The Monsters Weekly - Episode 64 - HTTPS Strict Transport Security

SSL is a fabulous tool for encrypting your HTTP sessions and it is becoming cheaper every single day. However there are still some possible attack vectors even if your site uses HTTPS. In this episode we'll take a look at the HTTPS Strict Transport Security (HSTS) headers and how you can set them up to close one of the loopholes in SSL.

 

Links!

OWASP cheat sheet on HSTS

HSTS Preload List

Andrew Lock on ASP.NET Core Security Headers

 

The Monsters Weekly - Episode 63 - Model Binding in ASP.NET Core

Action parameters in ASP.NET Core MVC are automatically populated for you (as best they can be by the default model binder) from the incoming request using a series of conventions. You can bind primitives and complex types, lists, and even lists of complex types. Join Monster James as he walks through all of these concepts.

Be sure to check out our previous episode on routing, which explains the premise of route tokens discussed in this video.

Here's a Handy List of Social Login Providers

If you would like to have your web site use a social identity provider rather than creating or maintaining your own identity store you’ve got options.

The Monsters Weekly - Episode 62 - You are probably using HttpClient wrong

Retrieving data using the HttpClient is a fairly common practice in any number of applications, but HttpClient can easily be used incorrectly frequently with dire consequences. Make sure you're using it correctly in the latest ASP.NET Monsters video. 

Here are some references and other interesting reads:

 

You're using HttpClient wrong and it is destabilizing your software

I’ve been using HttpClient wrong for years and it finally came back to bite me. My site was unstable and my clients furious, with a simple fix performance improved greatly and the instability disapeared.

Imgur

At the same time I actually improved the performance of the application through more efficient socket usage.

The Monsters Weekly - Episode 61 - Building APIs with Darrel Miller

In this episode of the Monsters we are joined by community expert Darrel Miller, and we talk about a wide variety of API development topics ranging from standards to best practices to doing things wrong (i.e., anything to do with versioning). We also have a pretty good chat about API Management in Azure (Darrel is on that team, making it better one byte at a time).

The Monsters Weekly - Episode 60 - Projections with Entity Framework Core

Join Monster Dave as he takes a deeper look at queries generated by Entity Framework Core. Learn how to generate efficient SQL queries using LINQ Projections as we continue building RawwwwR, our almost functional Twitter clone.

 Related Episode:

EP57 - Loading Related Data with EF Core

The Monsters Weekly - Episode 59 - The Razor View Engine with Taylor Mullen

In today's episode, we learn about Razor from special guest Taylor Mullen. Taylor works for Microsoft on the ASP.NET team where he works on the Razor view engine.

Regardless of whether or not you've been on MVC for some time, or if you've continued on with Web Forms, chances are you seen or worked with Razor. Further odds suggest that you may have learned syntax, but a lot of folks (Monsters included!) still had questions about the inner workings.

Why are there different ways to switch to code? How can I be more terse in my syntax? More explicit? And where have the bumblebees gone? Fire up Visual Studio and mash along with us as we dive into the details of Razor syntax.

For more information on topics in this episode:

Be sure to check out Taylor on Twitter.

The Monsters Weekly - Episode 58 - Nginx, Kestrel and SSL

In an earlier episode we explored how to use Nginx to front a Kestrel server. In this episode we will explore adding SSL and HTTP 2 using Let's Encrypt for a free certificate. 

References:

Our blog post about doing this: http://aspnetmonsters.com/2016/08/2016-08-07-nginx2/

Nginx home page: https://www.nginx.com/

SSL labs test tool: https://www.ssllabs.com/ssltest/

The Monsters Weekly - Episode 57 - Loading Related Data with Entity Framework Core

Entity Framework Core doesn't support lazy loading yet which means you need to explicitly tell Entity Framework what related data to include when querying for an entity. In today's episode, Monster Dave shows us how to load related data using the .Include and .ThenInclude extension methods.