.NET 8 and Minimal APIs
The first day kicked off with a session on .NET and .NET 8 by Scott Hunter. The new features in .NET 8 are exciting, and one of the highlights is the introduction of new capabilities in minimal APIs. These improvements promise to streamline development workflows significantly by reducing boilerplate code and making API development more intuitive.
Key Features of .NET 8
- Performance Enhancements: .NET 8 promises substantial performance improvements, making applications faster and more efficient.
- Native AOT (Ahead of Time Compilation): This feature can improve startup times and reduce memory usage.
- Unified Platform: Further consolidation of the .NET ecosystem, bringing more consistent APIs across different platforms.
Hunter’s enthusiasm for .NET 8 was infectious, and this release will bring significant benefits to developers working with the .NET stack.
Building Enterprise Blazor Apps Using CSLA .NET
Rockford Lhotka’s session on Blazor and CSLA .NET was a deep dive into building flexible, enterprise-level applications. Blazor 8 introduces four new render modes—Static server-side, Interactive Server, Interactive WASM, and Interactive Auto—which provide greater flexibility in how pages are rendered.
Blazor Render Modes
- Static Server-Side: Suitable for SEO-friendly static content.
- Interactive Server: Ideal for interactive, real-time applications with server-side processing.
- Interactive WASM: Enables full client-side interactivity using WebAssembly.
- Interactive Auto: Dynamically switches between server and client modes based on network conditions and device capabilities.
Lhotka’s primary focus, however, was on the CSLA .NET framework. This framework helps developers separate business rules from other logic by turning them into objects that can be unit-tested independently.
Benefits of CSLA .NET
- Encapsulation of Business Rules: Business rules are defined as separate objects, promoting code reuse and maintainability.
- Unit Testable: Since business rules are separate objects, they can be unit tested independently from the data objects they apply to.
- Flexibility: The framework supports a variety of UI technologies, including Blazor, WinForms, and WPF.
Lhotka also introduced a cleaner way to inject interfaces using the [Inject] attribute, simplifying dependency injection and reducing boilerplate code. This method allows developers to inject interfaces directly into methods rather than the entire class, leading to cleaner and more maintainable code.
Rethinking Batch Jobs
The session “Where we’re going… we don’t need batch jobs” challenged traditional approaches to data processing. The presenter, Adam Ralph, argued that batch jobs often stem from misinterpreted requirements and proposed a more responsive approach.
Key Insights
- Real-Time Processing: Instead of generating daily reports, real-time notifications for significant events (like orders exceeding a certain amount) can provide more timely and actionable insights.
- Aligning with Stakeholder Needs: Re-examining requirements to ensure they reflect what stakeholders truly want can lead to more efficient solutions.
Example
- Original Requirement: “As a salesperson, I want an overview of all orders with a total amount exceeding €100.”
- Revised Requirement: “As a salesperson, I want to know if a customer places an order exceeding €100.”
The revised requirement calls for a real-time notification system rather than a batch job, offering immediate feedback and allowing for quicker decision-making.
ASP.NET Core Integration Testing 101
Integration testing is often overlooked due to its complexity, but this session by Chris Klug highlighted its importance alongside unit and end-to-end (E2E) testing.
Key Challenges and Solutions
- Running as an API: Using the Microsoft.AspNetCore.Mvc.Testing NuGet package allows developers to simulate a test server, making it easier to write tests that spin up the API in memory.
- Environments: Different environments can be used to ensure that tests have the correct configuration settings – for example, creating a specific configuration file like appsettings.IntegrationTesting.json.
- Mocking External Dependencies: Mock objects or dummy services can be used to replace actual calls to external services during tests.
- Authentication: The session covered the use of simpler authentication methods during tests, such as the Bazinga.AspNetCore.Authentication.Basic NuGet package, to avoid the complexities of full authentication flows.
- Database Testing: Instead of swapping out the database engine, setting up a dedicated test database or using containers (like Testcontainers for SQL Server) ensures that tests run in an environment that closely mirrors production.
Importance of Transactions
Encapsulating test code within a transaction ensures that the database remains in a consistent state, as any changes made during the test are rolled back automatically.
Developing Minimal Web APIs in .NET and Azure API Management
Jonah Andersson, the first female Azure MVP in Sweden, showcased her expertise on minimal APIs, highlighting their role in microservices architecture and integration within complex systems. By advocating for a minimalist approach, she encourages developers to focus on essentials, resulting in more robust and manageable code. Filled with real-world examples, her talk demonstrated the tangible benefits of minimal APIs, such as cleaner codebases, faster development cycles, and more efficient maintenance, in the cloud-centric world of .NET and Azure.
Key Takeaways
- Simplicity in Design: Minimal APIs promote cleaner codebases and faster development cycles.
- Microservices Integration: They enhance the integration process within complex systems.
Data Modeling and Partitioning Patterns in Azure Cosmos DB
Leonard Lobel’s session on Azure Cosmos DB was a standout, particularly for those transitioning from SQL to NoSQL databases. He emphasized the importance of choosing the right partition key to optimize performance and cost.
Key Strategies
- Choosing Partition Keys: Selecting an effective partition key, such as using userId for invoices belonging to users, can greatly impact performance.
- Embedding vs. Referencing: Deciding whether to store linked entities within the same container (embedding) or using references to other containers.
- Denormalization: Storing copies of data in multiple containers and keeping them up to date using Azure Functions or stored procedures.
Example
- Invoice Management: For a container containing lists of invoices, using userId as the partition key ensures efficient retrieval of invoices per user.
Lobel’s session underscored the importance of early and thoughtful design in Cosmos DB to avoid costly restructuring later on.
Additional Insights on Cosmos DB
- Relational DB in NoSQL: Design your objects and partition keys to reflect the most executed queries, minimizing request units (RUs) and operating costs. This approach is crucial when migrating data from SQL to Cosmos DB.
Authentication in Modern Web Apps with BFF – Backend for Frontend
This session by Robert Folkesson focused on improving security in web applications using the BFF (Backend for Frontend) pattern. Traditional OAuth flows, while effective, have vulnerabilities when tokens are stored in the browser.
Key Points
- Implicit Flow vs. Authorization Code Flow: While the implicit flow is straightforward, it is no longer considered safe. The authorization code flow + PKCE (Proof Key for Code Exchange) is recommended.
- Token Storage: Storing tokens on the server side using the BFF pattern enhances security. The BFF communicates with backend services using the stored token, while the client uses a first-party cookie.
Validation
It was reassuring to see that the BFF pattern aligns with current industry standards and best practices, validating the approach used in our current project.
Additional Insights on OAuth 2.0 PKCE
- Changing Authentication Patterns: Moving access_token storage from the device or browser to a BFF server is necessary, as browsers will no longer support storing these tokens. This change enhances security and compliance with evolving web standards.
Five Do’s and Don'ts for Your Entra ID
One of the final sessions of the day, presented by Sander Berkouwer and Raymond Comvalius, provided valuable insights into managing Entra ID (formerly Azure AD).
Key Takeaways
- Require MFA: Multi-factor authentication is essential for securing accounts.
- Use Security Defaults: If Conditional Access is not needed, Security Defaults offer robust protection.
- Manage Guest Account Settings: By default, users can invite guests into your tenant with the same rights as regular users. Proper configuration is crucial to prevent unauthorized access.
The session highlighted the importance of configuring Entra ID settings thoughtfully to avoid potential security risks.
Azure APIM: Upcoming Features
Another interesting topic covered was the new features being added to Azure API Management (APIM), including built-in load balancer and circuit breaker functionalities.
Key Features
- Load Balancer: Previously possible through policies, the new built-in load balancer will offer a more streamlined and efficient approach.
- Circuit Breaker: This feature will enhance the reliability and resilience of APIs by preventing cascading failures and managing service degradation gracefully.
C#: Extension Methods and Operator Overloading
In the realm of C#, one discussion revolved around using extension methods and overloading operators. These techniques can yield interesting, albeit sometimes controversial, results.
Pros and Cons
- Pros: These features can lead to more readable and intuitive code by enabling new syntactic constructs and operator behaviors.
- Cons: They can also result in “cursed” coding practices if overused or misused, potentially making the codebase harder to understand and maintain.
What's New in .NET 8 & C# 12
Exploring the new features in .NET 8 and C# 12 was exciting. Some highlights for our developers include:
- Spans and Ranges: Enable zero allocations using array ranges.
- Native AOT: Compile for the specific device you are building for.
- Frozen Types: Immutable and thread-safe, allowing performance optimizations.
- Text.Json: Eliminates the need for the Newtonsoft package.
- TimePeriod Class: Simplifies the use of DateTimeOffset.
- Interceptors: Methods that let you bypass a piece of code and run something else.
Experimental Attribute: Marks code as experimental, similar to the obsolete tag.
Cursed C#
Nick Chapsas is a content creator who specializes in C# and .NET. With plenty of humor, he showcased unconventional yet creative uses of C# that would make traditionalists cringe. For instance, adding an extension method called “Await” to an integer to use it for counting seconds instead of Task.Delay. These imaginative possibilities, while not practical, were fascinating to see in action. The best way to describe this talk is ‘one hour of standup comedy, written in C#.’ Filling the biggest room at the conference and having them all laughing for almost a full hour is a serious feat.
An Introduction to Residuality Theory
Barry O’Reilly, with his extensive background as a Chief Architect at Microsoft and current PhD studies in software design and complexity science, introduced Residuality Theory, a novel approach to software design in complex business environments. This theory views software systems as interconnected parts, emphasizing the embrace of uncertainty rather than its elimination.
Key Concepts of Residuality Theory:
- Residues: The leftover parts of a system after unexpected events.
- Random Simulation and Kaufman Networks: Tools for understanding system behavior.
- Ordered/Disordered and NKP Analysis: Methods to design resilient and adaptable systems.
O’Reilly illustrated his points with a real-world example of an electric vehicle (EV) charging station, showing how identifying and addressing system “stressors” can enhance resilience and future-proof designs. His session encouraged embracing uncertainty, balancing order and disorder, and designing systems that thrive amid complexity.
The Long Lost Art of Refactoring
Jimmy Bogaert, an acclaimed software consultant and creator of OSS libraries AutoMapper and MediatR, delivered an insightful session on the ongoing importance of refactoring in software development.
Key Takeaways from Bogaert’s Session:
- Continuous Refactoring: Emphasized as an integral, ongoing process within the development workflow.
- Clean Code: Essential for effective refactoring, with a focus on best practices and design principles.
- Refactoring Techniques: Various methods were discussed, along with recommended reading materials.
- Collaboration and Communication: Highlighted as critical for successful refactoring efforts among team members.
Bogaert’s session underscored the necessity of maintaining clean, efficient codebases and integrating refactoring into regular development practices to ensure code remains robust, adaptable, and maintainable.
Conclusion
Over the two days at Techorama, we delved into cutting-edge advancements. What stood out was the exciting intersection of AI with .NET. Sessions on AI integration, which showcased practical applications and highlighted security measures and revealed how AI can enhance development processes. The conference exceeded expectations, providing invaluable knowledge and tools for the Coditers who attended.
Looking forward to next year!
Subscribe to our RSS feed