Handcrafted, AI-free blog posts about DevOps, DevSecOps, application security, web development, Azure and similar topics
In my work as a software developer, I have already been involved in numerous existing .NET software projects. Nearly all of these existing code bases had at least one thing in common: application configuration was not obvious. But why? Especially in the .NET ecosystem everything required to make it obvious is there. In this blog... Continue Reading →
The blog post details the process of rotating secrets stored in Azure Key Vault with each application deployment, utilizing Infrastructure as Code (IaC) principles via Terraform. It emphasizes the importance of secret rotation to minimize risks from leaks. An ASP.NET Core Web API is demonstrated as the application example, alongside procedural GitHub Actions for deployment.
This blog post guides the configuration of Serilog for a .NET Core Web API running on an Azure App Service. It covers logging requirements and implementation, including Serilog setup in Program.cs and appsettings.json. It also provides instructions for querying logs in Azure Application Insights and streaming them using Log Stream in Azure App Service.
The author was tasked with setting up a CI/CD process for a Blazor application using JetBrains Space. They had experience with other tools like Azure DevOps and GitHub Actions but found implementing pipelines in Space challenging. They struggled with creating the necessary automation scripts and host parameters. Despite good documentation, they found the CI/CD features lacking in predefined steps and tasks for standard cases, leading to unnecessary effort. They were also concerned about the exposure of project-wide secrets as plain text in runtime parameters.
The blog post discusses transitioning from SQLite to Testcontainers for .NET to run integration tests for ASP.NET Core applications. The author encountered limitations with SQLite when running complex Linq queries. While alternatives like Mocking, EF Core In-Memory Database Provider, and LocalDB were considered, these were found to be wanting. Instead, Testcontainers was chosen for its simple setup, good documentation, and excellent integration with MSSQL servers. This approach does necessitate Docker being installed and operational on the local development environment.
The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.
The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.
This post is about the integration of SonarCloud analysis in Azure DevOps YAML pipelines starting from a basic scenario that analyzes a repository containing a .NET Core 7 solution and ending up with a more complex scenario that analyzes a repository that additionally contains a React application and Terraform files.
Recently I faced the following problem: a React (v18.2.0) frontend application that uses axios (v1.3.6) to fetch data from an ASP.NET Core Web API did not behave as expected when it comes to deserialization of JSON datetimes to Typescript type Date.
I recently implemented ASP.NET Core integration tests in a project I am working on. I have followed the official documentation, which was extremely helpful. The system under test (SUT) is an ASP.NET Core Web API (.NET 7) implementing backends for frontends (BFF) pattern. To follow security best practices we enabled HTTPS redirection in all stages... Continue Reading →
blog.rufer.be 