(e.g Serilog, Application Insights) • Use logging as the first step towards diagnosing problems with your application • Changing the verbosity is possible without an application restart • To avoid logging too much information, pick specific categories to bump the verbosity for • ASP.NET logs to various places: • ANCM (IIS) – Logs to the EventLog when it fails to launch the process • ANCM also uses regular IIS failed request tracing • Unhandled exceptions are logged to the configured logger providers by default
changes • Reload options objects from underlying configuration when they change using IOptionsSnapshot • Use IConfigureOptions<> when you require other services to configure an options object • Keep environmental configuration local to the environment it applies to by using user secrets, environment variables and platform config stores like Azure KeyVault • Set environment variables local to the application via IIS in the web.config file
by the browser then put them in the web root • Simplest way is to use MVC controller that accepts IFormFile or IFormFileCollection • Low-level access via HttpContext.ReadFormAsync and HttpContext.Form • Check HttpRequest.HasFormContentType before reading the form • Block user from uploading anything that can execute on the server (unless it’s a feature e.g. cshtml files) • Large files are buffered on disk to avoid memory bloat • Sanitize file paths sent from client before saving on server • For large multipart uploads, don’t use model binding. Manually read using HttpRequest.GetMultipartBoundary() (1.1.0 only) • IIS Limits still apply!
(no async constructors) • Avoid manually calling GetService where possible the built in container can do a better job if it can see the object graph • Disposable transient services are captured by the container for disposal. This can turn into a memory leak if resolved from the top level container • Turn on scope validation to make sure you don’t have scoped services capturing singletons • https://github.com/aspnet/Mvc/commit/85ca3e4976d841425412fb987a6f38 dbbaa0a6eb
c) Public C() Compiles to: new A(new B(new C())); Service Locator public A(IServiceProvider sp) { _b = sp.GetService<B>(); } public B(IServiceProvider sp) { _c = sp.GetService<C>(); } public C() Compiles to: new C(); new B(GetService<C>()); new A(GetService<B>());
• Tag Helpers • Handling attribute values correctly • Ensure file existence before processing files specified in attributes • Using TempData for Post-Redirect-Get state
all consumers have access to the http context. • HttpContext.Get/SetFeature – For adding a capabilities to the HttpContext. E.g. IHttpSendFileFeature, IWebSocketFeature • Scoped services – Services that have a lifetime that matches the http request (or any other scope). • Use the IHttpContextAccessor to access the HttpContext outside of a request context.