Was Kestrel present in .NET Framework or was it developed specifically for the ASP.NET Core?
I was not able to find an answer to this question by just googling, so I decided to ask it here. I need it because I am intended to work with the ASP.NET Core and would like to know the history of development better, because knowing it allows to better understand the decisions made by developers.
In order to give an official answer to this question, I copy here comments from #AnkushJain and #andrew-morton:
Kestrel is not available for .NET Framework. It is born with the origin of ASP.NET Core.
[In addition] since Kestrel is not a fully-featured web server, you should run it behind IIS or NGINX. It was designed to make ASP.NET as fast as possible but is limited in its ability to manage security and serve static files.
Related
We are trying to implement single sign on, across multiple domains from MVC 4 application to .Net Core application.
MVC 4 to MVC 4 it's working fine with MachinKey, but not with .Net core.
How can we implement SSO to share the same authentication with all other application in MVC4 and .Net core application.
Identity Server can do this. Identity Server version 4 will be supported and free for as long as .NET Core 3.1 is supported. After that, you'll need Duende Identity Server, which is the next version, available on a commercial licence.
You can also do it with OpenID Connect (AKA OpenIddict) which is free for the foreseeable future, but that will probably need you to write a bit more code.
I have used both.
Both of them are agnostic to the type of client applications, so your clients can be MVC4, .NET Core, Xamarin, React, anything at all. Both of them have good templates that you can download and get started quite quickly with a simple scenario.
Unfortunately, in my experience, making meaningful extensions or changes to the templates (such as what you're proposing) was difficult and required in-depth knowledge of internet security concepts, studying the documentation and source code of whichever library that you choose.
I have tried really hard to learn but I still find it difficult, so I wish you good luck!
Here are the sample projects for IdentityServer4:
https://github.com/IdentityServer/IdentityServer4.Templates
And here is the documentation on how to get started:
http://docs.identityserver.io/en/latest/
Here are the sample projects for Open Id Connect:
https://github.com/openiddict/openiddict-samples
And here is the documentation:
https://openid.net/connect/
I'm looking for best practice advice/guidance (perhaps from Microsoft?) regarding denial of service (DoS) protection/mitigation for ASP.NET Core web applications.
The main two options I have found so far are:
AspNetCoreRateLimit (ASP.NET Core middleware)
Dynamic IP Restrictions (IIS module - assuming the site is hosted in IIS).
It seems like there are a number of pros and cons to consider when choosing one of these options over the other, so it would be good to understand what those are, and indeed if AspNetCoreRateLimit is intended to be used alongside Dynamic IP Restrictions or not.
Also note that AspNetCoreRateLimit is not part of ASP.NET Core releases from Microsoft, therefore I'm curious to know what Microsoft's official guidance is.
If you have a public facing website and want to prevent DDoS, doing it outside your ASP Core app would be the best method. You should investigate services like ClouldFlare.
Does ASP.NET Core offer any platform-independent way to access standard paths, such as where data or configure files are supposed to be saved? Modules such as Qt's QStandardPaths are very helpful to prepare Qt applications to be deployed in a platform-independent way, but unfortunately I haven't found any similar service in ASP.NET Core. Does anyone know if anything like that exists in the .Net core or ASP.NET Core platforms?
You can use Environment.GetFolderPath.
This blog post provides more info on how the API behaves cross-platform.
i need few reason for which people mixed ASP.Net MVC and web-api in same project. when we can develop a full project in mvc only then why web api need to include. also we can host webapi project separately which can server request to MVC and other devs or mobile devs etc.discuss the reason and advantages.
some one answer :
We have recently built a project within MVC and WebApi, we used the WebApi purely because from a Mobile Apps perspective. We allowed the mobile dev guys to call our methods within our MVC application instead of them having to go and create the same function.
WebApi allows to create services that can be exposed over HTTP rather than through a formal service such as WCF or SOAP. Another difference is in the way how WebApi uses Http protocol and makes it truly First class Http citizen.
still the above answer is not clear to me and i think this is not the reason for which people mixed ASP.Net MVC and web-api in same project.
so anyone mind to discuss the actual reason and advantages with example scenario.
thanks
Each have a purpose. Most of the time it's usually caused by legacy code. I know we included documentation which used MVC, but we're fully webapi.
FYI, was MS's auto documentation for WebApi ironically.
I am wanting to build a Restful API using WCF however I am struggling to make a decision on how to accomplish this.
The WCF Rest Starter Kit was developed for .Net 3.5 and has not progressed past Preview 2. Although it can be used within the current .NET Framework and within Visual Studio 2010 it seems from my research to be dead in the water and superseded by the new WCF Web API which is currently in Preview 5.
On the other hand the WCF Web API is only at preview stage and should not really be used in a production application as many things could possibly change before its release. There is also no indication if its nearing completion and if it’s going to be in the next .NET Framework release and when that is intended to be.
I find myself between rock and a hard place and look to the wider community to provide me with some guidance on this if at all possible.
You should regard this tweet from Glenn Block.
Using ASP.NET MVC for building a Restful API should be straight forward and easy way to do it.
However I've used WCF Web Api with WCF Rest Contrib in production without any problems.
See
Creating REST API with ASP.NET MVC that can speak both JSON and Plain Xml
RESTful Services With ASP.NET MVC
ASP.NET MVC – Create easy REST API with JSON and XML
Maybe OpenRasta is what you are looking for?
See also
RESTful framework alternatives to WCF
I depends on your application. If its a Website (also has views) that offers the REST API using ASP.NET MVC would be less technology, less effort, less know-how etc.
If its JUST an REST API choose what you like more from development style: ASP.NET MVC or WCF Web API