Dotnet logo

.NET Tools

Essential productivity kit for .NET and game developers

.NET Tools

.NET Annotated Monthly | July 2023

Did you know? The acronym “ASP” stands for Active Server Pages, which was released by Microsoft in 1996. In 2002, Microsoft decided to continue using the name, but apply it to their new .NET framework so they added “.NET” to the acronym. Since then, we’ve known this technology as ASP.NET.

.NET Annotated Monthly | July 2023

.NET news

Featured content 

We’d like to thank Andrew Lock for curating this month’s featured content! Andrew is a senior software engineer at Datadog, Microsoft MVP, author of ASP.NET Core in Action, and avid blogger at about all things .NET. You can find him on Twitter and Mastodon, or working on one of his open source projects on GitHub.

A big thank you to JetBrains for inviting me to talk to you about all the interesting .NET things I’ve been looking into recently. The last 12 months I’ve been working hard on the latest edition of my book, ASP.NET Core in Action, Third Edition, which has been updated to .NET 7. As it reaches the final stages of publication, I finally have some time to dig deep into some other topics. 

A tricky problem at work  prompted me to dig deep into SameSite cookies: what they are, how they work, as well as the problems they can cause. In a nutshell, SameSite is an option you can set when you send a cookie from your ASP.NET Core app, just like HttpOnly or Secure. SameSite cookies give protections against Cross-Site Request Forgery (CSRF) attacks by telling the browser to not send cookies in certain situations.

ASP.NET Core has good support for SameSite cookies, so you may well be using them without even realizing! Where things get tricky, is if you need to support legacy browsers. The SameSite specification introduced a breaking change in 2019, such that there’s no easy way to support both the original 2016 and 2019 specification! 

Microsoft’s suggested workaround for the problem is User-Agent sniffing in the server, but that didn’t sit well with me. So I decided to dig into the framework code to see if I could find anything interesting, and managed to find a solution. My proposal involved creating a custom ICookieManager that wraps the built-in ChunkingCookieManager and sets two cookies: one that supports the 2016 standard, and one that supports the 2019. The end result isn’t perfect, but it at least works with legacy browsers!

At the other end of the scale, I’ve been looking a lot recently at some of the work going into .NET 8. We’re still only at the preview stage, but there’s a lot of interesting work going in here, particularly around Ahead-Of-Time (AOT) compilation. I recently tried out the latest AOT templates included in the .NET 8 previews, and the results were impressive: a 7x reduction in startup time! This really highlights one of the biggest features of AOT, and how it could be very useful for serverless workloads specifically.

AOT brings a lot of challenges, and Damian Edwards and David Fowler talked about a lot of them at MSBuild and also in a recent community standup. The root of the issue is the need for the compiler to work out exactly which classes and methods you’re using, which means reflection is a big problem. As a result, .NET 8 introduces several new source generators, including a new generator for working with IOptions and configuration. I’m a big fan of source generators (check out my blog for lots of posts about them) so I’m looking forward to digging in to the minimal API source generator in particular in the coming weeks!

.NET 8 isn’t *just* about AOT, and it’s always fun to read about the new features coming to C#. MSBuild highlighted some of the things you can expect to come in C#12,  and one feature in particular caught my eye: collection literals. This proposal suggests a nice terse syntax, such as [x, y, z] for creating new collection types, whether they’re T[], List<T>, or Span<T>!  On top of that, they propose niceties such as a “spread” operator which could make working with collections much terser.

Another proposal that has caused a bit of a stir is “interceptors”. This proposal allows you to “swap out” a method at a callsite with a completely different method, but which has an identical signature. This could be very useful for some source generators (which is the main use case currently), as demonstrated by Rikki Gibson in this community standup. I’ll be watching closely, and thinking about all the interesting use cases that this could enable, particularly when it comes to AOT!

Programing tutorials and tips 

.NET tutorials and tips

Related programming tutorials and tips:

  • Biggest scam in software dev? Best Practices. – Smackdown, Derek Comartin style! It’s true that far too many developers use best practices as a crutch, rather than deeply thinking through the problem. They don’t consider that the actual best best practice might be to reconsider simply accepting best practices.
  • Why Your OpenAPI Spec Sucks – So many APIs are missing metadata, aren’t documented, or have the common problems outlined in this post by Sharon Pikovski.
  • What Is Infrastructure as Code? – “How great would it be if I could create and manage my Azure resources using code?” asks (and answers) Claudio Bernasconi. It would be great! 
  • How to choose between REST vs. GraphQL vs. gRPC vs. SOAP – Rather than just sprinting for that new shiny tech, why not let Bruno Pedro demonstrate the pros and cons, and why you might choose one over the other?

Have you tried our new AI Assistant in Rider? Here’s Laurent’s take…

Interesting and cool stuff

And finally, the latest from JetBrains

Here’s a chance to catch up on JetBrains news that you might have missed:

Join us on Tuesday, July 18th, in a new .NET on AWS Twitch show with Matt Ellis, a Developer Advocate at JetBrains, who will do a demo on .NET development with JetBrains Rider and AWS. The livestream starts at 8am PDT / 5pm CEST

⚒️ Check out our .NET Guide! Videos, tips, and tricks on .NET related topics. ⚒️

Blog posts, webinars, etc..

Don’t miss this fantastic offer! CODE Magazine is offering a free subscription to JetBrains customers. Get your copy today!

Sharing is caring! So share content that you find useful with other readers. Don’t keep it to yourself! Send us an email with your suggestions for publication in future newsletters!

Subscribe to .NET Annotated

image description