CountBy, a new LINQ function introduced in.NET 9, simplifies common data grouping and counting operations. By effectively classifying elements according to a given key, this function generates a collection of KeyValuePair objects. Every key-value pair denotes a group and the number of elements that go with it. Before.NET 9, we had to use a two-step procedure to group elements and count how often they appeared. First, we categorized elements according to a particular key using the GroupBy technique. We then projected each group in order to determine how many elements it contained.

Example
var message = "welcometoprpcoding";
var characterOccurences = message
                            .GroupBy(c => c)
                            .Select(g => new { Key = g.Key, Value = g.Count() });

foreach (var characterOccurence in characterOccurences)
{
    Console.WriteLine($"Character: {characterOccurence.Key}, " +
                      $"Count: {characterOccurence.Value}");
}

Grouping and Counting Characters
This code uses LINQ to group the characters in the string and count their occurrences.

• message.GroupBy(c => c): Groups the characters based on their value. Each group contains characters with the same value.
• Select(g => new { Key = g.Key, Value = g.Count() }): Projects each group into an anonymous object with two properties:
  • Key: The character itself.
  • Value: The count of occurrences of that character in the group.

Output

With .NET 9, the CountBy method significantly streamlines this process.
var message = "welcometoprpcoding";
var characterOccurences = message.CountBy(c => c);

foreach (var characterOccurence in characterOccurences)
{
    Console.WriteLine($"Character: {characterOccurence.Key}, " +
                      $"Count: {characterOccurence.Value}");
}

Output

Key Benefits of CountBy

• Conciseness: Simplifies code, improving readability.
• Efficiency: Potentially optimizes performance by streamlining the grouping and counting process.
• Clarity: Clearly expresses the intent of categorizing and quantifying elements.

By leveraging the CountBy method, you can write more concise, efficient, and expressive LINQ queries in your .NET 9 applications. Happy Coding!

Because HTTP is a stateless protocol, the user's state is not saved by the web server in between requests. For web developers, this restriction might pose serious difficulties. Developers frequently employ methods like adding query strings to URLs, setting cookies on client computers, or storing user session data on the server to get around these issues. In this post, I'll give a quick rundown of session management, go over its drawbacks, and describe how distributed caching solutions can be used to maintain state effectively in large-scale applications. I will also provide helpful instructions for setting up, configuring, and utilizing a distributed cache in ASP.NET Core web apps.

An Overview of.NET Session Management
One of the most important aspects of any online application is session management. It enables the server to monitor users over several requests and save user-specific data, like shopping cart details and authentication status. For scalability and dependability, session data can also be kept in a distributed cache, although it is usually kept on server memory or disk. A session ID is a unique session identification that is assigned to each user and is either supplied in the URL or kept in a cookie. On subsequent queries, the session data is retrieved using this session ID. One of the following places can be used to store session data in.NET.

• In-Process: The session data is stored in the web server's memory. This is the fastest option, but it is not very scalable because session data is available memory, and it can easily be lost if the application pool is recycled or if the web app is hosted on multiple servers and a load balancer sends the request to another server.
• State Server: The session data is stored in a dedicated state server, separate from the web server. This allows session data to persist even if the application pool or web server is restarted. The State Server runs as a Windows service, and session data is accessed over the network, making it suitable for load-balanced environments. However, using a State Server can introduce network latency compared to in-process session storage, though it improves scalability and session persistence.
• SQL Server: The session data is stored in an SQL Server database, which provides persistent storage if you are using multiple web servers or have a load-balanced environment. This approach is more resilient than in-memory sessions but it can introduce overhead due to database read/write operations. This is the best option if your application requires high availability, data persistence, and scalability, and you can slightly compromise on performance.
• Distributed Caching: Distributed caching is a method of storing data across multiple servers or nodes in a network, allowing web applications to access cached data more efficiently and reliably. This method is more suitable in cloud-native and distributed applications where you want to keep cached data on the server that is nearest to the user.

Limitations of Traditional Session Management
Although session management seems like a very attractive and useful feature to most developers, as they gain more experience, they realize that there are several limitations to using traditional session management techniques. Some of the limitations are mentioned below.

• Scalability Issues: If you are using in-memory sessions, your sessions are tied to a specific server. This creates problems in load-balanced or multi-server environments, where users may be routed to different servers, causing session data loss unless you are using sticky sessions.
• Memory Consumption: If you are storing a large amount of session data in the server’s memory, your application will consume significant memory resources, especially if you have a large-scale application with millions of users. This can not only degrade application performance, but it also increase the risk of server crashes.
• Session Data Loss: If you are using in-memory session storage, your session data can be lost if the server is restarted or crashes. This disrupts user experiences and requires external solutions to ensure persistence.
• Session Timeout Limitations: Fixed session timeouts can frustrate users, especially if they lose their session due to inactivity. Managing these timeouts effectively while balancing resource consumption can be challenging for most beginner and intermediate-level developers.
• Security Concerns: Traditional session management often relies on cookies to store session IDs, making them vulnerable to session hijacking or cross-site scripting (XSS) attacks if not properly secured.
• Managing Large Sessions: Sessions that store large amounts of data can slow down requests, as reading and writing session data becomes more resource-intensive, particularly when stored in databases or other persistent stores.

The limitations mentioned above often prompt developers to adopt more high-performance and scalable solutions that can not only solve all of the problems but can also provide many additional features to cache session data for your applications.

Introduction of NCache for .NET Developers
NCache is a powerful, distributed caching solution designed specifically for .NET applications. It enhances application performance and makes the application more scalable by providing both an in-memory and a distributed cache across multiple servers. NCache reduces database load and speeds up data access in high-traffic applications. NCache supports a wide range of caching scenarios, such as simple key-value storage, transactional data caching, or session caching. The following diagram shows how the NCache cluster can sit between your .NET applications and the database and cache data for multiple applications.

NCache provides various APIs to add, update, or remove data to/from cache. The data can be stored as a single item or as bulk data. Developers also have the option to store data either synchronously or asynchronously as per their application requirements. The data stored in the cache can be a primitive data type such as int, double, bool, object, etc. or it can be any custom serializable class object, e.g. Product, Order, etc.

Advantages of using NCache for Session Management

• Following are some of the benefits of using NCache as your ASP.NET Core Session State Provider.
• High Availability: NCache replicates sessions across multiple cache nodes to ensure that the session data is always available, even during server failures. NCache provides a self-healing peer-to-peer clustering architecture that has no single point of failure. This dynamic clustering also allows us to add or remove any cache server from the cluster without stopping the cache or the applications.
• Multi-Region Replication: NCache can also replicate ASP.NET Core sessions across multiple regions (data centers) to ensure that the sessions remain safe, even if a data center goes offline.
• Distributed & Scalable: NCache stores session data in a distributed cache that allows your sessions to scale across multiple servers. This also eliminates the single-point-of-failure issues.
• Improved Performance: It enhances the performance of session retrieval by caching session data in memory, reducing the load on databases or slower storage systems. NCache also uses its custom serialization method called ‘Compact Serialization’ which is much faster than the slow serialization method available in .NET.
• Session Failover and Persistence: In the event of an application server failure, NCache automatically handles session failover to make sure that the sessions are not lost. It also supports persistent session storage, allowing session data to survive across application restarts.
• Support for Large Sessions: NCache can handle large session objects, distributing them efficiently across cache nodes.
• Cross-Platform Compatibility: NCache offers flexibility for different development environments by supporting both ASP.NET and ASP.NET Core applications.
• Increased Web Farm Efficiency: In multi-server environments, NCache eliminates the need for "sticky sessions" by synchronizing the session state across all servers.
• Enhanced Security: With encryption and secure communication between cache clients and servers, NCache ensures that sensitive session data remains protected.

Installing and Configuring NCache in ASP.NET Core App
Before we learn how to use NCache, we need to make sure we have installed and configured NCache on the development machine. There are multiple versions of NCache available, and you can choose the specific version as per your application requirements.

• NCache Open Source: A free, open-source, and community-supported version of NCache that provides basic distributed caching features for small to medium applications.
• NCache Professional: This is a paid version of NCache and it is suitable for small to medium-sized business applications. It provides additional features such as client cache and better performance optimizations.
• NCache Enterprise: The most advanced version of NCache that provides the most advanced caching features, including disaster recovery, high availability, and performance monitoring, and it's the best choice for large enterprise applications.

Note. NCache Professional and Enterprise versions are also available as SaaS in both Azure and AWS marketplaces.

The next thing we need to decide is how we want to install and use NCache. We can choose one of the following options.

• NCache Cache Server: We can download and install the NCache cache server from the NCache official download page to enjoy features like distributed caching, high availability, replication, and scalability.
• NCache Docker Image: We can spin up an NCache cache server in a Docker container if you want to avoid installing NCache directly on our system.
• NCache Client (In Memory Cache): We can skip NCache cache server installation and directly use NCache-related Nuget packages in our .NET projects to use in-memory cache for quick testing and proof of concepts.

For this article, I have downloaded the Open Source version of NCache. Let’s create a new ASP.NET MVC Project in Visual Studio 2022 using .NET 8 and run the following commands in the Package Manager Console to install the Open Source version of NCache.

Package Manager Console

Install-Package Alachisoft.NCache.OpenSource.SDK
Install-Package NCache.Microsoft.Extensions.Caching.OpenSource

Next, we need to configure NCache, and we have two options.

• We can specify all configurations through code in the Program.cs file.
• We can specify all configurations in JSON format in the appsettings.json file.

Let’s use option one and configure NCache in the Program.cs file.

Program.cs
using Alachisoft.NCache.Caching.Distributed;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddNCacheDistributedCache(configuration =>
{
    configuration.CacheName = "democache";
    configuration.EnableLogs = true;
    configuration.ExceptionsEnabled = true;
});

builder.Services.AddControllersWithViews();

var app = builder.Build();

The above code snippet uses the AddNCacheDistributedCache method to configure NCache. This method adds NCache as the default distributed cache implementation of the IDistributedCache interface. The method requires CacheName and some other optional configurations.

Next, we need to add the following code in our HomeController.

HomeController.cs
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Caching.Distributed;
using System.Text;

namespace AspNetCoreNCacheDemo.Controllers
{
    public class HomeController : Controller
    {
        private readonly IDistributedCache _cache;

        public HomeController(IDistributedCache cache)
        {
            _cache = cache;
        }

        public IActionResult Index()
        {
            string cachedValue = string.Empty;

            byte[] cacheData = _cache.Get("MyCacheKey");    // Get Data From Cache

            if(cacheData != null)
            {
                cachedValue = Encoding.UTF8.GetString(cacheData);
            }

            if (string.IsNullOrEmpty(cachedValue))
            {
                cachedValue = "Cache Data";
                cacheData = Encoding.UTF8.GetBytes(cachedValue);

                _cache.Set("MyCacheKey", cacheData);        // Set Data From Cache
            }

            ViewBag.CachedData = cachedValue;

            return View();
        }
    }
}

The above code injects the IDistributedCache instance into the constructor of the controller and then uses the Get and Set methods to add and retrieve data from the cache.

Using NCache for ASP.NET Core Session Management
To use NCache ASP.NET Core Session Provider for session management we need to install the following Nuget package in our project.

Package Manager Console
Install-Package AspNetCore.Session.NCache.OpenSource

Next, we need to initialize the NCache sessions service in the Program.cs file as follows.

Program.cs
builder.Services.AddNCacheSession(configuration =>
{
    configuration.CacheName = "demoCache";
    configuration.EnableLogs = true;
    configuration.SessionAppId = "demoApp";
    configuration.SessionOptions.IdleTimeout = 5;
    configuration.SessionOptions.CookieName = "AspNetCore.Session";
});

The complete details of all session-related options are available in NCache docs.
Next, we need to configure the HTTP request pipeline by adding middleware using the UserNCacheSession method.

Program.cs
app.UseNCacheSession();

After configuring NCache as the default cache for ASP.NET Core Sessions, you can perform all session-specific operations without modifying any code, and all sessions will be stored in the distributed NCache. You just need to make sure that if you are storing custom objects in the session, then they are marked as serializable. You can do this by adding the [Serializable] attribute to your custom object class definition.

Let’s implement a small To Do list app that will display a To Do list to the user and will allow the user to add a new To-Do item to the list. We will then store the To Do list in the ASP.NET core session that will use NCache behind the scenes.

First of all, create the following ToDo model class with a single Name property.

ToDo.cs
[Serializable]
public class ToDo
{
    public string Name { get; set; }
}

Next, implement the following Index action methods in the HomeController that will fetch the list ToDo list from the session using the GetObject method and display it on the page.

HomeController.cs
public class HomeController : Controller
{
    public IActionResult Index()
    {
        var list = HttpContext.Session.GetObject<List<ToDo>>("ToDoList");
        return View(list);
    }
}

The razor view page of the above action method will iterate over the ToDo items and will render the names of all ToDo items in a simple table. It also has a Create New button that will redirect the user to another page where the user can add a new ToDo Item.

Index.cshtml

model IEnumerable<ToDo>

@{
    ViewData["Title"] = "Home Page";
}

<h2>To Do</h2>
<a asp-action="Create" class="btn btn-success mb-3">Create New</a>

@if (Model != null)
{
    <table class="table table-bordered table-striped ">
        <thead>
            <tr class="bg-warning ">
                <td>Name</td>
            </tr>
        </thead>
        <tbody>

            @foreach (var item in Model)
            {
                <tr>
                    <td>@item.Name</td>
                </tr>
            }

        </tbody>
    </table>
}

If you will test your page at this point, you should see the following output in the browser.

Next, implement the following Create action methods in the HomeController. The first method will render the Create page in the browser using the HttpGet request. The second method will be called when the user submits the Create page by providing a new ToDo item name.

HomeController.cs
public IActionResult Create()
{
    return View();
}

[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Create(ToDo todo)
{
    if (ModelState.IsValid)
    {
        var list = HttpContext.Session.GetObject<List<ToDo>>("ToDoList");

        if(list == null)
        {
            list = new List<ToDo>();
        }

        list.Add(todo);

        HttpContext.Session.SetObject("ToDoList", list);

        return RedirectToAction("Index");
    }

    return View(todo);
}

The above Create method first fetches the ToDo ToDo list from the session, and if it doesn’t find any list in the session, it creates a new list. Next, it adds the ToDo item to the list, and finally, it puts the list back in the session using the SetObject method.

Please note that the GetObject and SetObject methods used above are not the built-in methods of ASP.NET Core. I implemented the following extension methods to easily add or retrieve custom objects in or from the session.

SessionExtensions.cs
public static class SessionExtensions
{
    public static void SetObject(this ISession session, string key, object value)
    {
        session.SetString(key, JsonSerializer.Serialize(value));
    }

    public static T GetObject<T>(this ISession session, string key)
    {
        var value = session.GetString(key);
        return value == null ? default(T) : JsonSerializer.Deserialize<T>(value);
    }
}

Following is the Razor view page of the Create action method.

Index.cshtml
@model ToDo

<h2>Create</h2>

<div class="row alert alert-primary">
    <div class="col-md-4">
        <form asp-action="Create">
            <div class="form-group">
                <label asp-for="Name" class="control-label"></label>
                <input asp-for="Name" class="form-control" />
            </div>
            <br />
            <input type="submit" value="Create" class="btn btn-success" />
        </form>
    </div>
</div>

You can now run the application and try to click the “Create New” button. You should see the page similar to the following screenshot.

Try to create some ToDo items using the above form, and all items will be added to the list and session.

Summary
NCache is an ideal solution for managing sessions in high-traffic or distributed web applications. In this article, we learned how application resilience and user experience can be enhanced using NCache features like session replication, high availability, and fault tolerance. We also learned how to install, configure, and use NCache for simple data caching as well as session data caching.

Many times new developers stumble upon a very simple task, “sending emails” over the .NET framework. Well, I am not going to cover any specific language here (C# or VB.NET, Visual C++ you're also included), I will talk generally about the .NET framework and the assemblies exposed by the .NET framework for sending the emails, using your own SMTP server's settings, such as username/word combination, port number and (most especially) the hostname for your SMTP server.

Background
Emails stand for electronic mail and they are widely used on a regular basis for communication. You can send an email for sharing text data or you can send your albums over emails easily. Email has been a part of internet entertainment for a great time and people use a variety of email clients, some love online clients for example Gmail, Yahoo! and so on and some prefer an offline version of their email clients that use an internet connection to download the emails from a server, such as Thunderbird, Outlook and so on.

But the fact is that all of them use the same protocol for transferring emails over the internet network. In this article, I will talk about sending emails over the network, downloading the emails is a totally separate topic and would have a separate protocol working in the back end to download the emails from the server.

Sending the emails
Emails are sent using the SMTP protocol, over the internet. It is similar to the Hypertext protocol (not in the manner of communication, but in a way that is a protocol for communication). For more on SMTP, you can find yourself glad to read the Wikipedia page, I am not going in-depth of the protocol here, instead, I will just elaborate on the methods to send the emails over the .NET framework.
What does the .NET framework offer?

The .NET Framework (who is oblivious to that?) has many cool assemblies for us to work with, using our favorite languages, from C# to C++ and the assemblies in the .NET framework allow us to focus on the quality of the application and the logic, leaving the rest of the low-level coding to the framework itself, including and most especially the garbage collection like stuff and memory management.

.NET framework has a namespace, known as System.Net. This namespace is responsible for the network communication for the .NET applications. But we will be more concerned about the System.Net.Mail namespace, for working with the mail protocol that exposes the SmtpClient,MailMessage classes for us to easily just our data to the objects and send the email using the .NET framework.

Creating the module for sending email
Since the .NET framework exposes many frameworks to create your applications over, starting from something as basic as a Console application, to as much user-friendly as Windows Presentation Foundation. The interesting thing is that in the .NET framework, the same code can be used on the back-end of a Console app and the WPF application. So, the code that would be used to send the email in a Console application is just the same as you would be using for the WPF application. That is why I am not going to specify any framework, instead, I will use a Console application for our project, to be simpler to be understood and to focus more on the code instead. You can (in your own IDE) create any kind of application you want, from Windows Forms to WPF to a web application (using ASP.NET).

Once your application has been created, you can create a simple module (function; not to be confused with the VB.NET's Module). Inside that, you can write the following code, don't worry I will explain the code in the future section of the article.
// You should use a using statement
using (SmtpClient client = new SmtpClient("<smtp-server-address>", 25))
{
    // Configure the client
    client.EnableSsl = true;
    client.Credentials = new NetworkCredential("<username>", "<word>");
    // client.UseDefaultCredentials = true;

    // A client has been created, now you need to create a MailMessage object
    MailMessage message = new MailMessage(
        "[email protected]", // From field
        "[email protected]", // Recipient field
        "Hello", // Subject of the email message
        "World!" // Email message body
    );

    // Send the message
    client.Send(message);

    /*
     * Since I was using the Console app, that is why I am able to use the Console
     * object, your framework would have different ones.
     * There is actually no need for these following lines, you can ignore them
     * if you want to. SMTP protocol would still send the email yours.
     */

    // Print a notification message
    Console.WriteLine("Email has been sent.");
    // Just for the sake of pausing the application
    Console.Read();
}

Voila, (if you added correct details in the preceding code) you would have your emails sent to the destination without any trouble, apart from an internet connection trouble. Now let us dissect the code into pieces and understand what happened, then I will mention a few problems that arise in programming and cause havoc for new developers in understanding the entire process including the errors that are raised due to problems in connections and so on.
Explanation of the preceding code

The first step in the code is the usage of the using statement. In the .NET framework, you stumble upon various objects that use resources that need to be disposed of properly, or at least closed. For example, when a file is created it is required to call the Close() function before any other process can use that file, similarly, some processes require that you can a Dispose() function on them, to release all the resources. But you can use a using statement, to let the .NET framework take care of all of the objects that need such functions to be called themselves. For example, in the following code.

using (SmtpClient client = new SmtpClient())
{
    // code here
}

Is better than
SmtpClient client = new SmtpClient();
// code here..
client.Dispose();

Due to many specific factors, that I am not going to talk about here. That leaves the discussion about the using statement, you will find a few deeper details about using statements on MSDN documentation.

Next comes the SmtpClient object. The SmtpClient creates an object that establishes the connection between your machine and the SMTP server you're using. SmtpClient requires you to set up a few things in it.

• The hostname is the name of your SMTP server's address in string format.
• The Port that you will be using to connect, default is 25 (TCP port).
• Most of the connections require that you set the SSL active. You can see that happening in our code too.
• Credentials are required before you can use a service, most of the servers (Gmail, Outlook, and so on) require that you send a username/word combination to send email from your account using the SMTP protocol. That is why in most cases default credentials forward the developers into errors. We use a NetworkCredential object (from System.Net namespace) to our username/word to the server.

Since SmtpClient is disposable we're using it inside a using statement. We're about to send an email, and for that, we create an object called MailMessage and our data to it. MailMessage object can set the From, To, Subject, and Body fields of an email message and then can be sent. You can see in our example, that we're using the constructor to create the MailMessage object that would hold the data for our From, To, Subject, and Body fields.

Finally, we're sending the email using the Send() function. The interesting thing is, in a GUI framework such as WPF or Windows Forms, we should be using SendAsync for the sake of asynchrony in our application that would help us to create a fluid GUI for our application, otherwise, the application would stay stuck until the email has been sent and the control continues from this line of code. To learn more about asynchronous programming, please move to the MSDN link and learn more from there, they've got great content for beginners like you.

A few errors in the programming
Generally, there are always errors that developers miss and then they become about “Where did I miss it?”. Similarly, in sending the email and establishing a secure connection, there are usually many problems, some are syntax, some are logical, but I would talk about the connection errors that might be raised. I tried to raise some exceptions myself to share them with you here, for you to understand when these exceptions might cause problems for your environment.

Usually, the exceptions in the connection are raised only at the Send, or SendAsync method when the SmtpClient is not able to send your email successfully. It can be due to a connection problem, authentication problem, or any other problem.

Problems with SMTP hostname
A general problem can be the hostname that you're in to the client to connect to, it must be correct and without the “http://“. You might stumble upon such a problem.

Hostname could not be resolved, because it has “http://” in it. Just the smtp.gmail.com, if you're using Gmail as your SMTP server. Otherwise, you should contact the SMTP developers for their SMTP hostname.

This would be resolved, by making sure that the hostname is correct. Every SMTP provider has its own settings for its server. Make sure you're using the correct ones. This is the first problem you would stumble upon if you're going to get any error. Failure to send mail can also be raised if the Firewall is blocking the network.

Another problem with the SmtpClient is, if you're not using the correct port number, then the connection might not be established and the worst thing is that there won't be any exception raised. For example, use port number 295. The command would continue to execute without any success message or exception. Make sure you're using the correct port number, otherwise, use the default TCP port number; 25. Port number 25 always works for me.

Errors authenticating the user
Whereas servers require the correct authentication, it is necessary that you the correct and required authentication details to the server. The first stage is to enable the SSL over your connection. Usually, servers close the connection if the connection isn't over SSL. Recall the code in this article and see the enable SSL command as in the following.
client.EnableSsl = true;

After this, you should ensure that you're using the correct combination of your username and word. If they're incorrect, the server is free to close the connection. The following exception is raised if any of such (authentication) problems occur in your application.

The server requires an SSL connection or the correct username/word combination. Make sure you're not wrong in both of these scenarios. Once these problems are resolved (and other problems don't arise) your email will be sent and you will see a success message in your application. Mine showed me the following.

Email successfully sent! Success message in the Console application.

Points of Interest
In the .NET Framework, you can use the System.Net and its namespace to work with the network. For mailing, you use the System.Net.Mail namespace. System.Net.Mail exposes a SmtpClient object, that uses a hostname and a port to connect to the SMTP server for sending the emails. Some of the servers require an SSL connection and credentials (username/word combination).

MailMessage is the object you would use to send the email, you can fill this object with the From, To, Subject, and Body fields of your email message. SmtpClient would send this object, you can use Send or SendAsync methods to send an email, depending on your framework and the methods that you would use to send the email.

Exceptions are raised in SmtpClient when the code reaches the Send (or SendAsync) function. That is because connection problems occur at this stage, the server tells the .NET framework for the errors in sending the email, and the exception is raised. Usually, the exceptions are raised for the following factors.

• The username/word is incorrect.
• SSL is not enabled.
• The hostname is not correct, so the SmtpClient was not able to establish the connection at all.
• If the port number is incorrect, there is no error message at all. This is a tricky part for every developer. You can minimize this problem by using 25 (the default TCP port).

SmtpClient exposes the Dispose() function, which is why it is better to use the SmtpClient object in a using statement, not just as a simple (and ordinary) object to call dispose of over later. Using a statement lets you leave the release of the resources to the .NET framework itself.

For those looking for a VB.NET code, you can use the Telerik converter to convert your C# code to VB.NET code (or vice versa).

.NET allows you to use the same code over various frameworks and platforms that run over . NET. Such as WPF, Console app, and ASP.NET web applications. That is why you can use this code above in nearly all of your applications, no matter the software apps, web apps, or whatever client application you're creating until it runs over the .NET framework. Because these assemblies are present in .NET, not in the language itself.

This tutorial will show you how to use a custom pipeline processor to process fields in a Sitecore environment. In particular, we will deal with LinkField types to make sure that, for further security, external links have the rel="noopener noreferrer" tag. First, we'll look at the ExternalLinks class's C# code, which adds the required characteristics and processes the LinkField. The pipeline configuration that adds our custom processor into the Sitecore renderField pipeline will then be examined in the.config file.

You will know how to design and set up a custom pipeline processor in Sitecore to efficiently manage external links at the end of this lesson. Let's get started!

Pipeline C# Code
In this code we process a field in a Sitecore context, specifically handling LinkField types. It ensures that external links have the rel="noopener noreferrer" attribute added for security purposes.
public class ExternalLinks
{
    public void Process(RenderFieldArgs args)
    {
        Assert.ArgumentNotNull(args, "args");

        if (Sitecore.Context.Site.DisplayMode == Sitecore.Sites.DisplayMode.Edit)
            return;

        var field = FieldTypeManager.GetField(args.GetField());

        if (field is LinkField linkField)
        {
            if (linkField.IsInternal || string.IsNullOrEmpty(linkField.Url))
                return;

            args.Parameters.Add("rel", "noopener noreferrer");
        }
    }
}

Pipeline .config
And now we have here the configuration of the pipeline. This configuration sets up the ExternalLinks class to be executed as part of the renderField pipeline in Sitecore. It ensures that the ExternalLinks processor runs after the GetLinkFieldValue processor. Additionally, it includes a setting to control the protection of external links with a target="_blank" attribute.

<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
    <sitecore>
        <settings>
            <setting name="ProtectExternalLinksWithBlankTarget" value="false" />
        </settings>
        <pipelines>
            <renderField>
                <processor
                    type="Foundation.Infrastructure.Pipelines.ExternalLinks, Foundation.Infrastructure"
                    patch:after="processor[@type='Sitecore.Pipelines.RenderField.GetLinkFieldValue, Sitecore.Kernel']" />
            </renderField>
        </pipelines>
    </sitecore>
</configuration>

Thanks for reading!

And that's it! We created a custom pipeline processor in Sitecore to handle LinkField types. The ExternalLinks class ensures external links include the rel="noopener noreferrer" attribute for security. We integrated this processor into the renderField pipeline, ensuring it runs after the GetLinkFieldValue processor. This setup helps maintain the security and integrity of external links in your Sitecore application.

If you have any questions or ideas in mind, it'll be a pleasure to be able to be in communication with you, and together exchange knowledge with each other.

We will discuss ASP.NET Core IAuthorizationFilter in this article.

What is the Authorization Filter?
The Authorization Filter allows us to apply authorization rules to controllers and actions within our application. Authorization Filters in ASP.NET Core are responsible for checking whether a user is allowed to perform an action or access a resource. These filters run before the action method is executed, ensuring the user has permission to access the method.

Authorization filters are executed after the routing but before model binding and other action filters. If the authorization fails (e.g., the user does not have the required permissions), the filter short-circuits the request, and the action method does not execute.
IAuthorizationFilter

In ASP.NET Core, IAuthorizationFilter is an interface that allows you to perform authorization checks on an action or a controller before the action executes. Implementing this interface gives you the ability to enforce security and authorization rules within your application.

Advantages of IAuthorizationFilter

• Centralized Authorization Logic: By using filters, you can centralize your authorization logic, making it easier to maintain and manage. You can apply the same filter to multiple controllers or actions.
• Separation of Concerns: Filters support the separation of concerns in your application. They promote clean architecture by isolating authorization logic from business logic.
• Flexibility: Since filters can be applied at the action or controller level, you have the flexibility to handle different authorization requirements for different endpoints easily.
• Access to Action Context: The `IAuthorizationFilter` provides access to the `ActionExecutingContext`, which contains information about the current request, the action is executed, and route data. This allows for dynamic authorization checks based on the context.
• Built-in to ASP.NET Core: It is part of the ASP.NET Core framework, which means it is well-integrated with the rest of the framework and benefits from the built-in dependency injection features.
• Chain of Responsibility: Multiple filters can be applied to a single action. This allows for a chain of responsibility pattern, where different filters can be called in a defined order.

Disadvantages of IAuthorizationFilter

• Performance Impact: If your authorization logic involves heavy or synchronous operations (like database calls), it can slow down request processing. This is critical if the logic is not optimized or you make external calls during authorization checks.
• Complexity in Conditional Logic: Complex authorization requirements that depend on various conditions may lead to complicated filter implementations, making it harder to read and maintain.
• Limited to Action Execution: Authorization filters are only executed before the action method is called. You cannot use them to enforce rules after action execution, such as in the response pipeline.
• Difficulty in Testing: If your authorization logic is embedded within the filters, unit testing may become more complex since you'll need to mock the entire filter environment.

Example

public class CustomAuthorizationFilter : IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        // Implement your authorization logic here
        var user = context.HttpContext.User;

        if (!user.Identity.IsAuthenticated)
        {
            // User is not authenticated, return a 403 Forbidden response
            context.Result = new ForbidResult();
        }
    }
}

// Register the filter in Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllers(options =>
    {
        options.Filters.Add<CustomAuthorizationFilter>();
    });
}

// Above .net 6

builder.Services.AddScoped<CustomAuthorizationFilter>();

[ApiController]
[Route("[controller]")]
[ServiceFilter(typeof(CustomAuthorizationFilter))]
public class HomeController : ControllerBase
{
    [HttpGet]
    public IActionResult GetAuthorized()
    {
        return Ok("You are authorized!");
    }
}

Serialization is the process of transforming an item into a format (XML, JSON, SOAP, or binary) that is suitable for easy storage or transmission. The opposite procedure, known as deserialization, transforms the serialized data back into an object.

Types of Serialization Process

• XML Serialization
• JSON Serialization
• Binary Serialization
• SOAP Serialization

1. XML Serialization
XML serialization in .NET involves the process of transforming an object into an XML format, which facilitates easy storage, transfer, or sharing across different systems. In contrast to binary or SOAP serialization, XML serialization primarily focuses on the public fields and properties of an object, thereby providing a more straightforward and transparent method for data representation.

Features

• Transform an object into XML format.
• The predominant form of serialization is utilized for interoperability.
• Public properties and fields undergo serialization, while private ones remain excluded.
• Frequently employed in web services, configuration files, and for storage that is easily readable by humans.

Step 1. Create a class for XML serialization like the one below.
EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the class EmployeeDetails.cs and save it according to the specified path.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the XML file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location
    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }
    private void XmlSerialization_Click(object sender, RoutedEventArgs e)
    {
        // Create the XmlSerializer for the EmployeeDetails type
        XmlSerializer serializer = new XmlSerializer(typeof(EmployeeDetails));
        // Serialize the object to the specified location
        using (StreamWriter writer = new StreamWriter(Path.Combine(filePath, "Employee.xml")))
        {
            serializer.Serialize(writer, employee);
        }
    }
}Step 3. DeSerialize the class EmployeeDetails.cs like below.
private void XmlDESerialization_Click(object sender, RoutedEventArgs e)
{
    XmlSerializer serializer = new XmlSerializer(typeof(EmployeeDetails));
    using (StreamReader reader = new StreamReader(Path.Combine(filePath, "Employee.xml")))
    {
        EmployeeDetails employeeDetails = (EmployeeDetails)serializer.Deserialize(reader);
        MessageBox.Show($"Name: {employeeDetails.Name}, Age: {employeeDetails.Age}, Address: {employeeDetails.Address}, EmployeeType: {employeeDetails.EmployeeType}, Hobbies: {employeeDetails.Hobbies}");
    }
}

2. JSON Serialization
In C#, JSON serialization is the process of transforming an object into a JSON string, while deserialization involves converting a JSON string back into an object. The System.Text.Json or Newtonsoft.Json libraries can be utilized for these operations.Features

• Transform an object into JSON format.
• It is commonly utilized for web APIs, configuration files, and efficient data storage.
• JSON serialization is supported by both the System.Text.Json and Newtonsoft.Json libraries.

Step 1. Create a class for JSON serialization like the one below.
EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the EmployeeDetails.cs class into JSON format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the json file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location

    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }

    private void JsonSerialization_Click(object sender, RoutedEventArgs e)
    {
        string jsonString = JsonConvert.SerializeObject(employee, Formatting.Indented);
        File.WriteAllText(Path.Combine(filePath, "Employee.json"), jsonString);
        Debug.WriteLine("Object serialized to employee.json");
    }

    private void JsonDESerialization_Click(object sender, RoutedEventArgs e)
    {
        string jsonString = File.ReadAllText(Path.Combine(filePath, "Employee.json"));
        EmployeeDetails employee = JsonConvert.DeserializeObject<EmployeeDetails>(jsonString);
        MessageBox.Show($"Name: {employee.Name}, Age: {employee.Age}, Address: {employee.Address}, EmployeeType: {employee.EmployeeType}, Hobbies: {employee.Hobbies}");
    }
}

3. Binary Serialization
Binary serialization refers to the method of transforming an object into a binary format, enabling it to be saved in a file, transmitted across a network, or exchanged between applications. After the object has been serialized into binary, it can subsequently be deserialized, restoring it to its original state.

Features

• Transform an object into a binary representation.
• Optimized for size, though not easily interpretable by humans.
• It necessitates that the object is annotated with the [Serializable] attribute.
• Frequently employed for saving objects to storage or for communication between applications.

Step 1. Create a class for Binary serialization like the one below.EmployeeDetails.cs
[Serializable]
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the EmployeeDetails.cs class in binary format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the Binary file will be saved
    string filePath = @"C:\Users\Peter\Desktop\Peter\SerailizedPath\";  // Change this to your desired location

    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }

    [Obsolete]
    private void BinarySerialization_Click(object sender, RoutedEventArgs e)
    {
        BinaryFormatter formatter = new BinaryFormatter();

        using (FileStream stream = new FileStream(Path.Combine(filePath, "Employee.dat"), FileMode.Create))
        {
            formatter.Serialize(stream, employee);
        }

        Debug.WriteLine("Object serialized to employee.dat");
    }
}

Step 3. DeSerialize the class EmployeeDetails.cs like below.
[Obsolete]
private void BinaryDESerialization_Click(object sender, RoutedEventArgs e)
{
    BinaryFormatter formatter = new BinaryFormatter();
    using (FileStream stream = new FileStream(Path.Combine(filePath, "employee.dat"), FileMode.Open))
    {
        EmployeeDetails person = (EmployeeDetails)formatter.Deserialize(stream);
        MessageBox.Show($"Name: {person.Name}, Age: {person.Age}, Address: {person.Address}, EmployeeType: {person.EmployeeType}, Hobbies: {person.Hobbies}");
    }
}

4. SOAP Serialization
It refers to the method of transforming an object into the XML format defined by the Simple Object Access Protocol (SOAP), facilitating its transmission across a network, particularly within web services. While SOAP was widely utilized in earlier web service architectures, its prevalence has diminished in recent years, largely due to the increasing adoption of RESTful APIs and JSON serialization.

Features

• Utilizes the SOAP (Simple Object Access Protocol) format.
• Traditionally employed in web services.

Step 1. Add the “SoapFormatter” Nuget package as shown below.

Step 2. Create a class for soap serialization like the one below.

EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 3. Serialize the EmployeeDetails.cs class into Soap format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;
    // Specify the file path where the Soap file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location
    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }
    private void SoapSerialization_Click(object sender, RoutedEventArgs e)
    {
        SoapFormatter formatter = new SoapFormatter();
        using (FileStream stream = new FileStream(Path.Combine(filePath, "Employee.soap"), FileMode.Create))
        {
            formatter.Serialize(stream, employee);
        }
        Debug.WriteLine("Object serialized to employee.soap");
    }
}

Step 4. DeSerialize the class EmployeeDetails.cs like below.
private void SoapDESerialization_Click(object sender, RoutedEventArgs e)
{
    SoapFormatter formatter = new SoapFormatter();
    using (FileStream stream = new FileStream(Path.Combine(filePath, "employee.soap"), FileMode.Open))
    {
        EmployeeDetails person = (EmployeeDetails)formatter.Deserialize(stream);
        MessageBox.Show($"Name: {person.Name}, Age: {person.Age}, Address: {person.Address}, EmployeeType: {person.EmployeeType}, Hobbies: {person.Hobbies}");
    }
}

Note. The results of all the aforementioned formats can be observed by executing the application as demonstrated below. Various serialization methods cater to distinct use cases influenced by requirements for performance, interoperability, and readability.

Serialization methods

We'll be using SQL SMO(SQL Management Objects).

First of All, you need to add a reference to the Microsoft.SqlServer.smo.dll file which is located in.

• For 64-bit Windows 7:[Your drive]:\Program Files (x86)\Microsoft SQL Server\100\SDK\Assemblies\Microsoft.SqlServer.Smo.dll.
• For 32-bit Windows 7:[Your drive]:\Program Files\Microsoft SQL Server\100\SDK\Assemblies\Microsoft.SqlServer.Smo.dll.

Now that we've added it to our project, we can start coding!

Add a ListBox control to your project.
DataTable dataTable = SmoApplication.EnumAvailableSqlServers(true);
listBox1.ValueMember = "Name";
listBox1.DataSource = dataTable;

By running this code alone,you'll get all the available sql servers inside your listbox control.

Ok, let's develop it further. Let's see what databases our instances have. So to do this, you need to add another ListBox.Then in your listbox1's selectedindexchanged event, you need to check which server selected. So you need to create a server object first.

After this, you'll iterate through this server to populate all the databases in the newly created Listbox.

Here is the code to do that.
listBox2.Items.Clear();
if (listBox1.SelectedIndex != -1) {
    string serverName = listBox1.SelectedValue.ToString();
    Server server = new Server(serverName);
    try {
        foreach (Database database in server.Databases) {
            listBox2.Items.Add(database.Name);
        }
    } catch (Exception ex) {
        string exception = ex.Message;
    }
}

After we run the project we'll be getting our Databases.

Hope it helps!

We'll attempt to use custom middleware to alter HttpResponse in this post. After developing custom middleware, we will alter the response. The middleware will alter the HttpResponse each time the request is returned to the client.

public class CustomResponseMiddleWare
{
    private readonly RequestDelegate _next;
    public CustomResponseMiddleWare(RequestDelegate next)
    {
        _next = next;
    }
    public async Task InvokeAsync(HttpContext context)
    {
        context.Response.Headers["CustomHeader"] = "This middleware added by Peter";
        await _next(context);
    }
}

We have created custom middleware and added a new header at the invoke method.

Program.cs
using SampleHttpResponseModify;

var builder = WebApplication.CreateBuilder(args);
// Add services to the container
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Use custom middleware
app.UseMiddleware<CustomResponseMiddleWare>();
// Configure the HTTP request pipeline
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();

Register middleware at the program. cs.
app.UseMiddleware<CustomResponseMiddleWare>();

When we ran the application and inspected it, we found a custom-added header in the response.Now let us try to modify the Http header when a particular API is called.
Consider i want to add an extra header when we call weather API only then do we have to add condition on middleware like below.
public class CustomResponseMiddleWare
{
    private readonly RequestDelegate _next;
    public CustomResponseMiddleWare(RequestDelegate next)
    {
        _next = next;
    }
    public async Task InvokeAsync(HttpContext context)
    {
        context.Response.Headers["CustomHeader"] = "This middleware added by Peter";
        if (context.Request.Path.Value == "/WeatherForecast")
        {
            context.Response.Headers["CustomeHeadernparticularRequest"] = "This is header added when this path found";
        }
        await _next(context);
    }
}

We have added the below condition only, so if the below path is found then only add an extra header.
if (context.Request.Path.Value == "/WeatherForecast")
{
    context.Response.Headers["CustomeHeadernparticularRequest"] = "This is header added when this path found";
}

Response on WeatherForcast API. We can see the additional header is coming.

Another learning point here is a sequence of middleware in the program.cs. If we move the position of UseMiddleware then we will find that this middleware is not calling due to incorrect positions or order of middleware.

Conclusion
We have learned about how to modify http headers using custom middleware. Keep learning and Keep Enjoying.

Load balancing is essential in distributed systems and web applications to ensure that traffic is efficiently distributed across multiple servers or resources.

Reverse Proxy
A reverse proxy is a server that sits between client devices (e.g., browsers) and the backend servers, forwarding client requests to the appropriate server and then returning the server's response to the client.

Sticky Sessions
Sticky sessions (also known as Session Affinity) in YARP is a feature that ensures requests from a particular client are always routed to the same backend server. This is particularly important for applications that rely on server-side session data, such as when storing user state or authentication information in memory on specific servers.

YARP(Yet Another Reverse Proxy) Setup
create a new ASP.NET Core web appliLoad balancing is essential in distributed systems and web applications to ensure that traffic is efficiently distributed across multiple servers or resources.

Reverse Proxy
A reverse proxy is a server that sits between client devices (e.g., browsers) and the backend servers, forwarding client requests to the appropriate server and then returning the server's response to the client.

Sticky Sessions
Sticky sessions (also known as Session Affinity) in YARP is a feature that ensures requests from a particular client are always routed to the same backend server. This is particularly important for applications that rely on server-side session data, such as when storing user state or authentication information in memory on specific servers.

YARP(Yet Another Reverse Proxy) Setup

• create a new ASP.NET Core web application
• Install the Yarp.ReverseProxy NuGet package

Program.cs
var builder = WebApplication.CreateBuilder(args);

builder.Services.AddReverseProxy().LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));

var app = builder.Build();
app.MapReverseProxy();

app.Run();

appsettings.json
{
  "ReverseProxy": {
    "Routes": {
      "api-route": {
        "ClusterId": "api-cluster",
        "Match": {
          "Path": "{**catch-all}"
        },
        "Transforms": [
          { "PathPattern": "{**catch-all}" }
        ]
      }
    },
    "Clusters": {
      "api-cluster": {
        "SessionAffinity": {
          "Enabled": "true",
          "AffinityKeyName": "Key1",
          "Cookie": {
            "Domain": "localhost",
            "Expiration": "03:00:00",
            "IsEssential": true,
            "MaxAge": "1.00:00:00",
            "SameSite": "Strict",
            "SecurePolicy": "Always"
          }
        },
          "LoadBalancingPolicy": "RoundRobin",
          "Destinations": {
            "destination1": {
              "Address": "https://localhost:7106"
            },
            "destination2": {
              "Address": "https://localhost:7107"
            }
          }
        }
      }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Destination Address: The destination address should point to the base URL of your hosted web application.

Output
Here is the console output of round-robin policy.

Load balancer

Summary
Load balancing helps in improving the scalability, performance, availability, and security of web applications and services.

Web pages are prohibited from sending requests to a domain other than the one that provided them thanks to a security feature called Cross-Origin Resource Sharing, or CORS. Building safe and useful apps in modern web development requires knowing how to properly implement CORS, especially when utilizing Angular as a front-end framework and.NET Core 8 as a backend. The best practices and typical pitfalls for configuring CORS in a.NET Core 8 environment are described in this article.

Assume you have a friend who lives next door (another website) and a toy box at home (your website). Your mom (the browser) has a rule that states your friend can only play with their own toys. Your friend wants to play with your toys (data) in your toy box. This is to ensure that everything is secure and safe. Assume that your friend's website is funfriend.com and that yours is mycooltoys.com. CORS checks are performed if funfriend.com requests to borrow a toy from mycooltoys.com.

• Is funfriend.com allowed to borrow toys from mycooltoys.com?
• Did they follow the rules about how to ask?
• If everything is good, then your friend can borrow the toy!

Setting Up CORS in .NET Core 8

• Install Necessary Packages: If you haven't already, ensure you have the required .NET Core packages installed. In most cases, the default setup will suffice, but you can install any specific CORS libraries if needed.
• Configure CORS in Startup: In .NET Core 8, the configuration of CORS is typically done in the Program.cs file. Here’s a simple setup.

    var builder = WebApplication.CreateBuilder(args);
    // Add CORS services
    builder.Services.AddCors(options =>
    {
        options.AddPolicy("AllowAngularApp",
            builder => builder.WithOrigins("https://your-angular-app.com")
                              .AllowAnyMethod()
                              .AllowAnyHeader()
                              .AllowCredentials());
    });
    var app = builder.Build();
    // Use CORS policy
    app.UseCors("AllowAngularApp");
    app.MapControllers();
    app.Run();

• Allowing Specific Origins: For production environments, it’s crucial to specify the exact origin rather than using AllowAnyOrigin(), which is a common pitfall. Limiting allowed origins enhances security.

options.AddPolicy("AllowAngularApp",
    builder => builder.WithOrigins("https://your-angular-app.com")
                      .AllowAnyMethod()
                      .AllowAnyHeader());

• Handling Preflight Requests: Ensure your server can handle preflight requests. These are OPTIONS requests sent by browsers to check permissions. By enabling CORS and handling these requests, you ensure that your application can respond correctly.
• Allow Credentials: If your Angular application needs to send cookies or HTTP authentication information, you need to set AllowCredentials() in your CORS policy. Be cautious with this feature, as it requires that the origin is explicitly specified and cannot be set to AllowAnyOrigin().

Advanced CORS Configuration

• Customizing Allowed Methods: You can customize allowed methods if your API uses specific HTTP methods.

    options.AddPolicy("AllowAngularApp",
        builder => builder.WithOrigins("https://your-angular-app.com")
                          .WithMethods("GET", "POST", "PUT", "DELETE")
                          .AllowAnyHeader()
                          .AllowCredentials());

Setting Exposed Headers: If your API returns custom headers that the client needs to access, specify these using WithExposedHeaders.

options.AddPolicy("AllowAngularApp",
    builder => builder.WithOrigins("https://your-angular-app.com")
                      .AllowAnyMethod()
                      .AllowAnyHeader()
                      .WithExposedHeaders("X-Custom-Header")
                      .AllowCredentials());

Logging CORS Requests: For debugging purposes, you can log CORS requests to track any issues that arise. Here’s a simple logging middleware.
app.Use(async (context, next) =>
{
    if (context.Request.Headers.ContainsKey("Origin"))
    {
        var origin = context.Request.Headers["Origin"];
        Console.WriteLine($"CORS request from: {origin}");
    }
    await next();
});

Best Practices

• Limit Origins: Always specify the exact origins that are permitted to interact with your API. Avoid using wildcards (*) as they expose your API to potential security risks.
• Use HTTPS: Ensure both your .NET Core backend and Angular frontend are served over HTTPS. This secures data in transit and enhances trustworthiness.
• Regularly Review CORS Policies: As your application grows and evolves, periodically review your CORS configurations to ensure they align with current security requirements.
• Test CORS Configurations: Use tools like Postman or browser developer tools to test your CORS setup. Check for errors and ensure your API is returning the expected headers.
• Document Your API: Clearly document the CORS policies and allowed origins in your API documentation. This helps other developers understand how to interact with your API correctly.

Common Pitfalls

• Misconfigured Allowed Origins: One of the most frequent mistakes is misconfiguring allowed origins. Double-check the exact URLs, including the protocol (HTTP vs. HTTPS) and any potential trailing slashes.
• Forgetting to Apply CORS Middleware: Ensure that the UseCors middleware is applied before any endpoints are mapped. Placing it after endpoint mapping can lead to unexpected behaviors.
• AllowAnyOrigin with AllowCredentials: This combination is not allowed and will cause CORS requests to fail. If you need credentials, specify the exact origins.
• Not Handling OPTIONS Requests: Ignoring the preflight OPTIONS requests can lead to issues when your API is accessed from different origins. Ensure your server can properly handle these requests.

Example
Default

Allowing Specific Origins

Conclusion
Implementing CORS in .NET Core 8 for Angular applications is crucial for creating a secure and functional web application. By following best practices and being aware of common pitfalls, you can ensure that your CORS setup is both effective and secure. Regularly revisiting your CORS configuration as your application evolves will help maintain security and functionality in the long run.

Happy Coding!