ASP.NET Community Standup - HTTPS Updates in ASP.NET Core 7

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] foreign [Music] foreign [Music] [Music] foreign [Applause] [Music] foreign [Music] foreign [Music] and hello good morning I accidentally hit the wrong thing we're actually live or on the wrong twitch very exciting so now I hope we will we will be going right live on the right switch okay okay very exciting Welcome Damien thank you John yeah so today we're talking about https updates on dot Net 7 ASP Network whatever yeah um cool I will start in with the community links and then we'll hop on over it let me just verify that we actually yes okay let me see visuals no that's not right either oh my gosh so I want to remove that romance I want to go live on I think somebody changed these around here oh no I don't actually see okay yes that was right thank goodness they're not like um yeah this is quiet people saying I'm a bit quiet some reason my mic is turned down let me turn it up a bit how's that right I'm now four dots higher than I was before that is perfect lovely perfect okay let me refresh I will see now actually here I'll turn myself down okay it's all gonna be wonderful let's go for it I'm gonna start by sharing the community links all right here are the links we've got for you this week bring that sandwich bring this out okay the links are also here and they are in the description and let's go so first of all um so first of all this is just a neat thing I saw Tim huarachary yesterday uh Visual Studio extension that does jot token decoding nice that's yet another option for people that are like 14 popular options for decoding jot tokens that I admit I didn't know about until I started looking at it in more depth this year Tim ping that ping me with that when he uh yeah so there's that one that's jot dot IO oh yeah sorry that's Ms which is the one that was built by someone on the identity team I believe and then we have jot dot IO is very popular uh wider circles as well and then I use this uh Windows app called Dev toys oh yeah yeah yeah an offline one and it has a whole bunch of tools not just jot decoding but like all types of decoders converters generators formatters etc etc and I use that which is pretty cool yeah so that's that's nice and you get that in the Windows store so it updates automatically that's right I think it's a win UI app um and then now we've got Tim building something into Visual Studio via an extension pretty soon we're going to need the jot um extension the jot tools community stand up yeah it must be a very common thing yes like it's it's a it's a thing that people have to do quite regularly when they're working with jot it seems okay so uh next thing here Christopher did this cool thing uh he's actually been working on this for a bit this is a Blazer SVG editor and what he's done here is he's now adding in animations um so it's just uh pretty it's like it's in browser SVG editor and it shows the SVG as you're editing it and here he shows you know creating this little animation and then playing it back so let's just a neat little thing it's always cool to see what people are building and it's also neat when to see what people can build kind of more quickly if they're net devs you know building stuff with blazer working with web standards dev's building like design tools like GUI design tools is still like magic to me it's like it's such a world that I have absolutely no experience in as a developer I'm just like how would you even stop building a tool that like the data structures or things that are going to be drawn on the screen and like the interaction model is you select this thing and then you've got handles and do curves I just like it blows my mind like I'm I'm a forms over data like design with devtools it makes it like this is data kind of it's XML so yeah you know it's kind of but even like the interaction model right like like yeah like doing those like select everything and then oh it just it blows my mind that type of building that type of interactivity is uh is a whole other type of programming yeah yeah that's pretty cool so uh so here's his repo you know it shows shows he's out of course got a uh interactive thing this is of course neat that you can run laser and GitHub pages so he's got you know an interactive tool here and um so here you can you can you know decompose the the.net Pod if you wanted to and stuff so that's pretty cool yeah uh this is just something that popped on my uh my Twitter feed this is.net book study um Alana and a friend whose name is not listed in ready um view so I'm not going to say it but Alana has started this and um it's just a bunch of short YouTube videos very beginner friendly and uh going it's gone through uh they've gone through some books like for instance um Nate marboutini's um little asp.net book and some other things so cool this just looks like a very you know kind of welcoming Community as you're getting started including some things like that net interview questions um so okay so these are people kind of learning in the open right yeah exactly so and and uh so you know an invitation to join so just thought I'd sure very cool all right uh I saw on The Hacker News last week that beat three came out it's it's written v-i-t-e but I watch the things and you pronounce it as in French because it's fast and um so anyways V is a kind of like a scaffolder and like it's used by view but it also works for um a lot of other front end things and so I went looking around and this looked like one of the places where there's some project templates for it wow I have never heard of it until yes now there's just it's constant right there they keep coming out um I did play with it a bit very um very fast and it's also cool that it supports like view react react with spell um so it's it's kind of an agnostic tool and so yeah so it it's it's not a templating language it's not a spa framework it's a tooling thing Veet yeah it's kind of so I'm I know I'm going to say many things wrong and people correct me but it's kind of like a scaffolder on a holster so it will basically it does all the hot reload hot module reload um and honestly like looking at it after playing with it for a bit I'm like I kind of wish we just shipped a template with this because people ask do you ship templates for view do you ship whatever you know and um and of course what ultimately happens is when we finally decide to do that we're on to the next one then we're always on to the next one yeah like as Maxim says it is kind of like webpack too so it replaces in the infer doing webpack wow that's what it felt like it felt like you know that grunt to gulp to webpack to the Spas having their own front-end clis this seems like as powerful as like the angular CLI or but it's agnostic agnostic and also built using um built using modern standards so for instance the the JavaScript module system um so in other words they're like we don't need to do all of the like crazy stuff with bundling when we can just actually it's like beat that Khalid says it's a Dev environment in quotes whatever whatever that means what do they call it next Generation friends and then they have a thing on kind of a why why beat they're going to make me read a whole bunch of stuff ah all right someone just give me the you want this because okay look at this does that look complicated it looks complicated to me and then it should be it's an architecture diagram so.net devs will love it I don't know honestly I I like want to dig a little more into this and maybe do a stand up if there's somebody building something yeah it's interesting like I'm it I haven't it's hot you know like anyone it's hard to keep up with everything we typically have a fairly broad but thin understanding of stuff that's going on but this one has completely missed yeah like many things then I was like oh I shouldn't see if I can build a template for V and it's like somebody's been I've already done it yeah don't you love that that's great so there you go everyone there it is if you like it Go and use the template so and what's neat with this then is because he's building it on top of V then you've got templates for review and a bunch of other stuff so here at.net new V and then you know like use the you framework so super interesting okay all right uh let me see okay azd uh so this is the uh introductory um or the public preview of the Azure developer CLI azd so okay I got a um I I got a kind of like an internal preview of this a little bit and um the idea from my understanding what I really took away from it is that we've already had the Azure CLI right but it's very infrastructure focused right it's about creating resources and regions and subscriptions and all those type of things yeah yeah very very yeah person Building Solutions and apps yeah yeah so a lot fewer commands and a lot more kind of like about your developer workflow and you know kind of fast yeah it's a very like iterative for creating and you know um also built on top of some templates um so there's you know different application templates to build on top of oh I see so you can like say oh init for example right here is building an app of some sort I tried to zoom and I went crazy let me see if it's yeah so I'm they're in a directory they have some app which they've either cloned or they've created as you said if it's a template I guess they must have some sample oh yeah they go select a project template look at that to do python okay yeah so and then and then this azd app which I know you know people have talked about over time the idea of kind of like do some work and then you just up and you know hear like Monitor and stuff it's interesting isn't it like I think back to all those years to when we first started seeing hosting providers you know embracing this idea of really simple like get my app up as quickly as possible it was like it was a hub up and those things like way back in the day app Harbor yeah yeah like and then you know I think they're gone they're long gone now I think but that that idea of just like I've got a running app here I want to get it running over there please as quick as I can um it's still super appealing and yet still seems elusive like it's still like there's there's still so long because things get complicated right like everything from once you get Beyond hello world everything gets hard yeah exactly and and it's always hard to like there's always this kind of feature create and there's always you know it's on a very small scale in the realm of things that I deal with it's like I've worked on workshops and there's always a thing over the year of the years of like hey let's add testing to the workshop let's add you know um let's add this new JavaScript front end of the framework let's add this let's add that and and pretty soon like this Workshop is now it's an eight day course you know and it's like right so anything controlling the scope and I'm sure like you deal with this all the time and which products you ship yep you know and which are like kind of out of thought like I thought of this lately with blazer quick grid yeah like it's an amazing grid I love it and it's also pretty smart that they're not actually shipping it in the box with laser you know right it was intended my understanding of the quick grid stuff is it's explicitly intended to to demonstrate how to build performant components um and what is possible uh because there had been a theme of feedback that oh you know there are grids but you know they're not as great as I would expect them to be or whatever it might be um and I think the Blazer team was like yeah like we need to build some things that let people see how to do these things well it is possible this is how you do it um yeah bootstrap I guess the the the ecosystem for some of those stuff like a bit like kind of the surface devices this is how laptops should be here you know except obviously we make money on those as well but yes but yeah and like before that I guess the Ultrabook movement and stuff from from Intel and whatnot but it's interesting like when you're talking about just then about uh facing this when it comes to workshops like you know teaching a one-day Workshop or a two-day workshop and you might have 30 people in a room or online and you're trying to put together as much valuable content for those folks so they get their money's worth uh it's so difficult like I I think of if you were going to a workshop about how to build Furniture you'd be disappointed if the first step was unpacking Ikea flat pack and then like the the two-day workshop was literally putting together a couple of Ikea units but but you can imagine like you can't do much more like you're not going to go out in Social obviously but you know even like preparing choosing Lumber and then preparing it and cutting it to size and measuring like or you couldn't do that in two days like an instruction in an instructing kind of environment obviously once you're skilled you probably can and so it's always that battle of like is it an unrealistic expectation that folks have whether it's um going to training or even using a product that this should be easier like okay okay like I we always strive to make things simpler as you alluded to though when we talked about the CLI here um that very quickly and it's very easy to fall into the Trap of scope creep it just needs to do one more thing it just needs to do one and then suddenly you've got a complex thing now where each thing you added made sense in the context of itself and it was simple in that scenario but now when you try and we talk about we use the word composition a lot and compose when we talk about our product design um when you try and compose things together use feature x with feature y um which may have been built at completely different times and solved you know look came out from different lenses um things are suddenly really complex because yes feature y assumed a bunch of things but feature X assumes different things or wants to do one of the assumptions that y has differently and now the abstraction isn't open enough so that you can you know plug something in all that adds complexity if you do that so we're constantly um you know dealing with that as framework designers and as product designers in general um and I if I was going to like try and find one thing to boil all customer feedback down into it's this problem right here it's like how do we walk this line between flexibility and composability and simplicity or making it just functional enough so that people can get their jobs done yeah and we can do it in a mass Market kind of way as well so yeah it's interesting you know it's so true it's the composition of multiple things that makes it complicated right and so like uh an area that this has come up and we've had some shows and we you know we've discussed this as is authentication because it's like okay I have this sort of back end I have this sort of front end I have this sort of you know Spa I have this you know authentication requirement and now the the like multiplicative things whatever it's like oh I mean the world got super complicated right like I remember in the early 2000s when dotnet started but like the the there were obviously there were heterogeneous I.T departments like I worked in a company and I was a you know developer um we used Oracle databases and we had some Java and we had and then we started off doing a whole bunch of net stuff but everyone's all the humans who used the software signed into windows with an active directory account yeah um and before that a domain account um and then they used Internet Explorer which seamlessly signed them into any intranet site because IIs had Windows authentication where your app ran and net supported obviously Windows authentication and so the most complex thing when it came to auth was like do they have a Windows account are they signed in well obviously yes if they're working here yeah and then when it comes to authorization it was typically are they a member of this Security Group like that was as complicated as it typically got or if you were doing resource-based authorization like can they edit this record you just like you add it to the database query like oh take the username you know pass that as a parameter to the database query and then that will either return a record or it won't and if it doesn't then they mustn't be authorized or something like that and then as you said there's the world God complicated and we got smart devices and we got you know different form factors and wireless and like Federated authentication like exploded in the world um let alone different browsers which didn't really exist different app models you know different and then different app models like you know back then was like you had like a Windows app or you had a web app and like the web app was the big disrupter um but again with seamless login it didn't really matter as long as you were using Windows auth um and then like you know fast forward 15 20 years and the world is just so complicated so I think you know then when you go to the docs and you're like why can't I find out how to log in to oauth with you know this sort of API backend on this version talking to this database you know with this security requirement it's like well you know if you multiply that out there's 10 million different permutations you know yeah and the variables aren't fixed like the number of variables changes year to year because you've got versions of platforms as well which may or may not support the latest um authentication flow um or then with browsers we keep having vulnerabilities in the sense that someone will find an exploit in what was previously thought to be a secure way of storing a credential in the browser for a spa for example and so a new flow is designed or the browser manufacturers try to get together to change the standard and then literally like change how cookies work which is going on right now and has been going on for a few years now and uh with varying levels of success I think it's fair to say um and then you know let alone like framework designers keeping up with that behavior like trying to keep up with that as a as a customer as an app developer I totally empathize with how difficult that is now job is obviously to try and make it as approachable as possible but as you I think you're pointing out our job is also to make sure that people can cater for any of the variable combinations that they might have because everyone has a unique environment you know very few people are doing hello world deploying to Azure and only have clients running in one browser and you know like it's it's generally a complex mess for most people and so we need to support anything so it means we need to give you all the hooks and all the stages and all the concepts and we need to be constantly updating it but that can make it difficult if you're new or you just have a fairly simple scenario because you do for you for your use case it feels like you have to navigate a lot of complexity to get something simple done so it's a constant thing like this is an area where shining some light on at the moment um you know the auth thing has come up very recently uh in the last six months multiple times in different forums in in the whether it's on Twitter or Reddit or on our GitHub issues or a blog post or in customer interviews and whatnot and it's like yeah like there's there's a there as we say like we need to do something um and so we're trying to figure out what that might be and in that context a few of us have been uh experimenting with some stuff just to try and and I mean frankly we're trying to build some customer empathy like we're trying to do some things that our customers have to do that we have previously made product decisions that mean that there isn't a tanky solution for them so we're going off a few of us at the moment and just trying to do those things like what is it what does it actually feel like to try and have to do the thing that we've told you or implied that you have to do so we'll see where that leads well so the one of the next things I had on here Blazer identity right so this is an example can you explain this but yeah so back in oh I want to say version three we did the last round of kind of so let me clarify some terms first like asp.net core Identity or asp.net identity before that is like a sub product it's a part of asp.net core the word identity there is encapsulating a whole bunch of API surface and functionality and even like UI that lives in your application so when you build an asp net app uh including like an aspenet web forms app with like katana like the current espnet web forms in visual studio if you go and create a new application um you say I want to allow the user to log in with individual accounts I think that's the term that we use in the template um you're using asp.net identity and what happens is you know when you the user clicks login they type in a username and password um and then that gets stored with your application like you're actually effectively doing your own identity management um the the database schema the code that accesses the database all the functionality about registering new users signing in recovering lost passwords two-factor authentication gdpr compliance items like downloading my profile data deleting the account I'm setting up two-factor auth providers social login all of that stuff email verification right SMS verification all that type of thing that you consider that you associate with letting people sign up to your website and use it is the asp.net identity product and that's all about when you own the data basically and people sign in with username and password or a Twitter login or you know whatever custom login type that you that you implement it's all those apis um so back in asp.net core 3 before that when you would choose that option in asp.net core 2x you would get like in an MVC app you would get a controller called like the identity controller or the auth controller or something and it was like 500 lines of code that would get dumped into your project was really scary and it was quite scary and then you would get all the views that supported that controller because all the things I just mentioned have UI that the user interacts with right the register View and the login View and the forget I forgot my password view Etc and it was literally like dozens of Cs HTML files dozens and dozens so it had some advantages like you could very clearly see what was going on uh after you created the project uh and you could just then go and customize it the disadvantages obviously was the template was huge like it had a lot of code yeah right and it was it was a bit of a maintenance it was somewhat of a maintenance um burden because maintaining template code from our point of view as as the software engineering side of what we do with the product we ship is quite different to maintaining Library code um it's it's a very different test Paradigm it's a different packaging and deployment Paradigm and so there's a lot more overhead in maintaining templates as anyone who's ever written templates and had to maintain them and version them and react to your own API changes is in the templates yeah they're quite fragile um and so we wanted a way to make it less imposing so when you created a project you didn't have these hundreds of lines of code and lots of views and whatnot the other thing that was critical was that well what if I forgot to add to tick that tick box yeah project creation and now I want to add it after the fact we didn't have any story for you in fact the legitimate recommendation was create a new empty project and then copy and paste all the code over right I remember sitting in hotel rooms before presentations going like oh shoot I need identity for this yeah yeah that was the that was like the the premium experience that we had so we in in Asia 3 I think it was we basically built what we call identity UI so it was identity with UI on the end of it and that was a library that had all of that stuff in it it didn't just have the controller in it as a you know you can put a controller in a library and your app will find it and all that type of stuff it um it's actually all the UI components as well because we we we firmed up the our story around reusable Razer sort of things I won't say components because that's a different thing in Razer yeah but reusable razor things like views um and Pages um we firmed up a good story around that and partially because we wanted to do this identity UI thing and so in asp.net core 3 we after we built razor pages and 2x we made a decision to build the identity UI that we were building on Razer Pages rather than views and so going back to the the burden of Maintenance before that we had two copies of all the identity stuff because we introduced ASP Network razor pages and we had to rewrite all the identity views to be razor pages so that they made sense in the template so you didn't create an app and it had like half views and half pages and so we kind of I don't want to say hid but we we made we made a choice We Made It Razer pages and then we bundled it in a library HP net core idea why they still work together right because of course yeah and of course the other thing we did was we also firmed up some of the the interoperability support between MVC views that eraser and razor pages that are Razer because razor Pages has actually built on MVC under the covers it uses the same view engine and so they can share partial views they can share layouts they can you know all that type of thing and the view lookup logic where you know if you're in a Razer page and you say can you render this partial you just give it a name you don't give it a file path typically you give it a name um it finds it it has like a processor convention it goes through to find things we made sure that those rules were in the order so that you could share views between in one app between pages and and NBC views for example and so you can pull um this UI Library into your MVC application and still override the layout page you can use your layout page or you can like edit the login control the other thing you can do is you can actually say that the library contains 20 Pages because it's about 20 for all the different authentication and identity things if you just want to override one of those like why should you have to bring in all 20 and now be responsible for all of them so the view engine in MVC supports that you you can have it you can have a like a page say I want you to load this view please and it'll find it in your application first before it tries to find it in an external Library like an area and so that's how the identity UI stuff works is that each component in I shouldn't say component each view inside there is low looking for another view or linking to another page by name and then at runtime MVC is looking that up based on what's in your project or in libraries that have been referenced and that's how you're able to override like just the signing page or just the register page or you know three of them and not all 20. so first look for the cshtml file if it doesn't find that it's going to fall back and get it from the nuget package Yeah so basically when you say you know I want to load the view called login it will look in the current directory is there a file called login.cshtml and then it will affect it then it will look in the shared location of your project right which there's actually two now there's one for pages and one for views and one of them has precedence which is the views one because it's the older one so if you want common stuff you typically put it in the views shared folder and then if it doesn't find it there it'll look in configured areas and areas are a feature of MVC they've been around a long time it lets you kind of compartmentalize parts of the application into a separate path and then Beyond there it will then look in registered like libraries like application parts that you've registered with your application um and so then you can have a Razer class library that brings in a view on a particular path and then you can override that if you want to just by making sure the file exists at that path we have a similar features that have been in MVC for like 10 years right like the editor templates so it's all convention like you just say please load this template and it'll look it up based on a hard-coded file folder name like there has to be a folder called editor templates and inside that there has to be a folder called whatever the type is or whatever it is right and so it was very Convention of a configuration back then um so that feature allowed us to build identity y and then uh we made a choice to just build it and raise the pages because we frankly we really just couldn't afford to do it in all the different versions and this is before we even had Blazer um and then we built scaffolding for it so that you could add it to existing projects so you didn't have to choose it file new you could go open an asp net core project in Visual Studio you could write Mouse click say add scaffolded item there was a new category called identity you could click on that then you would get a UI that has every view listed it's like which one of these do you want to override all of them or just these three what's your DB context etc etc and that's how you add identity to an existing project or the command line scaffolder does it too and there's a command line but like frankly the command line is not built for humans it's not really intended for human consumption it's not interactive you have to know all the parameters like it's invoked by visual studio and it's owned by the same team that owns the visual studio experience it really has never been um built as a product intended for command line consumption which shows when you you're in a workshop and you're the unfortunate person not using visual studio for that one case do we ever think of you said interactive and yeah and um do you ever think of doing something like you know there's like Specter and there's some other like console yeah like you know some pretty consoles for net do you ever think of adding like a nice kind of layer on top of the CLI or does that break too much I mean I guess it depends on the context of the question so we have system of command line now which is a new library right the the scli uses this is not command line the new tools that we build you system document line the new user jots tool that's in.net 7 is built on system.com online it is still not as high level as something like Specter um Specter is is a higher level kind of framework that does more how do I put it like it's more kind of opinionated in the structure of how you build commands and those type of things and it has more built-in functions and and methods to like do pretty printing yeah like to do tables and to do layout um then system like command line has it which is a bit of a lower level kind of API um and so the stuff we ship in the Box you know doesn't typically depend on external things like that right and so well even since command line can be interactive right of course you can build interactive stuff right like absolutely um we have we don't have much in the box that is is that interactive um and there's there's a couple different reasons for that I'm not gonna and I don't want to get into that hole like I think they're it's very clear that there are scenarios where it would be beneficial to have more interactivity in our command line and that's something that I know people on the team are are looking at and keeping in mind as we build more command line stuff out moving forward but it's hard to make stuff interactive when it wasn't interactive before because it's a very big breaking change to suddenly make an existing command ask you questions as a result of running it rather than just running to completion okay well I think and there's a comment here and I think I derailed a bit because originally I was asking about your your Blazer yes sorry and then I got I got you monologuing no it's fine I mean I tend to do this because I'm trying to there is context to every for every reason every time you ask a question about something modern there is typically a long time as to how we got there there is almost never a simple answer so this is my fault everything you're about to see you're about to hear me say is basically my fault because I made these decisions as the product owner you know years ago when this happened so we built identity we put it in the product people wanted us to do MVC versions of those of identity UI uh we resisted because we just simply couldn't afford it we didn't want to we we didn't consider it high enough priority to spend the developer hours doing that when we had other higher priority product needs to do so because it is expensive to do that stuff um and so it's been uh Razer Pages identity ever since uh fast forward to when um a Blazer became a thing in the last few years and we needed to solve that problem again ah great we've got a new application model it's still web-based you're still going to want to sign in uh for Blazer server anyway uh how do we give you the identity experience and so we made the decision to reuse the stuff that we'd already built um and to uh which means that if you do file new blazer server application or Blazer web assembly hosted application where it's hosted on aspinet core and you choose individual authors your authentication type then you get the existing identity experience it's literally the same views when you click on login you navigate away from the Blazer page it's a full browser navigation you do a login once you've logged in the the link in the top right hand corner if you click on it you could do a full page navigation to the identity UI it's not as far it's not um Blazer right you're dealing with old school Razer and MVC isms so people have been asking ever since we've done Blazer why don't we do a Blazer version of that stuff the same reason they just prioritize on the same list as all ASP net core features there's not a dedicated Laser team of 20 or 30 people it's the eighth grade core team and Blazer is one thing that they do and so it's always you know like any product decision that's always prioritizing things against each other that may not seem related from the customer's point of view but from a resourcing point of view they are and so this is my uh is my me doing what it would look like as a customer when if you really as a customer want to have Blazer based identity experiences you can use all the identity apis um but the UI obviously you have to rewrite in Blazer and so this is what this is this is me being a customer using ASP net core identity but rewriting the front end in Blazer and uh and then doing a little shim where the the identity API makes assumptions about how the application works that is like it'll write cookies out which don't really work well on a Blazer server app because it's a websocket connection and you can't write cookies to the to the output um and so I have to put a little shim layer in there and detect when it's Blazer and then do the Blazer thing when instead of writing a cookie out but also I I do I still have to write a cookie out because if you do navigate to some other part of the app you want to be authenticated or if you hit F5 in the browser you want to be authenticated still you don't have to sign in again so I have to do both and so people can look at the code and see how I've done that and this is like the to do of of other things that I intend to to do I've got some PRS from people already who uh want to there's one active right now someone's working through adding a few more of the pages um but the approach seems to work and it's now just a case of like filling in the rest of the features um this isn't a promise to ship it this isn't yeah I mean it's going to be part of the product this is me um as part of the product team going through this process to see well you know what does it look like like how bad is it like obviously I have a bunch of internal knowledge I have access to the developers who write uh the code not just the code itself everyone has access to the code um and uh and and so I I may have a bit of a leg up there um and then someone's talking about Blazer webassembly here yes the intent is this is also being written in a way that it's factored so that Blazer webassembly can use the same Blazer identity UI now the code behind it has to be different because logging in from a Blazer webassembly app ultimately is a different flow than logging in from a Blazer server application but you want the UI to be the same so there's a new if you go into the source folder there you would see there's a new set of abstractions um like Blazer identity so Blazer identity is the is the library that has new interfaces and classes that the Blazer UI talks to and they are not tied to the server-side asp.net core so then they get filled in depending if you go back a folder depending on whether you're using Blazer server or the one that doesn't exist for this Blazer identity.server and then there would be a Blazer identity.web assembly which I haven't that's all wrong I should have done that oh Incognito yeah so that's what that is and I know there are other members of the team looking at other aspects of our authentication authorization story um to see what it takes because I mean it's fair to say that the feedback has been fairly mixed like we have a lot of feedback in a few different camps which makes it interesting problem for a product you know product people because we're like we have a lot of people saying it's fine like there's all the functionality is there I've been able to do everything I need to by writing code maybe the documentation could be better um but the code's available so I can figure out then you've got other end of the Spectrum which is like this is unusable I cannot even get started and so we're trying to you know figure out how to navigate that and you know and see what we can do concretely to to improve some of those things this is just one of those things cool all right uh let me see okay I've got just a few more Okay so we've got rate limiting um you actually tweeted about this is I think something we've we've wanted for for a while so this is pretty um like handles a lot of different cases I actually have been trying to get Brennan on the show to talk about it he was too busy this week um but but we'll get him on soon I don't know anything you want to add on this I mean I knew that it's it's it's new it's it's too late so there's there's the idea of right limiting as a general construct a set of apis in the.net framework like in the net BCL and then on top of that there are a speed.net core right limiting apis that use the new rate limiting apis in the base framework in the BCL um and that's what's being shipped in this release is both layers at the same time um and so we're very keen for people to give us feedback on this because it's kind of landed fairly late in.net 7 in terms of usable all approachable middleware and code in Eastman net core and we're looking at that feedback right now and trying to ensure that we can uh you know tweak stuff before we ship so that this you know it can hit the ground in a very usable uh way and people can use it in their applications but you know it's it's anything you can think of with with regards to rate limiting an aspinet core the hope is that this can serve this can do it for you even if you have to write code so if it's you know I have a paid API and I need to make sure that people can only do so many requests per hour to that API or if it's like I only want there to be so many concurrent requests at any time to this part of my app um I want to do users can only you know call so many pages per second whatever it is like all that type of stuff is is the intent of this API surface very cool all right uh we also have the all up um blog post here so there's also some other like output caching um it's finally there he is that's better it's been I think we had did Sebastian work on this I think we had him on the show it's all a blur now yeah this is Sebastian's yep yeah so I think he talked about this earlier this year um a few months ago but yeah that's exciting um I'm trying to think um quick Grid in here there's some even some simple things like empty Blazer project template yeah so that's new yeah the new new empty options for Blazer uh map group is a big thing for folks using minimal apis or even just like wanting to organize low-level routing in their app like it works with other endpoint based systems like MVC and whatnot um and what's useful is that when you create a route group you can then assign metadata to the group that flows to all of the endpoints um and that metadata is what drives a lot of our other experiences like authorization authentication cores um etc etc are all endpoint aware middleware so uh that's all in there now which is great to see um request decompression is a kind of a quirky but cool one as well so you can have a middleware that was a contribution so a middleware now that decompresses requests that are coming in that are compressed and so that middleware after it just gets to interact with it as an uncompressed stream rather than a press stream so that's kind of cool uh support for websockets over HTTP 2 which now just lights up for free for anyone using signalr or Blazer server uh you and if you're running on Kestrel you'll get uh websockets over HTTP we actually think we're one of the first sort of full stack Frameworks to support uh websockets over hdb2 which is a nice Improvement because you you get reuse of a single TCP connection for both your websocket traffic and the rest of your um HTTP traffic which is cool uh yeah so a bunch of cool stuff there is one question going back to rate limiting I know do you happen to I I think yeah no there are there are abstractions for doing shares today this is one of the first questions that people ask this is great but what happens when I uh need to deploy to more than one server and I need that rate limiting to be done in the context of multiple instances in my app yes uh the API support that the team is still building out uh examples there is an example available of how to implement this using Orleans which was built by one of the Orleans devs uh the intenders that there'll be an example using redis and maybe file storage as well to coordinate uh this uh the rate limiting across multiple instances very cool another question that came in so going back to the Blazer identity question about support for backend for front end pattern um so if the if the cookies held server side so your example is using Blazer server side yes it might the one in my example right now when you when you perform the login login you're doing it because it's Blazer server so far it's the only one I've implemented the login your username and password gets sent over the websocket connection right which is you know it has to be over as soon as you're doing any type of password sign in in a browser your assumption is that those credentials are being sent over the wire thus you need to use https obviously right the nothing changes that and so if you're doing if you're accepting the password from the user then that's going to happen so in this case it happens over the the circuit rather than a form post it goes over the Blazer circuit it just ends up as an event and you get a text box with a with the value of the password right um then that gets used by being passed to the identity API guys the sign in async method basically and that does all the normal asp.net core identity sign in stuff you know enable 2fa if you want to is the account verified et cetera Etc and obviously checking the password and salts and all that stuff that's already in the database um then what happens is if that comes back successful the Blazer circuit is marked as authenticated using the blazer apis for authentication it's called like the authentication State provider is a is a type name and there's a derived one of those that lives in your application which basically uh can and you'll see it in there in the in the samples in the blade in samples later in your server there's a type under I think it's under the identity folder in there there's the authentication State provider yep so that's a revalidating identity authentication State provider of T which is your user type and that's the thing that tells Blazer hey the authentication State changed they are now authenticated so that means the uh and and the claims principle is handed to that and that's how components Blazer components get notified or get the authentication State the cookie is a whole separate thing so once that happens then there is Javascript interrupt interrupt that occurs so then the Blazer circuit um calls a JavaScript API which is delivered as part of this library that says hey you need to go and sign in to get a cookie and what it passes as the credential is the authentication ticket that is usually put inside the cookie okay so typically how it works is that the authentication tick is created by identity it encrypts it signs it sticks it in the cookie and that's the thing that round trips okay and you can't get to it from the client and so the authentication ticket is sent down the Blazer circuit which is over https that is then passed to a JavaScript function and that JavaScript function calls an endpoint but makes a fetch call right makes a post and that endpoint is in the library um uh yeah well I don't know how good the search is but it's like do this interrupt whatever it is runtime um and then that endpoint is basically a minimal API that accepts the authentication ticket um payload which is a bunch of bytes because it's been encrypted passes that uh through the appropriate you know decryption and whatnot validation uh steps in identity and once that is successful then a cookie is written out as part of the normal response basically it just does a normal sign in at that point which take does the job of writing the cookie out of the response and then the client now has the cookie as well just like it would have if it was a traditional Razer Pages app and so if you hit F5 what will happen and then you refresh the browser what will happen is a new blazer circuit gets created because a new websocket connection is created but that now has the auth cookie because that was written out as part of the previous thing so it ends up being authenticated as part of the initial State and everything just kind of works okay so that's how I've done it in here as I say in the readme this has not been reviewed or anything yet this is just me uh like playing around to figure out how how we would do this or how one would do this um but yeah it's it's there for people to look at if they want to see it it does not use BFF strictly speaking um because this is not a spa in this case so the webassembly case which is more of a traditional Spire uh that's where that type of question will come up it's like oh is all the auth actually happening in a mirrored front end for the back uh sorry a mirrored back end for the front end and it just calls through you still have to deal with uh where the the token is stored in that case like the cookie needs to get in the browser still yeah yeah all right let me see so I was worried we wouldn't have enough to cover and we have had oh you got me on you know I'll just talk anything big I just said for completeness as I was mentioning with it when this is.net7 uh release here so I think there is something that Jason contract serialization that's interesting so anyways cool um I'll rip through a little bit faster here there's some uh content negotiations for minimal apis with Carter um so this it's neat um we had Carter on gosh a year ago um and just kind of the idea of looking at what uh Jonathan and uh contributors I hope he's got some contributors adding on things so like content negotiations a really nice feature in apis um being able to say you know I accept these types or I prefer these types of my response and so here he just walks through adding that in using Carter cool stuff so nice XML content negotiation and there you go all right uh just a heads up if you were a Blazer fan this is a good opera or if you want to learn Blazer there's a new in Visual Studio guide um so it's built into Visual Studio a bit of an experiment and this is something we've actually talked about for years um I remember when I first started at Microsoft and we had a thing where we were like making a list of like crazy proposals and when we did with something like this where it was like an individual Studio yeah so this is neat you can walk through and it guides you through building a laser application and then if you do it you can actually fill out a form and get a Blazer sticker so who wouldn't want that all right just a few other neat things we've got dot net comp focus on Maui coming up that's August 9th we also have Camaro there's this uh dnf um what's it called dnf Summit this is neat this is actually something I wish that we had started doing like a while ago and I'm excited to see this this is community run um so there's um these are you know this is a presentation from.net foundation on kind of the state from from the executive director Tom Pappas and then uh we just have presentations from Community uh ABP framework.pvm Nano framework steel toe Community toolkit and uh Wix so okay Brandy Steve it's just community-run thing all right I'm about ready to turn it over to you this is uh this is the Epic I've been following along yeah yeah so the story here is um our good friend Rob Connery was looking at doing some content um about ASB net core on Mac I believe and as a part of that he he hadn't been working in.net for a few years and so he acquired the SDK and kind of started um you know trying it out um now he has a background in.net years ago but hasn't used used it recently he told me and so he brings a unique perspective because he kind of remembers what he thought from back then but then he has expectations based on the stuff he's been doing since then and then he's bringing that to to this experience so which is not unlike a lot of people I'm sure um and he was surprised and kind of uh saw opportunities for improvement with regards to some of the development experiences you get hit with on a Mac in particular um where you may not be using uh visual studio um and you may just be starting out with the CLI for example now on the Mac there's an interesting one one small thing and then I'll let you go he's also been pinging me as you know and just saying like hey what the heck's with this or how do I do this and yeah it's interesting that you know we think of a few different use cases and he's in one that we did we haven't prioritized there's the tunnel new coder new to everything and we have a lot of stuff that we prioritize with that like on the the.net website or you can learn or whatever where it's like welcome to coding we'll help you get to hello world right and then we also have docs that work really well if you've been a.net coder for a while yep and they're like hey I've been doing you know MVC now I want to learn how to do Blazer what do I do and you're used to how our docs work and you kind of have the feel for how you know how Stuff wear stuff where to find things yeah what Rob's bringing in is some of this hey I know how I do this in react yeah where is it here you know or whatever hey when when I'm building a view app with Tailwind this is how I would set up my off my you know I'm node like what do I do on asp.net so I felt like that was an interesting once I kind of understood like okay this is the perspective he's bringing in and there are a lot of people like that yeah a lot of front-end devs or a lot of devs that have worked on you know node or Firebase or you know just a bunch of other back ends and it's like how do I do what I want to do I'm a good coder I don't need you to teach me how to write hello world but I want to set this up on my app you know right and then the other thing I think is like you know to the point you're making that means that he's a lot less likely to go through one of our 10 minute getting started tutorials which if he had he would have seen all the things yeah right it would have said him every step would have said now you're gonna see this next because we're doing this you need to type this out which in itself obviously it's fair to say well why why would your getting started experience need to have that much explanation shouldn't it be obvious and like always it's like yeah things are complicated for reasons and so that doesn't mean there's not opportunities to improve them and so it's unfortunate you're looking at this from an in private window because you just see GitHub issues like numbers those should be titles of stuff that is useful yeah can you open that in a view that you're actually signed into yeah so I learned the hardware co-presenting with Scott Hanselman once yeah and I was logged in yeah and he was Code Monkey on my machine and started and all these auto complete things came up and I've been shopping for Barbie dolls for my daughters Ah that's right first then so then I don't know if the talk ever even finished it just talking about yes so the what happened was uh at the very first point where you know an asp net core application was created using the CLI like.net new web and then you say dot net run right it's as simple as that dot menu I got the sdk.net newweb.net run on a Mac what happens right now in.net6 is you get presented with some scary uh dialogs so if you actually click on let me find the best one there's a one that has a picture of it if you go to issue 41879 which is linked to there it's like the third one scroll down yeah so what will happen is you can see there there it is like dot net new DOT net run scary prompt that asks for your password with the padlock because some map is trying to access some key in your keychain right um you're muted John thanks the thing that jumps out to me is scary is this is asking for keychain access to TMP 6 av1c3 which sure seems a little scammy right right it's a little unfortunate and so this is due let me just explain why this happens so this happens because of a myriad of of things that kind of that work together to to land in this experience uh luckily because it's so many we can tweak some of them to improve it um by default asp.net core applications when you create them uh with our templates uh are set up to listen on both HTTP and https that happens because back in ASP net core two point something 102 something we made the choice to make working with https by default simpler in asp.net core primarily because of browser manufacturers and what they were doing at the time around being a lot more forceful in their user experience when it comes to saying hey this site is not secure especially if there were forms on the page where you had to type in stuff like the bar would go red and say like and like it would put overly in the text box even like this is insecure you're putting browsers were really heavy-handed about it they were very heavy-handed and so in reaction to that we were like okay like this is not a good look in our default Dev experience like you create a new app you go to put something that's like this is insecure I was like okay let's see if we can make this better um and yeah we had a history with is Express in Visual Studio of having SSL being set up by default for you as part of the vs experience and so we wanted to try and bring that to more of the ASP Network experience that meant that we the https by default we did a new middleware the HBS redirection middleware it was in the template by default we did hsts by default in the in in the templates as well when you weren't in development which is the whole don't even let the browser hit the insecure endpoint like always go directly to the secure endpoint if the website has it um and a few other things so that landed us in a situation where by default.netnew.net run you would be listening on HBS well great part of that means that Kestrel which is our web server has to get a certificate an SSL or HBS certificate from somewhere so we install one by default when you install.net as part of the first time you run.net the first run experience a little command is run that creates a self-signed certificate it's not a real certificate it's a test certificate that is self-signed by itself and that is called the aspin net core development certificate and that is what Kestrel looks for by default when it boots up in development environment right when it's in an environment where the the current environment environment name is developing and it finds that certificate via hard-coded identifier okay it's hard-coded in the framework so it'll only use that certificate if it finds it and then that has to be found successfully otherwise the app won't boot because you told us or Kestrel defaults to loading with SSL or https I should say and if it can't do that it explodes okay yeah and so um on a Mac that was the premise that was the the precursor fast forward to net five and then Mac made a bunch of changes around something called notarization um which uh forced us to go and make more changes uh to how.net runs on Mac OS I won't get into the long history of that I will say that in.net 6 a default change was made for net projects which is we introduced something called app host which means that when you build an application a.net app you don't just get a dll which is your app you get an executable with your app which is named after your application you can like on Windows you can double click it and it runs on other os's you can just run that executable at the command line and that's your application it's a very small file it's a shim and it's called the app host and it basically just finds the dll next to it of the same name in.net6 they changed the behavior of.net run to use that app host if it's there so by default we produce the app host now and netrun uses the app host by default those two changes result and plus the net five changes and the things before it results in this experience what happens is Matt goes here's a brand new application I've never seen before new web app is in this title here in this dialog is your new app okay it's a new executable right and it wants to access something private off your keychain what is that private thing it's accessing the private key in the asp.net core development certificate which was added to your keychain when you first ran.net remember I said that when you first run.net we we create an asp net core development certificate yeah on a Mac it goes in the keychain now other platforms when they do this they typically tell you to create a self-sign insert and just stick it on disk as a Ser file with a key pair file or a pfx file and then load it from there anyway we didn't do that by default and so then what happens is every new web application in.net6 you get this prompt when you run it even if you click always allow well that's only for this app new web app when you create another new app you get the prompt again yep it's really not good um and so and this is just to get the app to run once the app is running if you don't trust the cert that is the client that's establishing the https connection to the server if it doesn't trust this self-signed certificate then that can fail in numerous ways in the browser what happens is you get the big scary screen that said like doesn't show you the website it says you're navigating to a site with like a security problem click here to to allow it that's what happens in browsers if you're writing another.net application or using an app like Postman and then you try and connect to the application it just fails it just says no like the the SSL cert certification process failed and your app just explodes right yeah um and so it's a it's it's not a great user experience at all and so that's what we're sending out to fix with these new defaults so this after now that you know kind of that uh that backstory on Windows most people use visual studio and visual studio checks this before it launches applications asp.net core apps it checks if the certificate isn't created or it's not trusted it shows a screen a dialogue as the app is starting before it starts it saying hey do you want to trust assert you click yes and then you then get the windows dialog saying someone is trying to add a a self-signed certificate to the to your trusted certificate store for you as the user you click yes and then that's it you never see it again okay there's not this per application thing that Mac has so what's different about the way the windows the way Windows stores it versus the way Max stories it so Windows has the certificate store which you can kind of think as a similar to Max keychain the difference is in Windows when something runs as you an app location runs as your account which is what happens by default Windows considers that application trusted and so it can get to things that you can get to now because the certificate is put into your personal certificate store and is trusted in your personal trusted root certification Authority store it goes this is fine like it's running as you and you can get those things so by proxy this is perfectly fine and there's no extra prompt you only get a prompt the first time when you're asked to trust the certificate Mac doesn't do that for a number of reasons um one of them is that when we put the certificate um in the keychain and then when we do the trust operation we trust it in.net6 with a really wide sort of scope we trust it for the entire system not just which was a mistake in retrospect and that's something that we're changing um and so that's one of the key differences if you're on on Windows using the.net CLI and you don't use Visual Studio some aspects of this experience are very similar when you run the application uh it'll find the cert by default you won't get this prompt because windows will just go as running as you and you can see it because it's in your search solar it's fine but if you then run another.net application that tries to talk to the server uh via HP client for example and you have not trusted the self sign cert it will fail you'll get an exception with some horrible like trust violation and you have to go and manually trust the certificate because nothing will prompt you to do so um so we're updating that as well like Kestrel will now print um a message on booting to say that if it finds the dev certificate but it determines it's not trusted for the current account it'll print a warning saying hey this isn't trusted if you try and hit this from something else it's probably going to fail the other thing that we're doing in.net 7 is by default now the templates create two profiles and so if I share my screen let me do that right now and I picked the right screen because I have lots of them there we go this one there we go um so here's that uh one of those issues I've got a I've got a a project here I created in Visual Studio using the latest build uh of the.net SDK it if I look in the launch settings um file now which is the file that contains the launch profiles that are used during development there's nothing to do with production nothing to do when you've deployed your app this is only used when you run.net run or in Visual Studio or vs for Mac or you know another IDE so now we have two launch profiles one for HTTP which is the first one and one for https in previous versions you only had this profile and it was named after the application name so you had a launch profile called Web application three in this case and that would always try to bind on https so now in.net 7 if you create this with the command line you're on a Mac and you type.net run this is the launch profile that will be used and it doesn't try to bind to https by default because that's the one of the key differences that we've made the second one is that even after you've deployed this application Kestrel will no longer attempt to bind to https by default in production like outside the development environment it used to try and find the development certificate even though you weren't in development and if you found the development certificate it would attempt to bind to https which can lead to a different you know to other failures or other frictions in the experience because it's now doing https when you may not have expected to you didn't explicitly configure to so we've made a breaking chain so we've removed that it does not do that anymore in.net 7. now Visual Studio still defaults up here you can see this is the button where I launch my application it still says https I I it's a little small but it does say https here and if I drop it down it says HTTP above it Visual Studio is still finds the https profile by default and will launch that one if you don't explicitly select one because we know the experience in Visual Studio on Windows and on vs for Mac is is good like it does the pre-checks like before you launch it checks to see if the certificate is installed it checks to see if the certificate is trusted if it's not it prompts you to fix it for you so we have a good experience there so we've kept that https by default uh just by virtue of finding the that other profile but for the command line experience it's going to be the same on Linux Windows and Mac now which is it'll just try and run this profile by default now uh so that's one of the biggest changes that we've made the other things I talked about were on um Mac we're now changing how we do this trust Association and the certificate installation um so on a Mac now in.net7 what will happen uh in hopefully from rc1 moving forward is that rather than installing it into the keychain and putting the private key in the keychain and trusting it in the keychain and doing it system wide we're narrowing the scope so we're also going to have the certificate on disk in the user profile okay so it's in your user profile is you know you know tilde slash whatever somewhere that only your user can see on a Mac and then Castrol on Mac will look for the certificate on disk and load it from there rather than trying to get to it from the keychain that avoids the keychain prompt and makes it work like pretty much every other development stack on a Mac where the certificates are usually just loaded from a file on disk you know in a you know in a personal secure location so that's the other thing that's happening now because.net 6 still were in the previous version still work with the keychain we still have to make the.net 7 tools um set up the certificate in both places and also for folks who are on.net6 now on Mac and they install.net7 you're going to have your Mac already set up in like the.net 6 way and we have to make sure that it can transition into the new state where it's set up for both.net7 and net six and previous versions and so there will be a one-time experience as part of installing.net7 if you're in vs for Mac it'll prompt you if you're in the command line you'll get a message when you run that when it detects this state it will tell you you have to run a command and then that will set your machine up uh with one prompt uh in a way so that from that point on you'll be in this happier place where Kestrel is just loading it from desk and Dot net six apps will continue to load it the way it did before so that's the other set of changes lastly for Linux we would love to sort of replicate this CLI experience with the self-signed certificate for Linux because doing this on Linux yeah is is also quite complicated even more so than on a Mac because there are different Linux distros and like getting the browser to trust assert that your container is using on Linux is like a whole thing right like it's a it's a whole different thing so we do we didn't have time to do it in.net7 unfortunately but that's still something that we want to tackle in.net 8. for now there are docs that we have on the aspinet core docs that show you the commands that you have to run on various Linux distros to get uh the certificate set up and trusted so that you know two.net apps can talk to each other or curl can talk to your.net app or your browser whether it's Chrome or Edge or Firefox which has its own SSL thing that you have to do which is separate from the other ones um there's all the instructions on how to do that and hopefully uh that will get most uh folks across the line when it gets to doing this stuff uh get this stuff going I mean I will say it's not an excuse It's just as bad on other Stacks like if you're a node developer on Linux it's no better like it's hard right getting this stuff set up in development but we want to try and make it a little bit better and that's something that we're working towards slowly first on Mac after all the changes they made uh in the latest Mac OS versions and then hopefully on Linux so that you don't have to go and read the docs and find the three incantations you have to run to get it to work properly so yeah are there I forget I think there was something in the one of the discussions about like a Global or an environment variable where you can say prefer H or always require https or that sort of thing or is it kind of um no I don't think so or I'm forgetting I'm not quite sure what you're I'm not sure either so when it comes to launching with.net run or Visual Studio or vs Mac Etc that uses whatever's in your launch settings and if you don't specify a launch profile as part of the.net run command so you can say like Dash LP in the newest version and then give it a string which is the launch profile name if you don't specify that it just uses the first the first launch profile in the launch settings file okay which is now the HTTP profile for new projects so that you won't get you won't hit this friction as the very first thing that you do as an aspinet core developer I'm not aware of I'm trying to think I mean Kestrel has obviously configuration that you can pass via an environment variable because it reads from the configuration system and you can set up like paths to certificates and things but that's not commonly used the other thing I need to mention is that going back to the discussion we just had about Authentication depending on what type of auth your project uses https might be required and so when you create your project if you've specified an authentication method when you create the project when you initiate the template that requires https to work because of the way the cookies flow between different domains if you're doing something like open ID connect or an oauth flow or something like that then you don't get the option like it just creates a profile with https and that's all that works the other caveats are things like grpc so grpc uses http 2. HTTP 2 only works over https for browsers browsers will not connect via HTTP 2 if the connection is not https so if you.net new DOT net run on Mac or Windows or Linux and then try and hit that in your browser it's going to be HTTP only and it'll be HTTP 1.1 and so if you want to see HTTP 2 you have to get the https set up which is one of the reasons again why we care so much about trying to make https set up in the development environment a little bit simpler than it has traditionally been for these types of tools so those are some caveats you have to keep in mind yes we make it easier for the first step for the command line folk but when you want to if you're wondering why HTTP 2 doesn't work or why grpc is not working it's like yeah those things require HBS if the client is a browser you can initiate an HTTP 2 connection from like um like net client like using HTTP client but the browsers all require https okay uh let me see here's a question on excluding is Express from the launch profile yeah um so I'm assuming that we know Khalid obviously I'm assuming yeah they mean when you're not on Windows and not in visual studio right because obviously those things and we could do that uh I'm please log an issue uh we would have to obviously every option that we add to the templates complicates the template um I could I could see us potentially only having that profile if you create the project through Visual Studio but now you've got projects that are different depending on when they're in Visual Studio or not like depending on how you created them which isn't great also I don't think you think the templating engine supports that today having a a uh a variable that is populated differently by default depending on whether you're in one environment or the other it might do um using the host stuff that they support um but I I understand you know that request makes a lot of sense it's similar to like the web.config file which we generate as part of publish that you still get that used to get included even on Linux publishing when you specified a red and we changed that in the last release so that you don't get that file because I'm publishing the Linux I don't need it this is a similar request Khalid please log the bug and then you know then it's there and we can talk about it on the issue and we can figure out what the right thing to do is um there's a question on certificates with Linux containers yeah so that's a great question and there's there's different flavors of Linux containers are you running on windows with wsl2 for example or are you running with a VM or are you just on Linux and using containers so um that's something that was also in the original scope of the Epic that you linked to if you go and read that we do discuss that would be nice to get working uh as well from the command line Visual Studio already includes tooling so if you're using visual studio with the container tools and you're using WSL it does the right thing automatically so it like exports the certificate Maps a volume into the Container when you launch it so that the container can find the certificate because it's the same cert as your host that means if you use a browser on your host to hit uh something running in the container are they using the same certificate and so your trust boundary will continue to work right or getting all that to work is obviously a bit of a a bit of an exercise and so vs does it by default we we could do it in the command line tool as well it would be a command you'd have to run like you know.net devsource hbs-wsl for example if you're on Windows um or dash dash Docker maybe if you're not on Windows but you want it to like shove the cert in the right place we haven't done that yet today it's a manual step you like any other platform again if you're doing this on node like you have to do that yourself as well it's it's there's nothing magic there but we did mention it and maybe in.net if enough people talk about it you know we could prioritize that cool um gosh okay I'm trying to yeah WSL was one of the questions I had I saw also in the original I picked some stuff about Maui because I believe Maui also has some so that was yeah so that that that's mentioned briefly in there as well of this scenario where I create a back-end API ASP net core app and then on my Android Maui app during development has to talk to it those Maui clients bring a whole other level of complexity so I think like getting Android apps to talk to a backend that is not https apparently is really difficult but then getting them to talk with https also requires all the search Shenanigans so it's quite a hostile user experience um that's something that I know the Maui folks um uh care about is something that will work with them it's not great out of the box today it's not just like magic it doesn't if you're using vs it doesn't just like magically set it all up it's something that we need to to continue to try and make it simple um but you know like we were discussing at the beginning by making it simple means we have to hide a whole bunch of complexity which means we tie ourselves to a whole bunch of stuff as it is right now and if that changes everything breaks and that is often the state with these mobile clients and emulators is that they make platform changes as you know Android versions or iOS versions and then they just impose a whole bunch of new requirements um that that breaks things like you know the app must specify and it's manifest that it wants to communicate with an external thing and it must list it in whatever like yeah we get it and we we obviously try and work to make those things simple but you know it's good to get the feedback from folks about what's important come on gosh for some reason this was making me think too about Port tunneling because you were talking about earlier yeah that's a very good point so the port tunneling which is a new feature in visual studio for example um a requires https today uh we only do that over https because you know we're sending stuff from basically your local machine over the Internet um and then secondly um that can be seen as a a solution for this like mobile client problem that we just talked about it's not just useful things like web Hooks and where you want to have some external system talking to your local copy that you're developing on even if you're running like an app in an emulator on your desktop and then your app your backend is running in a container or just even locally on your on on your machine uh having that emulator talk to the app might be easier going through a public address using a public https certificate that is trusted by because it uses a trusted root significant Authority uh might actually just be easier and so here it goes and yeah here's the blog post that talks about it um and so folks using visual studio with the latest preview 17-3 um Can can try that out yep and there's a doc too about doing that I was pretty happily surprised I like click through it and everything worked and I was like this is awesome like you know like so I had to enable the feature and then I needed to make this setting for um whatever turn on tunneling you know and then ran the thing and I had a public URL I was like yeah but it is a visual studio feature that's a visual studio feature yeah because it means there's so much infrastructure required um it's basically hosting stuff in Azure and giving you a URL and like all that type of stuff right so um and think of it the same way kind of like um live share right which is a vs feature as well vs code and visual studio and integrates also with um uh was it what do we call the GitHub thing now GitHub Dev or vs online vs whatever the stuff that I love I hit dot in repo and I get like vs code running in my browser yeah um that stuff's awesome like you can use it in those environments as well uh code spaces that's the word I was like oh yeah yeah yeah um uh yeah so like all that technology is kind of uh related and is tied to the visual studio uh kind of product to my understanding so it's pretty cool though another possible solution for folks nice okay well uh we're about a time I guess we can uh I'll go back to the um the main epic yes show that again so where we're at is we as you can see on the Epic there's only a few well you can't see in that view because there are a few of those are ticked the only ones left are the ones to do with the default Kestrel experience on Mac and the specifically the dot the dot net Dev certs command on Mac uh as yeah so those those three there they're all to do with those three there that aren't ticked are all basically to do with Mac OS and the default experience um they're being worked on right now um and uh should hopefully land in rc1 and so that will be the where we land in.net seven the rest is updating docs obviously because we do have quite a lot of docs that talk about the https configuration for Kestrel and the development time considerations and all those type of things but hopefully this is a net Improvement and then as part of net H like the one at the bottom of the screen there for example getting trust support to work on Linux uh is something that we would love to do for donate eight so we'll include that in part of our early planning and then there's links to relevant issues there that talk about uh set some of the context they're either issues that were logged by customers or issues that were logged by us and then people from the community have have figured out how to make stuff work on Linux for example um and that that's we literally point to these issues from our docs because that's where the best information is right now as the community has figured out how do I make this work on Ubuntu or or whatever distro it might be that you're using so cool yeah I I just recommend this is I you'll see I'm subscribed on this and I make a habit of subscribing definitely to epics but you know like I'll subscribe I liberally subscribe and I also want to remind people oops wrong one many tabs now um I go to themes.net and I recommend this too for just kind of keeping on top of stuff so for instance this is his peanut core this is how I found I could have also used the quick filter and type HTTP yes that's right but um it's somewhere in here but so yep so anyways I I continue to recommend this themes of dot net is super handy for keeping on top of things cool cool all right well I thank you for your time Damian this was awesome and um I'm excited about these changes the the all the dev that I'm doing on America you know every time I'm like dang it I already trusted this what's going on I have to remind myself it's good to understand the deeper issues and also see the the changes in the works yep and it's been good I mean I've Got My Little Mac Mini like just here so I've been able to actually experience this and and chest out the improvements and and all the rest myself so I I I definitely empathize with the folks on Mac and obviously want to make changes there to make it as approachable to folks as possible um so yeah if you've got any other feedback please let us know I do appreciate too just to continue like you know we've seen this discussion there was a colleague that had you know log bugs on this and and um Rob had and you know just seeing that discussion in in public where people are like hey this is something we'd love to see improved and it's a productive discussion and things get fixed instead of just like I hate this thing you know let's make it better together you know yes absolutely yeah very cool all right well thanks a bunch thanks folks right [Music]

Info

Channel: dotnet

Views: 8,754

Rating: undefined out of 5

Keywords:

Id: S9FRItu-5Ow

Channel Id: undefined

Length: 84min 38sec (5078 seconds)

Published: Tue Jul 19 2022