This kind of testing includes evaluating several software components simultaneously, from beginning to end, and evaluates them collectively. Integration testing in the structured development process uses unit-tested modules as input, aggregates them into a bigger set, and runs integration tests according to the test plan's specifications to produce output results that trigger system testing. Because it allows you to test the system in real-time and gain valuable insights into how it functions, integration testing is crucial.

Difference between unit testing and integration testing
In unit testing, we concentrate on a brief section of code, typically one function or method. Verifying that a piece of code is functioning and delivering the desired outcome is the aim. In order to test the logic using fictitious data, external dependencies like as databases, APIs, or services are typically mocked.

Integration testing examines how various system components interact with one another. Integration tests, as opposed to unit tests, verify that the integrated components function as intended in a realistic setting by using real or in-memory databases and other services. For a deeper understanding, let's dive right into the code.

Setting Up the .NET Core Project for Integration Testing
In this project, we will create a test environment using docker containers to create the test db using Postgres docker image. Create a test project inside your project solution using the .NET XUnit template.

Let's install all the necessary Nuget packages. Below is a list of packages that are required for testing.

• Microsoft.AspNetCore.Mvc.Testing
• AutoFixture
• AutoFixture.AutoMoq
• Testcontainers
• Test containers.PostgreSQL

For setting up the test environment we need to use the WebApplicationFactory class provided by Microsoft.Net.

Understanding the WebApplicationFactory
WebApplicationFactory<TEntryPoint> is used to create a TestServer for integration tests. `TEntryPoint` refers to the entry point class of the System Under Test (SUT), which is usually the Program.cs class.

To use this in our testing project, we first need to expose the Program.cs class. The reason for this is to inform the testing project that this is the entry point of the system.
There are two ways to expose the Program.cs class to the testing project.
First, add the below XML in your starting project (WebAPI project).

The second is to create a partial class with the name public partial class Program { }

Setting up the Postgres container for our testing environment requires us to construct a customized version of our WebApplicationFactory class. The WebApplicationFactory class, which is inherited and implements the IAsyncLifetime interface, is modified in the version shown below. With this implementation, all resources acquired by the test environment or Docker container are released once our tests in Visual Studio Test Explorer have concluded, ensuring that the Postgres container is disposed of appropriately.

We also need to set up Docker Compose to fetch the latest PostgreSQL image. Right-click on the solution, then choose the "Container Orchestration Support" option and select Docker Compose. This will automatically add the required files to your solution. Add the below to your docker-compose.yml file.

To signal that the class contains tests and to offer shared object instances among the tests in the class, test classes implement the IClassFixture class fixture interface. To do that, let's implement IClassFixture<TWebAppFactory> and create a BaseIntegrationTest Class.

To construct a completely functional test environment, we must create a database and the necessary tables inside it after retrieving the Postgres image. Include migration code in the BaseIntegrationTest class's constructor as well.

Now we are all set with the test environment and let's move to the actual test. Create a test class in my case.

Now let's run the test from VisualStudio Test Explorer; also, add a docker desktop to your PC. When we run the test first it will fetch the image from the docker hub with the label "postgres: label" and set up the container with our provided configuration in the docker-compose.yml file.

Docker fetched the PostgreSQL image for us.

Here, you can also create containers, and those containers will automatically be disposed of after the test finishes.

As you can see from the result, our test has also been passed also.

Conclusion
Integration testing ensures that different components of an application work together correctly, validating end-to-end functionality and detecting issues not covered by unit tests. It is crucial for identifying integration problems and verifying that the system meets its requirements as a whole. Thanks for reading!

Step 1: Create an account on Stripe and obtain credentials
You must get your API keys and create a Stripe account before you can begin the integration. Take these actions.

• Visit stripe.com to register or log in to Stripe.
• Open the Dashboard and find the API area.
• Make a copy of your publishable key and secret key. These keys are going to be used for Stripe application authentication.

Step 2: Make an application using the.NET API
To integrate Stripe, create a new ASP.NET Core API application. Download the.NET SDK from the.NET website if it isn't already installed on your computer.
Launch a terminal or command prompt.

The command to start a new API project is as follows.
dotnet new webapi -n SubscriptionSystem

Navigate to the project directory.
cd SubscriptionSystem

Step 3: Set Up Stripe in .NET
To use Stripe, install the Stripe NuGet package in your .NET application.

Install the Stripe package.
dotnet add package Stripe.net

Add your Stripe secret key to the configuration.

Open appsettings.json and add the following.
{
  "Stripe": {
    "SecretKey": "your_stripe_secret_key"
  }
}

Step 4: Implement Subscription Functionality
Now, let's implement the subscription functionality. We will create a StripeController to handle the subscription process.

Creating the DTOs
First, create the necessary DTOs for handling Stripe data.

PaymentDto.cs
namespace SubscriptionSystem.Dtos
{
    public class PaymentDto
    {
        public string PaymentMethodId { get; set; }
        public string CustomerId { get; set; }
    }
}

StripePaymentRequestDto.cs
namespace SubscriptionSystem.Dtos
{
    public class StripePaymentRequestDto
    {
        public string Email { get; set; }
        public string PaymentMethodId { get; set; }
    }
}

StripeProductDto.cs
namespace SubscriptionSystem.Dtos
{
    public class StripeProductDto
    {
        public string Id { get; set; }
        public string Name { get; set; }
        public long Amount { get; set; }
        public string Currency { get; set; }
        public string Interval { get; set; }
    }
}

SubscriptionDto.cs
namespace SubscriptionSystem.Dtos
{
    public class SubscriptionDto
    {
        public string SubscriptionId { get; set; }
        public string CustomerId { get; set; }
        public string ProductId { get; set; }
    }
}

Creating the Service Interface and Implementation
Create an interface for the Stripe service and its implementation.

IStripeService.cs
using SubscriptionSystem.Dtos;

namespace SubscriptionSystem.Interfaces
{
    public interface IStripeService
    {
        Task<string> CreateCustomerAsync(string email, string paymentMethodId);
        Task<string> CreateSubscriptionAsync(string customerId, string priceId);
        Task CancelSubscriptionAsync(string subscriptionId);
        Task<StripeProductDto> CreateProductAsync(string name, long amount, string currency, string interval);
    }
}

StripeService.cs
using Stripe;
using SubscriptionSystem.Dtos;
using SubscriptionSystem.Interfaces;

namespace SubscriptionSystem.Services
{
    public class StripeService : IStripeService
    {
        public async Task<string> CreateCustomerAsync(string email, string paymentMethodId)
        {
            var options = new CustomerCreateOptions
            {
                Email = email,
                PaymentMethod = paymentMethodId,
                InvoiceSettings = new CustomerInvoiceSettingsOptions
                {
                    DefaultPaymentMethod = paymentMethodId
                }
            };
            var service = new CustomerService();
            var customer = await service.CreateAsync(options);
            return customer.Id;
        }

        public async Task<string> CreateSubscriptionAsync(string customerId, string priceId)
        {
            var options = new SubscriptionCreateOptions
            {
                Customer = customerId,
                Items = new List<SubscriptionItemOptions>
                {
                    new SubscriptionItemOptions { Price = priceId }
                },
                Expand = new List<string> { "latest_invoice.payment_intent" }
            };
            var service = new SubscriptionService();
            var subscription = await service.CreateAsync(options);
            return subscription.Id;
        }

        public async Task CancelSubscriptionAsync(string subscriptionId)
        {
            var service = new SubscriptionService();
            await service.CancelAsync(subscriptionId);
        }

        public async Task<StripeProductDto> CreateProductAsync(string name, long amount, string currency, string interval)
        {
            var productOptions = new ProductCreateOptions
            {
                Name = name,
            };
            var productService = new ProductService();
            var product = await productService.CreateAsync(productOptions);

            var priceOptions = new PriceCreateOptions
            {
                UnitAmount = amount,
                Currency = currency,
                Recurring = new PriceRecurringOptions { Interval = interval },
                Product = product.Id,
            };
            var priceService = new PriceService();
            var price = await priceService.CreateAsync(priceOptions);

            return new StripeProductDto
            {
                Id = price.Id,
                Name = product.Name,
                Amount = price.UnitAmount.Value,
                Currency = price.Currency,
                Interval = price.Recurring.Interval
            };
        }
    }
}

Creating the Controller
Create a StripeController to handle the subscription process.
StripeController.cs

using Microsoft.AspNetCore.Mvc;
using SubscriptionSystem.Dtos;
using SubscriptionSystem.Interfaces;

namespace SubscriptionSystem.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class StripeController : ControllerBase
    {
        private readonly IStripeService _stripeService;

        public StripeController(IStripeService stripeService)
        {
            _stripeService = stripeService;
        }

        [HttpPost("create-customer")]
        public async Task<IActionResult> CreateCustomer([FromBody] StripePaymentRequestDto paymentRequest)
        {
            var customerId = await _stripeService.CreateCustomerAsync(paymentRequest.Email, paymentRequest.PaymentMethodId);
            return Ok(new { CustomerId = customerId });
        }

        [HttpPost("create-subscription")]
        public async Task<IActionResult> CreateSubscription([FromBody] SubscriptionDto subscriptionDto)
        {
            var subscriptionId = await _stripeService.CreateSubscriptionAsync(subscriptionDto.CustomerId, subscriptionDto.ProductId);
            return Ok(new { SubscriptionId = subscriptionId });
        }

        [HttpPost("cancel-subscription")]
        public async Task<IActionResult> CancelSubscription([FromBody] SubscriptionDto subscriptionDto)
        {
            await _stripeService.CancelSubscriptionAsync(subscriptionDto.SubscriptionId);
            return NoContent();
        }

        [HttpPost("create-product")]
        public async Task<IActionResult> CreateProduct([FromBody] StripeProductDto productDto)
        {
            var product = await _stripeService.CreateProductAsync(productDto.Name, productDto.Amount, productDto.Currency, productDto.Interval);
            return Ok(product);
        }
    }
}

Step 5. Handling Stripe Webhooks
Stripe webhooks allow your application to receive notifications about changes to your customer's subscription status. To handle webhooks.

1. Create a Webhook Endpoint: This endpoint will receive webhook events from Stripe.
2. Verify the Webhook Signature: Ensure that the event is from Stripe by verifying the signature.

Setting Up the WebhookStripeController.cs[HttpPost("webhook")]
public async Task<IActionResult> Webhook()
{
    var json = await new StreamReader(HttpContext.Request.Body).ReadToEndAsync();
    try
    {
        var stripeEvent = EventUtility.ConstructEvent(
            json,
            Request.Headers["Stripe-Signature"],
            "your_stripe_webhook_secret"
        );

        // Handle the event
        if (stripeEvent.Type == Events.CustomerSubscriptionCreated)
        {
            var subscription = stripeEvent.Data.Object as Subscription;
            // Handle the subscription creation
        }
        else if (stripeEvent.Type == Events.CustomerSubscriptionDeleted)
        {
            var subscription = stripeEvent.Data.Object as Subscription;
            // Handle the subscription cancellation
        }

        return Ok();
    }
    catch (StripeException e)
    {
        return BadRequest();
    }
}

Update the Dependency Injection in the Program.cs
Make sure to register the Stripe service in the dependency injection container.

Program.cs
builder.Services.AddScoped<IStripeService, StripeService>();
builder.Services.AddScoped<ProductService>();
builder.Services.AddScoped<SubscriptionService>();

Conclusion
In this article, we went through the steps to integrate Stripe for subscription payments in an ASP.NET Core API application. This includes setting up Stripe, creating the necessary DTOs, implementing the service interface, and creating a controller to handle subscription functions. This template allows you to easily manage customer creation, product development, and subscription lifecycles. Stripe’s integration enhances your application by providing secure and reliable payment processing.

In.NET Core, access modifiers are essential for specifying how accessible classes, methods, and variables are. One of the main tenets of object-oriented programming (OOP) is encapsulation, which they assist enforce by deciding which sections of your code can access which members. The many kinds of access modifiers that are available in.NET Core will be discussed in this article, along with usage examples.

1. What are Access Modifiers?
In C#, classes, methods, properties, and other members can have their accessibility level specified using keywords called access modifiers. Access modifiers assist guard against accidental changes or misuse of your code by allowing you to manage which areas of your codebase can communicate with a specific class or member.

2. Types of Access Modifiers in .NET Core
There are five main access modifiers in .NET Core:

• Public
• Private
• Protected
• Internal
• Protected Internal
• Private Protected

Let's dive into each of these access modifiers.

3. Public Access Modifier
The public access modifier makes a class, method, or property accessible from any other code in the same assembly or another assembly that references it. It is the most permissive access level.

Example
public class Car
{
    public string Color { get; set; }
    public void Drive()
    {
        Console.WriteLine("The car is driving.");
    }
}

In this example, the Car class, its Color property, and the Drive() method are all accessible from any other code.

4. Private Access Modifier
The private access modifier restricts access to the containing class only. This means that members declared as private cannot be accessed from outside the class they are declared in.

Example

public class Car
{
    private string engineNumber;
    public void StartEngine()
    {
        Console.WriteLine("The engine has started.");
    }
}

Here, the engine number field is private and can only be accessed or modified by members of the Car class.

5. Protected Access Modifier
The protected access modifier allows access to the containing class and any class that derives from it. It is useful when you want to allow derived classes to access certain members of the base class.

Example
public class Vehicle
{
    protected int speed;
    public void Move()
    {
        Console.WriteLine("The vehicle is moving.");
    }
}
public class Car : Vehicle
{
    public void Accelerate()
    {
        speed += 10; // Accessible because Car inherits from Vehicle
        Console.WriteLine("The car is accelerating.");
    }
}

In this example, the speed field is protected, allowing the Car class to access it.

6. Internal Access Modifier
The internal access modifier limits access to the current assembly. This means that members marked as internal can be accessed by any code within the same assembly, but not from another assembly.

Example
internal class Engine
{
    internal void Start()
    {
        Console.WriteLine("Engine started.");
    }
}

Here, the Engine class and its Start() method are internal, meaning they can be accessed by any code within the same assembly but not from other assemblies.

7. Protected Internal Access Modifier
The protected internal access modifier is a combination of protected and internal. It allows access from any code within the same assembly and from derived classes in other assemblies.

Example
public class Vehicle
{
    protected internal int speed;
    public void Move()
    {
        Console.WriteLine("The vehicle is moving.");
    }
}

In this example, the speed field is accessible within the same assembly and by derived classes in other assemblies.

8. Private Protected Access Modifier
The private protected access modifier is a combination of private and protected. It allows access only within the containing class or derived classes that are within the same assembly.

Example
public class Vehicle
{
    private protected int speed;
    public void Move()
    {
        Console.WriteLine("The vehicle is moving.");
    }
}

Here, the speed field is accessible only within the Vehicle class and any derived classes in the same assembly.

9. Choosing the Right Access Modifier
Choosing the appropriate access modifier is important for maintaining the integrity and security of your code. Here are some guidelines:

• Use private for members that should only be accessible within the class.
• Use protected when you want derived classes to access members of the base class.
• Use internally for members that should be accessible across the same assembly but hidden from other assemblies.
• Use public for members that need to be accessible from any code.
• Use protected internal when you want to combine the accessibility of protected and internal.
• Use private protection when you want to restrict access to the containing class and derived classes within the same assembly.

10. Conclusion
Access modifiers are an essential part of object-oriented programming in .NET Core. They help you define the visibility and accessibility of your classes, methods, and variables, ensuring that your code is secure, modular, and easy to maintain. By understanding and correctly using access modifiers, you can better control the structure and behavior of your application, leading to more robust and reliable software.

When designing your classes and members, always consider the appropriate access level that aligns with the intended use of your code. This will help you avoid unintended access and maintain a clear and maintainable codebase.

Ever pondered the workings of a C# code? What is occurring behind the scenes? Let's dig deep into the history of C# code execution in this blog post, focusing on the crucial element known as CLR, which is in charge of carrying out our code.

Prior to delving into the fundamentals of CLR, let's grasp some fundamental ideas,

A controlled code: what is it?
Managed code, or just code that executes under the supervision of a runtime environment, is code that we write with a language compiler that targets a runtime.

Why Managed Code?
Managed code with a runtime environment gives a number of benefits.

• Memory Management
• Security
• Cross Platform compatibility
• Cross-language integrity
• Exception handling
• Debugging and profiling services etc.

How does it operate?
Every runtime loadable portable executable (PE) file, such as dll and exe, has metadata and a common Intermediate language (CIL) that identifies types, members, and references. These are produced by language compilers. This method is used by the runtime to find and load classes, arrange memory, and resolve method invocation. A built-in compiler will convert CIL to native code while the procedure is running. One way to sum up the managed code execution process is as follows.

1. Compiling source code to CIL by Language compiler]
2. Translating the CIL to native code during execution
3. Running the code using the metadata from the PE file with provided memory management, Type checking, and exception handling.

Fantastic We now understand what managed code is and how a runtime interacts with it. Let's get right into Core CLR. The runtime environment supplied by.net core, known as Core CLR, is in charge of managing code execution. There are several language compilers that target the Core CLR runtime, including Visual Basic, C#, Visual C++, F#, Perl, and COBOL. Let's use C# as an example to delve deeper into the CLR.

Our language compiler creates metadata and translates C# code into Common Intermediate Language (CIL), a low-level, CPU-independent set of instructions that was formerly known as Microsoft Intermediate Language (MSIL). A language compiler creates this intermediate, which CLR will then further compile into machine code. CLR receives this.

Let's now examine the function of CLR. CLR must compile CIL to native code based on the architecture of the target machine in order to carry out the instructions given in the form of CIL..NET offers two methods for this purpose.

1. Just-in-time compiler (JIT)
2. Native Image Generator

Just-in-time compiler
JIT converts the CIL to machine code during runtime on demand when the content of assembly is loaded and executed.

How it works?

• The method is executed, CLR hands over the CIL for the method to JIT
• JIT will translate the code to machine code
• The Generated machine code is cached, so the subsequent calls to the method will be handled from the cache.
• Native machine code is executed by the CPU.

Types of JIT
.net core runtime includes several types of JIT compilation strategies.

Tired Compilation
Aims to provide fast startup and High throughput. It involves compiling the methods in two tiers.

• Tier 0 – Quick JIT: Methods are initially compiled with minimal optimization to provide faster throughput
• Tier 1 – Optimized JIT: Methods that are executed frequently are recompiled with higher optimization.

Regular JIT
These are the regular JIT, Where the methods are initially compiled with higher optimization and cached.

• Pre-compilation (Ready to Run – R2R): R2R is a case of ahead-of-time compilation, where the CIL code is compiled to native code during the build time itself.
• Dynamic Profile Guided Optimization: This is a highly advanced option, where the runtime collects profiling information about the application while it runs and uses this data to optimize the code.

Native Image Generator
JIT compiler converts the CIL code to machine code when methods defined in the assembly are invoked. This will have a negative impact on the performance, and also, the code generated by the JIT compiler is bound to the process that triggered the compilation. It cannot be shared among other processes. To allow the generated machine code to be shared among multiple processes, the CLR supports ahead-of-time compilation (AOT) mode. This mode uses Ngen.exe I to convert CIL to machine code as JIT does, but slightly in a unique way.

How does Ngen.exe work?
It performs CIL to Machine code conversion before running the application. It compiles the entire assembly, one at a time, and stores the machine-generated code in Native Image Cache as a file on the disk.

Now let’s go back to the CLR, Let’s see what the other functionalities of CLR other are than converting CIL to Machine Code. Another key role of the CLR is to perform Verification of the CIL code. The CLR always examines the CIL code to make sure it is type-safe. Type safety means the code only accesses the memory locations it is authorized to do. This type of safety verification makes sure the objects are isolated from each other and it avoids any kind of corruption. CLR uses various verification steps like,

• Verifies the value assigned to the variable matches the declared types.
• Verifies the method calls using the correct number and type of the arguments.
• Validate the meta data and make sure the members are defined correctly matching their metadata, external libraries used are resolved properly.

Like these, various validations are available. Finally, the CLR does the job of executing the generated machine code. During this time CLR provides a lot of added functionalities like Garbage Collection, Thread Handling, Interoperability, etc. These we will discuss in detail in my upcoming blog.

According to the RFC 7515 standard, JWS (JSON Web Signature) is a small, URL-safe technique for securely conveying claims between two parties. It gives you the ability to digitally sign documents and guarantees that they weren't altered in transit. A particular kind of message authentication code (MAC) called HMAC (Hash-based Message Authentication Code) uses a secret cryptographic key along with a cryptographic hash function. When JWS is used, computing the JWS Signature with a secret key and a hash function is known as employing HMAC.

Why Use JWS HMAC?

• Integrity and Authenticity: JWS with HMAC provides both data integrity and authentication. The signature ensures that the data has not been altered, and since the HMAC key is secret, it can verify that the sender (or signer) of the JWT is who they claim to be.
• Security: HMAC is considered a strong method of ensuring data integrity because it involves a secret key, which makes it difficult to forge compared to non-keyed hashes.
• Compactness: JWS provides a compact way to securely transmit information via URLs, HTTP headers, and within other contexts where space is limited.

How to Use JWS HMAC in an ASP.NET Web Application?
You'll usually be working with JWT (JSON Web Tokens), where JWS forms the signed and encoded string, in order to employ JWS HMAC in an ASP.NET application. Here's how to put this into practice:

Step 1. Install Necessary NuGet Package
A JWT-capable library is required. System is a well-liked option.IdentityModel.Coins.JWT. NuGet can be used to install it.
Install-Package System.IdentityModel.Tokens.Jwt

Step 2. Create and Sign a JWT with HMAC
Here's how you can create a JWT and sign it using HMAC in your ASP.NET application.
using System;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
using System.Security.Claims;

public class TokenService
{
    public string GenerateToken()
    {
        var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-256-bit-secret"));
        var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);

        var tokenOptions = new JwtSecurityToken(
            issuer: "https://yourdomain.com",
            audience: "https://yourdomain.com",
            claims: new List<Claim>(),
            expires: DateTime.Now.AddMinutes(30),
            signingCredentials: signinCredentials
        );

        var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);

        return tokenString;
    }
}

Explanation

• Secret Key: This is a key used by HMAC for hashing. It should be kept secret and secure.
• Signing Credentials: Uses the secret key and specifies the HMAC SHA256 algorithm for signing.
• JwtSecurityToken: Represents the JWT data structure and allows setting properties like issuer, audience, claims, expiry time, etc.
• JwtSecurityTokenHandler: Handles the creation of the token string.

Step 3. Validate the JWT in ASP.NET
When you receive a JWT, you need to validate it to ensure it's still valid and verify its signature.
public ClaimsPrincipal ValidateToken(string token)
{
    var tokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = "https://www.hostforlifeasp.net",
        ValidAudience = "https://www.hostforlifeasp.net",
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your-256-bit-secret"))
    };

    var tokenHandler = new JwtSecurityTokenHandler();
    SecurityToken validatedToken;
    var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out validatedToken);
    return principal;
}

Note. Please change www.hostforlifeasp.net to www.yourdomain.com

This function uses JwtSecurityTokenHandler to validate the token and sets up the parameters (issuer, audience, lifetime, and signature key) that require validation. It throws an exception if the token is invalid and returns a ClaimsPrincipal with the token's claims.

Conclusion
A secure method for managing tokens for information exchange and authentication in ASP.NET is to use JWS HMAC. It gives you piece of mind and security for your online applications by making sure the tokens are authentic and unaltered.

Using a dedicated object instance of the System, developers may now improve performance and security in their multithreaded applications with the release of.NET 9 and C# 13.Threading.type of lock. The advantages of utilizing this new feature, the newly introduced compiler warnings, and the best practices for locking in earlier.NET and C# versions are all covered in this article.

System.Threading.Lock: Why Use It?
Locking a dedicated object instance of the System, starting with C# 13 and.NET 9.Threading.It is advisable to choose a lock type for best results. In multithreaded contexts, this particular lock object is intended to reduce overhead and enhance concurrency.

Warnings from compilers for increased safety
The compiler now raises warnings if a known Lock object is cast to a different type and locked in order to improve code safety. By ensuring that locks are utilized correctly and preventing potential misuse, this lowers the possibility of deadlocks and contention problems.

Best practices for Locking in Older versions

If you're working with an older version of .NET and C#, it's essential to follow best practices to avoid common pitfalls in multithreading. Here are some guidelines.

• Use a Dedicated Object Instance: Always lock on a dedicated object instance that isn't used for another purpose. This helps prevent unintended side effects and conflicts.
• Avoid Using Common Instances as Lock Objects

• Avoid this: Locking on this can lead to issues as callers might also lock the same object, causing deadlocks.
• Avoid Type Instances: Type instances obtained via the type operator or reflection can be accessed from different parts of the code, leading to unintended locks.
• Avoid string Instances: Strings, including string literals, might be interned, causing different parts of the application to inadvertently share the same lock object.

• Minimize Lock Duration: Hold a lock for the shortest time possible to reduce lock contention. This practice ensures that other threads are not blocked for extended periods, improving overall application performance.

Example of using System.Threading.Lock
Here's an example of how to use the new System.Threading.Lock in .NET 9 and C# 13.

public class MyClass
{
    private readonly System.Threading.Lock _lock = new();
    public void CriticalSection()
    {
        lock (_lock)
        {
            // Critical code here
        }
    }
}

Example
The following example defines an Account class that synchronizes access to its private balance field by locking on a dedicated balance lock instance. Using the same instance for locking ensures that two different threads can't update the balance field by calling the Debit or Credit methods simultaneously. The sample uses C# 13 and the new Lock object. If you're using an older version of C# or an older .NET library, lock an instance of an object.
using System;
using System.Threading.Tasks;
public class Account
{
    // Use `object` in versions earlier than C# 13
    private readonly System.Threading.Lock _balanceLock = new();
    private decimal _balance;
    public Account(decimal initialBalance) => _balance = initialBalance;
    public decimal Debit(decimal amount)
    {
        if (amount < 0)
        {
            throw new ArgumentOutOfRangeException(nameof(amount), "The debit amount cannot be negative.");
        }
        decimal appliedAmount = 0;
        lock (_balanceLock)
        {
            if (_balance >= amount)
            {
                _balance -= amount;
                appliedAmount = amount;
            }
        }
        return appliedAmount;
    }
    public void Credit(decimal amount)
    {
        if (amount < 0)
        {
            throw new ArgumentOutOfRangeException(nameof(amount), "The credit amount cannot be negative.");
        }

        lock (_balanceLock)
        {
            _balance += amount;
        }
    }
    public decimal GetBalance()
    {
        lock (_balanceLock)
        {
            return _balance;
        }
    }
}
class AccountTest
{
    static async Task Main()
    {
        var account = new Account(1000);
        var tasks = new Task[100];
        for (int i = 0; i < tasks.Length; i++)
        {
            tasks[i] = Task.Run(() => Update(account));
        }
        await Task.WhenAll(tasks);
        Console.WriteLine($"Account's balance is {account.GetBalance()}");
        // Output:
        // Account's balance is 2000
    }
    static void Update(Account account)
    {
        decimal[] amounts = { 0, 2, -3, 6, -2, -1, 8, -5, 11, -6 };
        foreach (var amount in amounts)
        {
            if (amount >= 0)
            {
                account.Credit(amount);
            }
            else
            {
                account.Debit(Math.Abs(amount));
            }
        }
    }
}

A centralized user authentication system called Single Sign-On (SSO) enables users to log in just once and access numerous apps. By eliminating the need for several passwords and lowering the possibility of password fatigue, SSO improves user comfort and security. This article explores utilizing IdentityServer4 to provide SSO in an ASP.NET Core application.

Comprehending SSO
A central identity provider (IdP) is given authentication duties by SSO. The service sends the user to the IDP for authentication when they try to access it. The IDP provides a token that the service uses to confirm the user's identity after successful authentication.

Why Use SSO?
Improved User Experience: Users log in once to access multiple applications.
Enhanced Security: Centralized authentication reduces password-related risks.
Simplified Management: Administrators manage a single authentication system.
Compliance: Easier to enforce security policies and compliance requirements.

Implementing SSO with ASP.NET Core and IdentityServer4
Step 1. Setting Up IdentityServer4
Create a new ASP.NET Core project
dotnet new mvc -n SSOApp
cd SSOApp

Add IdentityServer4 NuGet package
dotnet add package IdentityServer4
dotnet add package IdentityServer4.AspNetIdentity

Configure IdentityServer4 in Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryIdentityResources(Config.IdentityResources)
    .AddInMemoryApiResources(Config.ApiResources)
    .AddInMemoryClients(Config.Clients)
    .AddAspNetIdentity<ApplicationUser>();
services.AddAuthentication()
    .AddGoogle("Google", options =>
    {
        options.ClientId = "your-client-id";
        options.ClientSecret = "your-client-secret";
    });
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute();
});
}

Define Identity Resources, API Resources, and Clients in Config. cs
public static class Config
{
public static IEnumerable<IdentityResource> IdentityResources =>
    new List<IdentityResource>
    {
        new IdentityResources.OpenId(),
        new IdentityResources.Profile(),
    };
public static IEnumerable<ApiResource> ApiResources =>
    new List<ApiResource>
    {
        new ApiResource("api1", "My API")
    };
public static IEnumerable<Client> Clients =>
    new List<Client>
    {
        new Client
        {
            ClientId = "client",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets =
            {
                new Secret("secret".Sha256())
            },
            AllowedScopes = { "api1" }
        }
    };
}

Step 2. Setting Up a Client Application
Create a new ASP.NET Core MVC project
dotnet new mvc -n ClientApp
cd ClientApp

Add necessary NuGet packages
dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
dotnet add package Microsoft.AspNetCore.Authentication.Cookies

Configure authentication in Startup. cs
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
    options.Authority = "https://localhost:5001";
    options.ClientId = "client";
    options.ClientSecret = "secret";
    options.ResponseType = "code";
    options.SaveTokens = true;
    options.Scope.Add("api1");
    options.Scope.Add("offline_access");
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute();
});
}

Step 3. Testing the SSO Implementation
Run the IdentityServer4 and Client applications.
dotnet run --project SSOApp
dotnet run --project ClientApp

Access the Client application: Navigate to the Client application URL (e.g., https://localhost:5002).
Initiate Login: Click the login button to redirect you to the IdentityServer4 login page.
Authenticate: Provide your credentials, and upon successful authentication, you will be redirected back to the Client application with the SSO session established.

Conclusion
Implementing Single Sign-On in ASP.NET Core applications using IdentityServer4 significantly improves user experience and security. By centralizing authentication, you streamline user management and enhance overall security. This article provides a comprehensive guide to setting up SSO in your ASP.NET Core applications, paving the way for a more efficient and secure authentication process.

This is a brief guide for people who use IIS and.NET Core. Two.NET Core applications operating on the same instance of IIS must each have its own Application Pool in order for the issue to be raised. Multiple apps in the same app pool are not supported by ASP.NET Core, according to HTTP Error 500.35. Take these actions.

1. Make a fresh pool

2. If you are adding a new application, select the created Application Pool, in this example, NewPool.

3. If the application is already deployed, alter the Basic Settings to the new Application Pool.

I hope these tips help you.

The Random class's GetItems() method is one of the potent new features introduced in.NET 8. Working with randomness should be simpler, more effective, and intuitive with this approach. This post will go over the uses, functionality, and improvements that the GetItems() method may provide to your.NET projects.

Table of Contents

1. Introduction to the GetItems() Method
2. Basic Usage
3. Practical Applications
4. Comparing Traditional Methods with GetItems()
5. Best Practices
6. Conclusion

Overview of the GetItems() Procedure
The Random class in.NET 8 now has a new method called GetItems(). It lets you choose a predetermined number of objects at random from a collection. This can be very helpful in situations where you need to add some unpredictability to your application or shuffle data or create random samples.

Standard Usage
Using the GetItems() function is simple. This is the fundamental syntax:

public static T[] GetItems<T>(this Random random, IList<T> list, int count);

• random: An instance of the Random class.
• list: The collection from which items are to be selected.
• count: The number of random items to select.

Here’s a simple example to illustrate its usage.
Random random = new Random();
List<int> numbers = new List<int> { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
int[] randomNumbers = random.GetItems(numbers, 3);
foreach (var number in randomNumbers)
{
    Console.WriteLine(number);
}

In this example, GetItems() selects three random numbers from the numbers list.

Practical Applications
Random Sampling in Surveys
Suppose you're conducting a survey and need to randomly select participants from a list. The GetItems() method makes this easy:
List<string> participants = new List<string> { "Alice", "Bob", "Charlie", "David", "Eve" };
string[] selectedParticipants = random.GetItems(participants, 2);
Console.WriteLine("Selected Participants:");
foreach (var participant in selectedParticipants)
{
    Console.WriteLine(participant);
}

Random Shuffling of Cards
In game development, shuffling a deck of cards is a common requirement. Using GetItems(), you can shuffle cards effortlessly:
List<string> deck = new List<string> { "2H", "3H", "4H", ..., "KS", "AS" };
string[] shuffledDeck = random.GetItems(deck, deck.Count);
Console.WriteLine("Shuffled Deck:");
foreach (var card in shuffledDeck)
{
    Console.WriteLine(card);
}

Comparing Traditional methods with GetItems()
Before GetItems(), achieving similar functionality required more verbose and less readable code. Here’s how you might have done it traditionally:
Random random = new Random();
List<int> numbers = new List<int> { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
List<int> selectedNumbers = new List<int>();
HashSet<int> usedIndices = new HashSet<int>();
while (selectedNumbers.Count < 3)
{
    int index = random.Next(numbers.Count);
    if (usedIndices.Add(index))
    {
        selectedNumbers.Add(numbers[index]);
    }
}
foreach (var number in selectedNumbers)
{
    Console.WriteLine(number);
}

Using GetItems(), the same task is simplified.
int[] randomNumbers = random.GetItems(numbers, 3);
foreach (var number in randomNumbers)
{
    Console.WriteLine(number);
}

Best Practices

• Validate Parameters: Ensure the count parameter does not exceed the size of the list to avoid exceptions.
• Seed Control: For reproducible results, initialize the Random class with a fixed seed.
• Performance Considerations: For very large collections, be mindful of performance implications when using GetItems() frequently.

Conclusion
The GetItems() method in .NET 8 is a welcome addition for developers who frequently work with random data selections. By providing a concise and efficient way to select random items from a collection, it simplifies code and enhances readability. Whether you’re developing games, conducting surveys, or implementing any feature requiring randomness, GetItems() is a tool that can significantly streamline your development process.

A crucial component of web programming is keeping state across several queries. Because HTTP is stateless, developers must put in place ways to store user data. Sessions are useful in this situation. This post will explain sessions, explain how they function in.NET, and offer real-world examples to demonstrate how to use them.

A session: what is it?
A session is a type of server-side data storage that allows data to be maintained between requests made by the same user. Web applications depend on sessions to save many state variables, including user preferences, shopping cart contents, and authentication status. A distinct session ID is assigned to each session, forwarded to the client, and returned with each new request.

How Sessions Work in .NET

• Session Initialization: When a user accesses a web application for the first time, a new session is created, and a unique session ID is generated. This ID is stored in a cookie on the client side.
• Data Storage: The session object is used to store data on the server side, tied to the session ID.
• Subsequent Requests: The client sends the session ID back to the server with each request. The server retrieves the session data using this ID.
• Session Termination: Sessions can be terminated explicitly by the application, or they can expire after a period of inactivity.

Enabling and Using Sessions in ASP.NET Core
To use sessions in an ASP.NET Core application, you need to configure the session middleware. Here’s a step-by-step guide:
Step 1. Configure session state
Middleware for managing session state is included in the framework. To enable the session middleware, Program.cs must contain:

• Any of the IDistributedCache memory caches. The IDistributedCache implementation is used as a backing store for the session. For more information, see Distributed Caching in ASP.NET Core.
• A call to AddSession
• A call to UseSession

The following code shows how to set up the in-memory session provider with a default in-memory implementation of IDistributedCache:
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromSeconds(10);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
});
app.UseSession();

The preceding code sets a short timeout to simplify testing.
The order of middleware is important. Call UseSession after UseRouting and before MapRazorPages and MapDefaultControllerRoute. See Middleware Ordering.

HttpContext.Session is available after the session state is configured.

HttpContext.The session can't be accessed before UseSession has been called.

A new session with a new session cookie can't be created after the app has begun writing to the response stream. The exception is recorded in the web server log and not displayed in the browser.

Step 2. Set and Get Session Data
The following example shows how to set and get an integer and a string:
public class IndexModel : PageModel
{
    public const string SessionKeyName = "_Name";
    public const string SessionKeyAge = "_Age";
    private readonly ILogger<IndexModel> _logger;
    public IndexModel(ILogger<IndexModel> logger)
    {
        _logger = logger;
    }
    public void OnGet()
    {
        if (string.IsNullOrEmpty(HttpContext.Session.GetString(SessionKeyName)))
        {
            HttpContext.Session.SetString(SessionKeyName, "The Doctor");
            HttpContext.Session.SetInt32(SessionKeyAge, 73);
        }
        var name = HttpContext.Session.GetString(SessionKeyName);
        var age = HttpContext.Session.GetInt32(SessionKeyAge).ToString();
        _logger.LogInformation("Session Name: {Name}", name);
        _logger.LogInformation("Session Age: {Age}", age);
    }
}

The following example retrieves the session value for the IndexModel.SessionKeyName key (_Name in the sample app) in a Razor Pages page:
@page
@using Microsoft.AspNetCore.Http
@model IndexModel
...
Name: @HttpContext.Session.GetString(IndexModel.SessionKeyName)

Serialize objects data
All session data must be serialized to enable a distributed cache scenario, even when using the in-memory cache. String and integer serializers are provided by the extension methods of ISession. Complex types must be serialized by the user using another mechanism, such as JSON.

Use the following sample code to serialize objects:
public static class SessionExtensions
{
    public static void Set<T>(this ISession session, string key, T value)
    {
        session.SetString(key, JsonSerializer.Serialize(value));
    }

    public static T? Get<T>(this ISession session, string key)
    {
        var value = session.GetString(key);
        return value == null ? default : JsonSerializer.Deserialize<T>(value);
    }
}

Benefits of Using Sessions

• State Management: Sessions help maintain the state across multiple requests, which is essential for features like user authentication and shopping carts.
• Security: Data stored in sessions is kept on the server, reducing the risk of client-side manipulation.
• Convenience: Sessions simplify the development of stateful web applications by providing an easy way to store and retrieve user-specific data.

Conclusion
One of.NET's most useful features for handling state in web applications is sessions. They offer a practical and safe means of storing user-specific information for usage in response to various requests. You may improve user experience and keep a smooth user interface during the user's visit to your web application by using sessions correctly. By successfully utilizing and comprehending sessions, you can create powerful, stateful online applications that enhance user experience. Sessions are an essential tool in the toolbox of any web developer, whether they are using distributed cache storage for scalability or in-memory storage for simplicity.