Skip to main content

Posts

Giving the .NET smart components a try–The Smart TextArea

Microsoft announced last month, the .NET Smart Components, an experimental set of AI-powered UI components that can be added to your .NET apps. They asked us to give these components a try and share our feedback. In a first post I tried the Smart Combobox . Now let’s have a look at the Smart TextArea component. The idea of the Smart TextArea is that it gives you a smart autocomplete that can be tailored to the specific context you want to use it in. It looks at what the user is currently typing and tries to make suggestions based on the configured context and tone. It feels quite similar to prompt engineering but with a focus on helping you typing a text faster and easier.  Here is an example use case from the documentation : Your app might allow agents to respond to customer/staff/user messages by typing free text, e.g., in a live chat system, support ticket system, CRM, bug tracker, etc. You can use Smart TextArea to help those agents be more productive, writing better-
Read more
Recent posts

Azure DevOps Wiki–The order file in this hierarchy is missing paging entries.

One of the features of Azure DevOps is to create a wiki based on a folder inside a Git repo. Every page inside your wiki is a separate markdown file. This means that you can change the content of your wiki outside Azure DevOps and push the changes when you are ready, the same way you handle your code inside your Git repo. If you are a developer, this is probably the way you’ll create any content, but for people who are less technical, they can directly add/delete/change pages inside the wiki.  All interactions with the Git repo is handled behind the scenes making it a very user friendly experience for most people. Today I had to make a small change inside the wiki of one of my clients. I had to move a page in the file hierarchy. As I didn’t had the repo available on my local machine, I decided to directly apply the change inside the wiki instead of creating a local git repo,  pulling the source code, making my change and push it again. So I simple dragged the page to a different
Read more

XML External Entity Attack and .NET Core

Improving the security of the systems I help design and build for my clients is a continuous effort where every day new vulnerabilities are discovered. That being said, the OWASP Top 10 hasn't change that much since it's original introduction. This means that using the OWASP Top 10 remains a good starting point and the first important step towards more secure code. During a security audit, we identified that one of our older (.NET) applications had an XML External Entities(XXE) vulnerability. What is the XXE vulnerability? An XML eXternal Entity injection (XXE) is an attack against applications that parse XML input. An XXE attack can happen when untrusted XML input with a reference to an external entity is processed by a weakly configured XML parser. It is a high risk vulnerability as it can lead to: A denial of service attack on the system A Server Side Request Forgery (SSRF) attack The ability to scan ports from the machine where the parser is locat
Read more

VSCode Day and Azure Developers .NET Day are coming!

April is a great month if you are a developer. This month you can attend both VS Code Day 2024 AND Azure Developers .NET Day 2024 . VS Code Day 2024 Start by attending the VS Code Day(in fact it are 2 days) on April 23 and 24 .  During VS Code Day you learn everything about the latest and greatest features of Visual Studio Code. Of course, it will be no surprise that there will be a big focus on AI. Day 1 will be a kind of ‘preshow’ event where Sonny Sanghe will build a LinkedIn clone with Azure and NEXT.JS. It will be a deep dive into using Microsoft Azure, GitHub Copilot, Cosmos DB, and TypeScript to craft robust, scalable web applications. On Day 2 it is time for the main event where multiple sessions will be hosted. A sneak peak of some of the available sessions: JavaScript developers: Build fast and have fun with VS Code and Azure AI CLI by Natalia Venditto Real World Development with VS Code and C# by Leslie Richardson & Scott Hanselman Beyond the Editor: Tips to get t
Read more

SQL Server–Export varbinary column to disk

At one of my customers we store files in the database in varbinary(max) columns. To debug an issue we wanted to read out the files. Of course we could create a small program to do this, but we wanted to do it directly from the SQL Server Management Studio. We created a small database script that uses OLE Automation procedures: To use this script for your own purposes, replace the query after the cursor creation: DECLARE FILEPATH CURSOR FAST_FORWARD FOR <Add your own SELECT query here> The first time that we executed this script, it failed with the following error messages: Msg 15281, Level 16, State 1, Procedure sp_OACreate, Line 1 [Batch Start Line 0] SQL Server blocked access to procedure 'sys.sp_OACreate' of component 'Ole Automation Procedures' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'Ole Automation Procedures' by using sp_configure. For more
Read more

ASP.NET Core - Use factory based middleware with scoped services

Yesterday I talked about a problem we encountered when trying to inject a scoped service into ASP.NET Core middleware. The middleware used was convention based middleware, one of the ways to construct middleware in ASP.NET Core. With convention based middleware there isn’t a base class or interface to implement. The only rules your middleware class needs to apply to are: It has a public constructor with a parameter of type RequestDelegate . It contains a public method named Invoke or InvokeAsync . This method must: Return a Task . Accept a first parameter of type HttpContext . Convention based middleware is registered with a singleton lifetime, so you can only constructor injection for the dependencies with a singleton lifetime. For transient and scoped dependencies you need to add extra parameters to the InvokeAsync() method: There is a log of magic going on when using convention based middleware and it shouldn’t be a surprise that pe
Read more

ASP.NET Core–Cannot resolve from root provider because it requires scoped service

A colleague contacted me with the following problem; when running his ASP.NET Core application it failed with the following error message: Cannot resolve IApiLoggingService from root provider because it requires scoped service NHibernate.IInterceptor In this post I walk you through the different steps we took to investigate the issue and explain how we solved it. But before I dive into the problem itself I first want to give some background info on dependency injection in ASP.NET Core and service lifetimes. Dependency injection and service lifetimes ASP.NET Core supports the dependency injection (DI) software design pattern, which is a technique for achieving Inversion of Control (IoC) between classes and their dependencies. Registration of a dependency is done in the built-in service container, IServiceProvider . Services are typically registered at the app's start-up and appended to an IServiceCollection . Once all services are added, you use BuildServiceProvider to
Read more