri, 15 Mar 2024 23:59:00 +0000

If you start developing a ASP.NET Core application you will notice that your site is running under “http s ://localhost:1234” and that your browser is happy to accept it - so there are some questions to be asked.

Why HTTPS on your local dev box?

The first question might be: Why is HTTPS on your local dev box even needed?

At least two reasons for this (from my perspective):

Browsers love HTTPS nowadays. There are some features, like websockets, that refuse to work with HTTP. I’m not 100% aware of all the problems, but running a webapp under HTTP in 2024 is painful (and rightfully so!).
Integration with other services is mostly forbidden. If you rely on a 3rd party authentication system (e.g. Microsoft/Facebook/Google/Apple Login) they might accept “localhost” as a reply address, but might deny HTTP addresses.

I wouldn’t count “security” as an issue here, because you are developing on your own system. If there is something on your machine HTTPS won’t help you at that point.

How does ASP.NET Core issues a valid & trusted cert?

I’m not exactly sure when this happens, as it was already installed on my development machine.

Either when you install the Visual Studio workload for ASP.NET Core or if you create your very first ASP.NET Core application the dev cert for localhost will be issued.

But how?

The .NET SDK ships with a CLI tool called dotnet dev-certs https and this tool issues the certificate. The output of this command will look like this if a valid and trusted certificate is found::

PS C:\Users\muehsig> dotnet dev-certs https
A valid HTTPS certificate is already present.

dev-certs https

There are other options available:

PS C:\Users\muehsig> dotnet dev-certs https --help


Usage: dotnet dev-certs https [options]

Options:
  -ep|--export-path  Full path to the exported certificate
  -p|--password      Password to use when exporting the certificate with the private key into a pfx file or to encrypt the Pem exported key
  -np|--no-password  Explicitly request that you don't use a password for the key when exporting a certificate to a PEM format
  -c|--check         Check for the existence of the certificate but do not perform any action
  --clean            Cleans all HTTPS development certificates from the machine.
  -i|--import        Imports the provided HTTPS development certificate into the machine. All other HTTPS developer certificates will be cleared out
  --format           Export the certificate in the given format. Valid values are Pfx and Pem. Pfx is the default.
  -t|--trust         Trust the certificate on the current platform. When combined with the --check option, validates that the certificate is trusted.
  -v|--verbose       Display more debug information.
  -q|--quiet         Display warnings and errors only.
  -h|--help          Show help information

What happens when the cert is no longer valid?

This is an interesting one, because I had this experience just this week (and that’s the reason for this blogpost).

A certificate needs to be in the certification store to be considered trusted. That means your “localhost”-dev cert will be stored in your personal certification store (at least on Windows):

As you can see, the command dotnet dev-certs https --check --trust will return something like this:

A trusted certificate was found: E7A2FB302F26BCFFB7C21801C09081CF2FAAAD2C - CN=localhost - Valid from 2024-03-13 11:12:10Z to 2025-03-13 11:12:10Z - IsHttpsDevelopmentCertificate: true - IsExportable: true

If the certificate is stale, then your browser won’t accept it anymore and your web application will start, but can’t be viewed because your browser will refuse it.

How to repair invalid certificates?

Use the two commands and it should work again:

dotnet dev-certs https --clean

…which will remove the old certification and…

dotnet dev-certs https --trust

… to issue a new cert and invoke the trust dialog from Windows.

If it works…

There are some more options, e.g. to export the certificate, which can be useful in certain scenarios, but if you can use HTTPS on your local development machine and everything works you shouldn’t have to bother. If you want to learn more, checkout the dotnet dev-certs documentation.

Hope this helps!

.NET Upgrade Assistant

Thu, 07 Mar 2024 23:59:00 +0000

For those facing the challenge of migrating their .NET Framework-based application to the modern .NET stack, Microsoft’s “Upgrade Assistant” is highly recommended:

What is the “Upgrade Assistant”?

The “Upgrade Assistant” is a tool that can integrate into Visual Studio or be accessed via CLI. If you install the extension for Visual Studio you will have a new option “Upgrade project” available in your Solution Explorer.

.NET Framework to “new” and more…

Its main use case is upgrading .NET Framework-based WPF, WinForms, class libraries, or web applications to the newest .NET version. Besides this, the tool offers some other migration paths as well, e.g. from UWP to WinUI 3.

You even can use the tool to migrate from an older .NET Core version to a newer version (but - to be honest: those upgrades are quite easy in contrast to the .NET Framework to .NET Core migration).

Depending on the project type, the assistant allows for an “In-Place Upgrade,” “Side-by-Side,” or “Side-by-Side Incremental” upgrade.

“In-Place Upgrade” means that the existing code is directly modified.
“Side-by-Side” means that a new project is created and migration to the latest version is based on a copy.
“Side-by-Side Incremental,” to my knowledge, is only available for ASP.NET web applications. Here, a new .NET Core project is added in parallel, and a sort of “bridge” is built in the original .NET project. This seems to me to be clever on the one hand but also very risky on the other.

You can see those upgrade methods in the video above.

Is it good?

We have used (or at least tested) the Assistant for upgrading WPF and class libraries to .NET Core and it helps to identify problems (e.g. if a NuGet package or any “old” framework code is not compatible). My verdict: If you need to upgrade your code, you should give it a try. In a more complex code base, it will sometimes mess with the code, but it still helps to give directions.

Hope this helps!

WinUI 3 Community Toolkit and the Template Studio

Sat, 24 Feb 2024 23:59:00 +0000

In my last post “First steps with WinUI 3” I already mentioned the “WinUI 3 Gallery”-App, but I missed mentioning two great resources.

If you take a deeper look at the “Home” page, you will spot the Community Toolkit Gallery (another app) and the “Template Studio for WinUI”.

What is the Community Toolkit?

The Community Toolkit is a community-driven collection of components and other helpers.

The “home” of the Community Toolkit can be found on GitHub

As of today, the Community Toolkit seems “alive” with recent commits in February 2024.

Interesting fact: The controls from the toolkit seems to work with the Uno Platform as well.

What is the Template Studio?

Template Studio is an addin for Visual Studio and can be installed from the Marketplace.

This adds the ‘Template Studio for WinUI’ template to Visual Studio:

After the usual “pick a name and location” you will be greeted with this Wizard:

The first step is to select a “Project type”:

In the next step you choose a “Design pattern” - which has only one item… well.

In “Pages” you can create your “views/pages” based on a given layout:

Some pages can only be added once (e.g. the “Settings”), but most pages can be added multiple times.

In “Features” you can add some WinUI 3 related features:

In the last setting you can decide if you want to add an MSTest project as well:

The result is the following Visual Studio solution, which includes two projects and a number of TODO items:

If you run the code a pretty simple app with your configured pages will be found:

Warning: Such code generators might be a good starting point, but (as always with such generators) the code might be “too stupid” or “too complicated” - depending on your needs.

Any other useful resource?

I’m a newbie with WinUI 3. The Community Toolkit looks promising and even the Template Studio looks good - at least from a few minutes playtime. If anyone has other useful resource: Please let me know (e.g. in the comments or via email).

Hope this helps!

First steps with WinUI 3

Mon, 12 Feb 2024 23:55:00 +0000

Developing desktop apps for Windows is quite complex in 2024. There are some “old school” frameworks like WPF or WinForms (or even older stuff) and there is this confusing UWP (but I think it’s dead). The “modern stack” seems to be WinUI - so let’s take a look.

See here

What is WinUI?

WinUI is the “modern” version of WPF without the (dumb?) constraints from UWP. You can of course use your typical “Windows” programming languages (like C# or C++).

If you heard of UWP. The “Universal Windows Platform” was a good idea but failed, because - at least from my limited testing - the platform was very strict and you couldn’t do the same stuff that you can do with WPF/WinForms.

WinUI 1 and 2 were targeted at UWP (if I remember correctly) and with WinUI 3 Microsoft decided to lift those UWP constraints and with it we get a modern desktop stack based on the “known” XAML.

In summary:

WinUI 3 apps can be used for apps that run on Windows 11 and Windows 10 and can be distributed via the Microsoft Store and you can do the same crazy stuff that you love about WPF/WinForms.

Does anybody outside of Microsoft use WinUI?

WinUI is used in Windows 11, e.g. the settings or the new explorer - which is nice, but it would be good, if we found a non-Microsoft app that uses this tech, right?

Thankfully last week Apple decided to release Apple Music (and other apps) as a native Windows app and it seems (confirmed) like it was written with WinUI:

If Apple uses this tech, it seems “safe enough” for some exploration.

How to get started?

You will need Visual Studio 2022. Be aware, that even if you check all those desktop related workloads in the installer the WinUI 3 templates are still missing.

For the WinUI 3 templates you will need to install the Windows App SDK.

Visual Studio Templates

After the Windows App SDK is installed we finally have the templates in Visual Studio:

The default Blank App, Packaged (WinUI 3 in Desktop) is… well… quite blank:

If you start the application, you will see this:

Packaged vs. Unpacked

If you check the toolbar, you will notice the App 6 (Package) debug button. Packaged Apps can access some Windows APIs (e.g. custom context menu extensions) that Unpackaged Apps can’t. Unpackaged Apps on the other hand act like WPF apps - e.g. they have a “normal” .exe and can be distributed like any .exe-file.

This documentation page should cover this topic.

Let’s say we want to have a “proper” myApp.exe app, then the Unpackaged App is the way to go. If you choose the App 6 (Unpackaged) debug option you might see this weird error:

XamlCheckProcessRequirements();

Exception Unhandled:
System.DllNotFoundException: 'Unable to load DLL 'Microsoft.ui.xaml.dll' or one of its dependencies: The specified module could not be found. (0x8007007E)'

To fix this, you will need to add this to the .csproj:

	<PropertyGroup>
		...
		<WindowsPackageType>None</WindowsPackageType>
        ...
	</PropertyGroup>

After that the debug button should start the application and you should be able to start the .exe.

Samples

Ok, the most basic steps are done - now what?

To get a feeling about what is possible and what not, you should install the WinUI 3 Gallery app.

This application should give a some guidiance.

Hope this helps!

Note: I’m a beginner with WinUI 3 and just want to show other people the first few steps - if I miss something, just write me a comment! Thanks <3

How Windows locates an executable via PATH or App Paths

Wed, 17 Jan 2024 23:55:00 +0000

If you’ve ever worked with the Windows operating system, especially in a programming context, you might have used the Process.Start(yourapp) (e.g. Process.Start(Outlook)) method in languages like C#. This method is used to start a process - essentially to run an executable file. But have you ever stopped to think about how Windows knows where to find the executables you’re trying to run? Let’s dive into the inner workings of Windows and uncover this mystery.

Understanding the PATH Environment Variable

One of the first things that come into play is the PATH environment variable. This variable is crucial for the operating system to locate the executables.

What is the PATH Variable?

The PATH environment variable is a system-wide or user-specific setting that lists directories where executable files are stored. When you run a command in the command prompt or use Process.Start(...), Windows looks through these directories to find the executable file.

The PATH environment variable can be viewed via the system settings:

… there is also a nice editor now build into Windows for the PATH environment variable:

How Does PATH Work?

If the executable is not in the current directory, Windows searches through each directory specified in the PATH variable. The order of directories in PATH is important - Windows searches them in the order they are listed. If it finds the executable in one of these directories, it runs it.

However, the PATH variable isn’t the only mechanism at play here.

The Role of App Paths in the Windows Registry

Another less-known but equally important component is the “App Paths” registry key. This key is located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths.

Understanding App Paths

The App Paths key is used to specify paths to specific applications. Each application can have its entry under the App Paths key, which means that Windows can find and run these applications even if their directories are not listed in the PATH variable.

How Do App Paths Work?

When you use Process.Start(...) and specify an application name like “OUTLOOK”, Windows first checks the App Paths registry key before it checks the PATH variable. If it finds an entry for the application here, it uses this path to start the application. This is particularly useful for applications that are not in common directories or have multiple executables in different locations.

Conclusion

Both PATH and App Paths play significant roles. While PATH is great for general-purpose directory searching (especially for system utilities and command-line tools), App Paths is more specific and tailored for individual applications.

There are probably even more options out there besides PATH and App Paths - Windows is full of hidden gems like this 😉.

Fun fact: I only discovered App Paths while debugging a problem. We use Process.Start(OUTLOOK) to start Microsofts Outlook Client and I was wondering why this even works.

Hope this helps!

.NET ('.NET Core') and Proxy Settings

Fri, 12 Jan 2024 22:55:00 +0000

If your .NET (“.NET Core”) program is running on a system that specifies strict proxy settings, you must either handle these settings in your application itself or use these environment variables.

Since I had this problem from time to time and the procedure was not 100% clear to me, I am now recording it here on the blog.

“DefaultProxy”

If you don’t specify any proxy, then the DefaultProxy is used and depending on your operation system the following will be used:

(Copied from here)

For Windows: Reads proxy configuration from environment variables or, if those are not defined, from the user’s proxy settings.

For macOS: Reads proxy configuration from environment variables or, if those are not defined, from the system’s proxy settings.

For Linux: Reads proxy configuration from environment variables or, in case those are not defined, this property initializes a non-configured instance that bypasses all addresses. The environment variables used for DefaultProxy initialization on Windows and Unix-based platforms are:

HTTP_PROXY: the proxy server used on HTTP requests. HTTPS_PROXY: the proxy server used on HTTPS requests. ALL_PROXY: the proxy server used on HTTP and/or HTTPS requests in case HTTP_PROXY and/or HTTPS_PROXY are not defined. NO_PROXY: a comma-separated list of hostnames that should be excluded from proxying. Asterisks are not supported for wildcards; use a leading dot in case you want to match a subdomain. Examples: > NO_PROXY=.example.com (with leading dot) will match www.example.com, but will not match example.com. NO_PROXY=example.com (without leading dot) will not match www.example.com. This behavior might be > revisited in the future to match other ecosystems better.

Scenario: Web-App that needs external & “internal” Web-APIs

We often had the following problem: Our web application needs to contact external services. This means, that we must use the proxy. At the same time, our web application also wants to communicate with other web APIs on the same machine, but the proxy does not allow this (the proxy can’t return the request to the same machine - not sure why).

It should be noted that the “IIS account” or “Network Service” did NOT have a proxy setting itself, i.e. the “User Proxy Settings” were always empty.

Solution:

We used the following proxy settings and it worked:

ALL_PROXY = proxyserver.corp.acme.com
NO_Proxy = internalserver.corp.acme.com

Our web application and our internal web api were running on “internalserver.corp.acme.com”. Each request to external services were routed through the proxy and each “internal” request didn’t touch the proxy.

IE-Proxy Settings:

This solution should work fine on “Server-Environments”. If you have a desktop application, then the “Default Proxy” handling should do the trick. In some special cases the “IE proxy setting” handling might be needed. If you want to learn more about this, read this blogpost: How to use IE proxy settings with HttpClient.

Hope this helps!

Limit Active Directory property access

Wed, 20 Sep 2023 23:55:00 +0000

Be aware: I’m not a full time administrator and this post might sound stupid to you.

The Problem

We access certain Active Directory properties with our application, and on one customer domain, we couldn’t retrieve any data via our Active Directory component.

Solution

After some debugging and doubts about our functionality, the customer admin and I found the reason: Our code was running under a Windows account that was very limited and couldn’t read those properties.

If you have similar problems, you might want to look into the AD User & Group management.

First step: You need to active the advanced features:

Now navigate to your “user OU” or the target users and check the security tab. The goal is to grant your service account the permission to read the needed property. To do that, go to the advanced view, and add a new permission or change an existing one:

Here you should be able to see a huge dialog with all available properties and grant the read permission for the target property for your service account.

Solution via CMD

The UI is indeed quite painful to use. If you know what you are doing you can use dsacls.exe.

To grant the read permission for tokenGroups for a certain service account you can use the tool like this:

dsacls "OU=Users,DC=company,DC=local" /I:S /G "service_account":rp;tokenGroups;user

Hope this helps!

Zip deployment failed on Azure

Tue, 05 Sep 2023 23:55:00 +0000

The Problem

We are using Azure App Service for our application (which runs great BTW) and deploy it automatically via ZipDeploy. This basic setup was running smoth, but we noticed that at some point the deployment failed with these error messages:

2023-08-24T20:48:56.1057054Z Deployment endpoint responded with status code 202
2023-08-24T20:49:15.6984407Z Configuring default logging for the app, if not already enabled
2023-08-24T20:49:18.8106651Z Zip deployment failed. {'id': 'temp-b574d768', 'status': 3, 'status_text': '', 'author_email': 'N/A', 'author': 'N/A', 'deployer': 'ZipDeploy', 'message': 'Deploying from pushed zip file', 'progress': '', 'received_time': '2023-08-24T20:48:55.8916655Z', 'start_time': '2023-08-24T20:48:55.8916655Z', 'end_time': '2023-08-24T20:49:15.3291017Z', 'last_success_end_time': None, 'complete': True, 'active': False, 'is_temp': True, 'is_readonly': False, 'url': 'https://[...].scm.azurewebsites.net/api/deployments/latest', 'log_url': 'https://[...].scm.azurewebsites.net/api/deployments/latest/log', 'site_name': '[...]', 'provisioningState': 'Failed'}. Please run the command az webapp log deployment show
2023-08-24T20:49:18.8114319Z                            -n [...] -g production

or this one (depending on how we invoked the deployment script):

Getting scm site credentials for zip deployment
Starting zip deployment. This operation can take a while to complete ...
Deployment endpoint responded with status code 500
An error occured during deployment. Status Code: 500, Details: {"Message":"An error has occurred.","ExceptionMessage":"There is not enough space on the disk.\r\n","ExceptionType":"System.IO.IOException","StackTrace":" 

“There is not enough space on the disk”?

The message There is not enough space on the disk was a good hint, but according to the File system storage everything should be fine with only 8% used.

Be aware - this is important: We have multiple apps on the same App Service plan!

Kudu to the rescure

Next step was to check the behind the scene environment via the “Advanced Tools” Kudu and there it is:

There are two different storages attached to the app service:

c:\home is the “File System Storage” that you can see in the Azure Portal and is quite large. App files are located here.
c:\local is a much smaller storage with ~21GB and if the space is used, then ZipDeploy will fail.

Who is using this space?

c:\local stores “mostly” temporarily items, e.g.:

Directory of C:\local

08/31/2023  06:40 AM    <DIR>          .
08/31/2023  06:40 AM    <DIR>          ..
07/13/2023  04:29 PM    <DIR>          AppData
07/13/2023  04:29 PM    <DIR>          ASP Compiled Templates
08/31/2023  06:40 AM    <DIR>          Config
07/13/2023  04:29 PM    <DIR>          DomainValidationTokens
07/13/2023  04:29 PM    <DIR>          DynamicCache
07/13/2023  04:29 PM    <DIR>          FrameworkJit
07/13/2023  04:29 PM    <DIR>          IIS Temporary Compressed Files
07/13/2023  04:29 PM    <DIR>          LocalAppData
07/13/2023  04:29 PM    <DIR>          ProgramData
09/05/2023  08:36 PM    <DIR>          Temp
08/31/2023  06:40 AM    <DIR>          Temporary ASP.NET Files
07/18/2023  04:06 AM    <DIR>          UserProfile
08/19/2023  06:34 AM    <SYMLINKD>     VirtualDirectory0 [\\...\]
               0 File(s)              0 bytes
              15 Dir(s)  13,334,384,640 bytes free

The “biggest” item here was in our case under c:\local\Temp\zipdeploy:

 Directory of C:\local\Temp\zipdeploy

08/29/2023  04:52 AM    <DIR>          .
08/29/2023  04:52 AM    <DIR>          ..
08/29/2023  04:52 AM    <DIR>          extracted
08/29/2023  04:52 AM       774,591,927 jiire5i5.zip

This folder stores our ZipDeploy package, which is quite large with ~800MB. The folder also contains the extracted files - remember: We only have 21GB on this storage, but even if this zip file and the extracted files are ~3GB, there is still plenty of room, right?

Shared resources

Well… it turns out, that each App Service on a App Service plan is using this storage and if you have multiple App Services on the same plan, than those 21GB might melt away.

The “bad” part is, that the space is shared, but each App Services has it’s own c:\local folder (which makes sense). To free up memory we had to clean up this folder on each App Service like that:

rmdir c:\local\Temp\zipdeploy /s /q

TL;DR

If you have problems with ZipDeploy and the error message tells you, that there is not enough space, check out the c:\local space (and of course c:\home as well) and delete unused files. Sometimes a reboot might help as well (to clean up temp-files), but AFAIK those ZipDeploy files will survive that.

First steps with Azure OpenAI and .NET

Thu, 23 Mar 2023 23:55:00 +0000

The AI world is rising very fast these days: ChatGPT is such an awesome (and scary good?) service and Microsoft joined the ship with some partner announcements and investments. The result is of these actions is, that OpenAI is now a “first class citizen” on Azure.

So - for the average Microsoft/.NET developer this opens up a wonderful toolbox and the first steps are really easy.

Be aware: You need to “apply” to access the OpenAI service, but it took less then 24 hours for us to gain access to the service. I guess this is just a temporary thing.

Disclaimer: I’m not an AI/ML engineer and I only have a very “glimpse” knowledge about the technology behind GPT3, ChatGPT and ML in general. If in doubt, I always ask my buddy Oliver Guhr, because he is much smarter in this stuff. Follow him on Twitter!

1. Step: Go to Azure OpenAI Service

Search for “OpenAI” and you will see the “Azure OpenAI Service” entry:

2. Step: Create a Azure OpenAI Service instance

Create a new Azure OpenAI Service instance:

On the next page you will need to enter the subscription, resource group, region and a name (typical Azure stuff):

Be aware: If your subscription is not enabled for OpenAI, you need to apply here first.

3. Step: Overview and create a model

After the service is created you should see something like this:

Now go to “Model deployments” and create a model - I choosed “text-davinci-003”, because I think this is GPT3.5 (which was the initial ChatGPT release, GPT4 is currently in preview for Azure and you need to apply again.

My guess is, that you could train/deploy other, specialized models here, because this model is quite complex and you might want to tailor the model for your scenario to get faster/cheaper results… but I honestly don’t know how to do it (currently), so we just leave the default.

4. Step: Get the endpoint and the key

In this step we just need to copy the key and the endpoint, which can be found under “Keys and Endpoint”, simple - right?

5. Step: Hello World to our Azure OpenAI instance

Create a .NET application and add the Azure.AI.OpenAI NuGet package (currently in preview!).

dotnet add package Azure.AI.OpenAI --version 1.0.0-beta.5

Use this code:

using Azure.AI.OpenAI;
using Azure;

Console.WriteLine("Hello, World!");

OpenAIClient client = new OpenAIClient(
        new Uri("YOUR-ENDPOINT"),
        new AzureKeyCredential("YOUR-KEY"));

string deploymentName = "text-davinci-003";
string prompt = "Tell us something about .NET development.";
Console.Write($"Input: {prompt}");

Response<Completions> completionsResponse = client.GetCompletions(deploymentName, prompt);
string completion = completionsResponse.Value.Choices[0].Text;

Console.WriteLine(completion);

Console.ReadLine();

Result:

Hello, World!
Input: Tell us something about .NET development.

.NET development is a mature, feature-rich platform that enables developers to create sophisticated web applications, services, and applications for desktop, mobile, and embedded systems. Its features include full-stack programming, object-oriented data structures, security, scalability, speed, and an open source framework for distributed applications. A great advantage of .NET development is its capability to develop applications for both Windows and Linux (using .NET Core). .NET development is also compatible with other languages such as

As you can see… the result is cut off, not sure why, but this is just a simple demonstration.

Summary

With these basic steps you can access the OpenAI development world. Azure makes it easy to integrate in your existing Azure/Microsoft “stack”. Be aware, that you could also use the same SDK and use the endpoint from OpenAI. Because of billing reasons it is easier for us to use the Azure hosted instances.

Hope this helps!

Video on my YouTube Channel

If you understand German and want to see it in action, check out my video on my Channel:

How to fix: 'Microsoft.ACE.OLEDB.12.0' provider is not registered on the local machine

Sat, 18 Mar 2023 23:55:00 +0000

In our product we can interact with different datasource and one of these datasources was a Microsoft Access DB connected via OLEDB. This is really, really old, but still works, but on one customer machine we had this issue:

'Microsoft.ACE.OLEDB.12.0' provider is not registered on the local machine

Solution

If you face this issue, you need to install the provider from here.

Be aware: If you have a different error, you might need to install the newer provider - this is labled as “2010 Redistributable”, but still works with all those fancy Office 365 apps out there.

Important: You need to install the provider in the correct bit version, e.g. if you run under x64, install the x64.msi.

The solution comes from this Stackoverflow question.

Helper

The best tip from Stackoverflow was these powershell commands to check, if the provider is there or not:

(New-Object system.data.oledb.oledbenumerator).GetElements() | select SOURCES_NAME, SOURCES_DESCRIPTION 

Get-OdbcDriver | select Name,Platform

This will return something like this:

PS C:\Users\muehsig> (New-Object system.data.oledb.oledbenumerator).GetElements() | select SOURCES_NAME, SOURCES_DESCRIPTION

SOURCES_NAME               SOURCES_DESCRIPTION
------------               -------------------
SQLOLEDB                   Microsoft OLE DB Provider for SQL Server
MSDataShape                MSDataShape
Microsoft.ACE.OLEDB.12.0   Microsoft Office 12.0 Access Database Engine OLE DB Provider
Microsoft.ACE.OLEDB.16.0   Microsoft Office 16.0 Access Database Engine OLE DB Provider
ADsDSOObject               OLE DB Provider for Microsoft Directory Services
Windows Search Data Source Microsoft OLE DB Provider for Search
MSDASQL                    Microsoft OLE DB Provider for ODBC Drivers
MSDASQL Enumerator         Microsoft OLE DB Enumerator for ODBC Drivers
SQLOLEDB Enumerator        Microsoft OLE DB Enumerator for SQL Server
MSDAOSP                    Microsoft OLE DB Simple Provider


PS C:\Users\muehsig> Get-OdbcDriver | select Name,Platform

Name                                                   Platform
----                                                   --------
Driver da Microsoft para arquivos texto (*.txt; *.csv) 32-bit
Driver do Microsoft Access (*.mdb)                     32-bit
Driver do Microsoft dBase (*.dbf)                      32-bit
Driver do Microsoft Excel(*.xls)                       32-bit
Driver do Microsoft Paradox (*.db )                    32-bit
Microsoft Access Driver (*.mdb)                        32-bit
Microsoft Access-Treiber (*.mdb)                       32-bit
Microsoft dBase Driver (*.dbf)                         32-bit
Microsoft dBase-Treiber (*.dbf)                        32-bit
Microsoft Excel Driver (*.xls)                         32-bit
Microsoft Excel-Treiber (*.xls)                        32-bit
Microsoft ODBC for Oracle                              32-bit
Microsoft Paradox Driver (*.db )                       32-bit
Microsoft Paradox-Treiber (*.db )                      32-bit
Microsoft Text Driver (*.txt; *.csv)                   32-bit
Microsoft Text-Treiber (*.txt; *.csv)                  32-bit
SQL Server                                             32-bit
ODBC Driver 17 for SQL Server                          32-bit
SQL Server                                             64-bit
ODBC Driver 17 for SQL Server                          64-bit
Microsoft Access Driver (*.mdb, *.accdb)               64-bit
Microsoft Excel Driver (*.xls, *.xlsx, *.xlsm, *.xlsb) 64-bit
Microsoft Access Text Driver (*.txt, *.csv)            64-bit

Hope this helps! (And I hope you don’t need to deal with these ancient technologies for too long 😅)

Resource type is not supported in this subscription

Sat, 11 Mar 2023 23:55:00 +0000

I was playing around with some Visual Studio Tooling and noticed this error during the creation of a “Azure Container Apps”-app:

Resource type is not supported in this subscription

Solution

The solution is quite strange at first, but in the super configurable world of Azure it makes sense: You need to activate the Resource provider for this feature on your subscription. For Azure Container Apps you need the Microsoft.ContainerRegistry-resource provider registered:

It seems, that you can create such resources via the Portal, but if you go via the API (which Visual Studio seems to do) the provider needs to be registered at first.

Some resource providers are “enabled by default”, other providers needs to be turned on manually. Check out this list for a list of all resource providers and the related Azure service.

Be careful: I guess you should only enable the resource providers that you really need, otherwise your attack surface will get larger.

To be honest: This was completly new for me - I do Azure since ages and never had to deal with resource providers. Always learning ;)

Hope this helps!

Azure DevOps Server 2022 Update

Wed, 15 Feb 2023 23:15:00 +0000

Azure DevOps Server 2022 - OnPrem?

Yes I know - you can get everything from the cloud nowadays, but we are still using our OnPrem hardware and were running the “old” Azure DevOps Server 2020. The _Azure DevOps Server 2022 was released last december, so an update was due.

Requirements

If you are running am Azure DevOps Server 2020 the requirements for the new 2022 release are “more or less” the same except the following important parts:

Supported server operation systems: Windows Server 2022 & Windows Server 2019 vs. the old Azure DevOps Server 2020 could run under a Windows Server 2016
Supported SQL Server versions: Azure SQL Database, SQL Managed Instance, SQL Server 2019, SQL Server 2017 vs. the old Azure DevOps Server supported SQL Server 2016.

Make sure you have a backup

The last requirement was a suprise for me, because I thought the update should run smoothly, but the installer removed the previous version and I couldn’t update, because our SQL Server was still on SQL Server 2016. Fortunately we had a VM backup and could rollback to the previous version.

Step for Step

The update process itself was straightforward: Download the installer and run it.

The screenshots are from two different sessions. If you look carefully on the clock you might see that the date is different, that is because of the SQL Server 2016 problem.

As you can see - everything worked as expected, but after we updated the server the search, which is powered by ElasticSearch was not working. The “ElasticSearch”-Windows-Service just crashed on startup and I’m not a Java guy, so… we fixed it by removing the search feature and reinstall it. We tried to clean the cache, but it was still not working. After the reinstall of this feature the issue went away.

Features

Azure Server 2022 is just a minor update (at least from a typical user perspective). The biggest new feature might be “Delivery Plans”, which are nice, but for small teams not a huge benefit. Check out the release notes.

A nice - nerdy - enhancement, and not mentioned in the release notes: “mermaid.js” is now supported in the Azure DevOps Wiki, yay!

Hope this helps!

Use ASP.NET Core and React with Vite.js

Sat, 11 Feb 2023 01:15:00 +0000

The CRA Problem

In my previous post I showed a simple setup with ASP.NET Core & React. The React part was created with the “CRA”-Tooling, which is kind of problematic. The “new” state of the art React tooling seems to be vite.js - so let’s take a look how to use this.

Step for Step

Step 1: Create a “normal” ASP.NET Core project

(I like the ASP.NET Core MVC template, but feel free to use something else - same as in the other blogpost)

Step 2: Install vite.js and init the template

Now move to the root directory of your project with a shell and execute this:

npm create vite@latest clientapp -- --template react-ts

This will install the latest & greatest vitejs based react app in a folder called clientapp with the react-ts template (React with Typescript). Vite itself isn’t focused on React and supports many different frontend frameworks.

Step 3: Enable HTTPS in your vite.js

Just like in the “CRA”-setup we need to make sure, that the environment is served under HTTPS. In the “CRA” world we needed to different files from the original ASP.NET Core & React template, but with vite.js there is a much simpler option available.

Execute the following command in the clientapp directory:

npm install --save-dev vite-plugin-mkcert

Then in your vite.config.ts use this config:

import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
import mkcert from 'vite-plugin-mkcert'

// https://vitejs.dev/config/
export default defineConfig({
    base: '/app',
    server: {
        https: true,
        port: 6363
    },
    plugins: [react(), mkcert()],
})

Be aware: The base: '/app' will be used as a sub-path.

The important part for the HTTPS setting is that we use the mkcert() plugin and configure the server part with a port and set https to true.

Step 4: Add the Microsoft.AspNetCore.SpaServices.Extensions NuGet package

Same as in the other blogpost, we need to add the Microsoft.AspNetCore.SpaServices.Extensions NuGet package to glue the ASP.NET Core development and React world together. If you use .NET 7, then use the version 7.x.x, if you use .NET 6, use the version 6.x.x - etc.

Step 5: Enhance your Program.cs

Back to the Program.cs - this is more or less the same as with the “CRA” setup:

Add the SpaStaticFiles to the services collection like this in your Program.cs - be aware, that vite.js builds everything in a folder called dist:

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
builder.Services.AddControllersWithViews();

// ↓ Add the following lines: ↓
builder.Services.AddSpaStaticFiles(configuration => {
    configuration.RootPath = "clientapp/dist";
});
// ↑ these lines ↑

var app = builder.Build();

Now we need to use the SpaServices like this:

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");

// ↓ Add the following lines: ↓
var spaPath = "/app";
if (app.Environment.IsDevelopment())
{
    app.MapWhen(y => y.Request.Path.StartsWithSegments(spaPath), client =>
    {
        client.UseSpa(spa =>
        {
            spa.UseProxyToSpaDevelopmentServer("https://localhost:6363");
        });
    });
}
else
{
    app.Map(new PathString(spaPath), client =>
    {
        client.UseSpaStaticFiles();
        client.UseSpa(spa => {
            spa.Options.SourcePath = "clientapp";

            // adds no-store header to index page to prevent deployment issues (prevent linking to old .js files)
            // .js and other static resources are still cached by the browser
            spa.Options.DefaultPageStaticFileOptions = new StaticFileOptions
            {
                OnPrepareResponse = ctx =>
                {
                    ResponseHeaders headers = ctx.Context.Response.GetTypedHeaders();
                    headers.CacheControl = new CacheControlHeaderValue
                    {
                        NoCache = true,
                        NoStore = true,
                        MustRevalidate = true
                    };
                }
            };
        });
    });
}
// ↑ these lines ↑

app.Run();

Just like in the original blogpost. In the development mode we use the UseProxyToSpaDevelopmentServer-method to proxy all requests to the vite.js dev server. In the real world, we will use the files from the dist folder.

Step 6: Invoke npm run build during publish

The last step is to complete the setup. We want to build the ASP.NET Core app and the React app, when we use dotnet publish:

Add this to your .csproj-file and it should work:

	<PropertyGroup>
		<SpaRoot>clientapp\</SpaRoot>
	</PropertyGroup>

	<Target Name="PublishRunWebpack" AfterTargets="ComputeFilesToPublish">
		<!-- As part of publishing, ensure the JS resources are freshly built in production mode -->
		<Exec WorkingDirectory="$(SpaRoot)" Command="npm install" />
		<Exec WorkingDirectory="$(SpaRoot)" Command="npm run build" />

		<!-- Include the newly-built files in the publish output -->
		<ItemGroup>
			<DistFiles Include="$(SpaRoot)dist\**" />  <!-- Changed to dist! -->
			<ResolvedFileToPublish Include="@(DistFiles->'%(FullPath)')" Exclude="@(ResolvedFileToPublish)">
				<RelativePath>%(DistFiles.Identity)</RelativePath> <!-- Changed! -->
				<CopyToPublishDirectory>PreserveNewest</CopyToPublishDirectory>
				<ExcludeFromSingleFile>true</ExcludeFromSingleFile>
			</ResolvedFileToPublish>
		</ItemGroup>
	</Target>

Result

You should now be able to use Visual Studio Code (or something like this) and start the frontend project with dev. If you open a browser and go to https://127.0.0.1:6363/app you should see something like this:

Now start the ASP.NET Core app and go to /app and it should look like this:

Ok - this looks broken, right? Well - this is a more or less a “known” problem, but can be easily avoided. If we import the logo from the assets it works as expected and shouldn’t be a general problem:

Code

The sample code can be found here.

Video

I made a video about this topic (in German, sorry :-/) as well - feel free to subscribe ;)

Hope this helps!