For many developers, deployment may no longer be the same-old, same-old process of delivering an application to be hosted in IIS running on a Windows server. In fact, for any ASP.NET Core MVC application, your application will be running in Kestrel, but as a host Kestrel doesn't support things like SSL termination, multiple port binding or multiple host headers? How are we going to make this work? And what is a reverse proxy?

Check out these previous episodes on nginx and kestrel:

• An Intro to Nginx
• Nginx, Kestrel and SSL

Looking forward to your comments and questions!

Follow @aspnetmonsters

.NET Standard is a new way of thinking about the API surface area of various different .NET frameworks and the platforms on which they run. Moving away from the confusion of portable class libraries .NET Standard allows for easier to comprehend libraries support matrices and a low friction approach to building libraries. 

References 

XKCD - Standards

Introducing .NET Standard

.NET Standard Platform

Follow @aspnetmonsters

Can you believe we've gone 70 episodes without talking about unit testing in ASP.NET Core? We've avoided it for as long as we could and it's time to finally write some times. Join Monster Dave as he gives us a brief overview of xUnit and unit testing in ASP.NET Core!

Additional Resources:
Microsoft Docs on Unit Testing
xUnit Docs

Follow @aspnetmonsters

In some situations, it might be convenient to have access to some ViewData, ModelSate or even HttpContext information from within a Tag Helper. Join us as Monster Dave shows us how to do just that using ViewContext.

Follow @aspnetmonsters

Logging can help give you critical information about what was going on in your system when things went south. But how do you keep track of details for a request when the logs span multiple services? Join Monster James in this episode to discover how you can leverage logging scopes to help filter out a segment of a request and all the details related to a particular section of code.

Follow @aspnetmonsters

In this episode we examine the way that MVC activates components using a set of default conventions, and we add a new convention that modifies the available actions available at runtime.

Here's some links related to this episode:

• Sample project on GitHub
• Blog post with deep dive and more details

Follow @aspnetmonsters

There are a number of ways to get your JavaScript from the server to the client, using loaders or zipping files. In this episode the Monsters talk off the cuff about how to move files from the server to the client. They also, weirdly, forget to talk about CDNs. 

Follow @aspnetmonsters

Cross site scripting attacks or XSS are still one of the most common ways to attack a website. If you're not properly sanitizing your inputs then you too could be vulnerable. Thank goodness that Content Security Policy headers came along to offer us a powerful tool to avoid falling pray to these attacks.

Resources

CSP header generator http://cspisawesome.com/

Follow @aspnetmonsters

Have you ever wanted to check if a user is authorized in code instead of using the Authorize attributes for a Controller / Action method? In today's episode we dive in to the IAuthorizationService which allows you to programmatically check if a user is authorized.

Follow @aspnetmonsters

SSL is a fabulous tool for encrypting your HTTP sessions and it is becoming cheaper every single day. However there are still some possible attack vectors even if your site uses HTTPS. In this episode we'll take a look at the HTTPS Strict Transport Security (HSTS) headers and how you can set them up to close one of the loopholes in SSL.

Links!

OWASP cheat sheet on HSTS

HSTS Preload List

Andrew Lock on ASP.NET Core Security Headers

Follow @aspnetmonsters