Skip to content

Mwaseemzakir/.NetTipsByWaseem

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

35 Commits
README.md
README.md
ย 
ย 

Repository files navigation

Table of Content

Episode 0 : Author's Introduction & Newsletter

Episode 1 : What is .AsNoTracking() and its benefits

Episode 2 : SingleAsync and FirstAsync Methods of LINQ in .NET

Episode 3 : Basic overview of Monolithic and Microservices applications

Episode 4 : Difference b/w Boxing and Unboxing in C#

Episode 5 : Benefit of using AsReadOnly Method of List in .NET

Episode 6 : Difference b/w Any and All Method for Collection in .NET

Episode 7 : Lazy Loading vs Eager Loading in EntityFramework

Episode 8 : Aggregate function over List by Default Provided

Episode 9 : Difference b/w Include and ThenInclude in Entity Framework

Episode 10 : Use ToQueryString() Extension method while debugging

Episode 11 : How to avoid DbContext threading issues in Entity Framework

Episode 12 : How to register Open Generics in .NET Core Dependency Injection

Episode 13 : What are CORS and how to enable them in .NET at API Level

Episode 14 : Common Middlewares in .NET API

Episode 15 : Response Compression in .NET Core and how to configure its middleware

Episode 16 : Count() vs TryGetNonEnumeratedCount() and Which one is better ?

Episode 17 : Everything about Rate Limiting in .NET

Episode 18 : A basic visit to Response Caching along with its implementation in .NET

Episode 19 : Do you know how to initialize an Empty Enumerable in .NET ?

Episode 20 : Dependency Injection Explained in .NET

Episode 21 : IEnumerable vs IQueryable in .NET

Episode 22 : Why is it generally considered good practice to keep Dependency Injections in seperate class !

Episode 23 : Difference b/w GetType() and typeOf() Methods in .NET

Episode 24 : Difference b/w VAR and DYNAMIC keyword in C#

Episode 25 : StringBuilder vs string in C#

Episode 26 : Arrays vs ArrayList in C#

Episode 27 : Extension Methods in C#

Episode 28 : Common design principles you should keep in mind while developing applications

Episode 29 : Sealed keyword in C#

Episode 30 : String Interpolation vs Verbitam Identifier vs Raw String Literal

Episode 31 : Pad Left and Pad Right Method of String in C#

Episode 32 : How to read values from appsetting.json through IOptions and apply validation on it

Episode 33 : How to add DbContext Dependency Injection in .NET Core API ?

Episode 34 : How can we improve performance of .NET Application ?

Episode 35 : How to store password in database?

Episode 0 : Author's Introduction & Newsletter

Hi , my name is Muhammad Waseem and Welcome to .NET Tips by Waseem. I have 3+ years of experience in developing application revolving around .NET Technologies , I am a passionate learner , reader and above all content creator,I hope you will find these tips helpful.

If you like this you might be interested in my Weekly .NET Newsletter where 2000+ people has already joined me , make sure to Subscribe it.

Episode 1 : What is .AsNoTracking() and its benefits

๐–๐ก๐ข๐ฅ๐ž ๐ฎ๐ฌ๐ข๐ง๐  ๐€๐ฌ๐๐จ๐“๐ซ๐š๐œ๐ค๐ข๐ง๐ 

  1. The entity is not tracked by the context.

  2. EF does not know the state of its entity.

  3. Not recommended when you are performing Add/Update/Delete kind operations

  4. Improved performance over regular LINQ queries.

  5. Only recommended when you are doing read-only operations.

  6. Most efficient when we have to retrieve large set of data.

๐–๐ข๐ญ๐ก๐จ๐ฎ๐ญ ๐€๐ฌ๐๐จ๐“๐ซ๐š๐œ๐ค๐ข๐ง๐ 

  1. The entity is tracked by the context.

  2. EF knows the state of this entity.

  3. We can use this entity to save/update and we don't need to set the state of entity again.

1

Episode 2 : SingleAsync and FirstAsync Methods of LINQ in .NET

  1. In .NET, SingleAsync and FirstAsync are methods that can be used to retrieve a single element from a collection of elements.
  2. Both methods are similar in that they return the first element in a collection that satisfies a specified condition.
  3. The main difference between SingleAsync and FirstAsync is that SingleAsync will throw an exception if there is more than one element in the collection that satisfies the specified condition, while FirstAsync will return the first element it finds and then stop.
  4. SingleAsync can be used to ensure that there is exactly one element in the collection that satisfies the condition, while FirstAsync can be used to simply retrieve the first element that satisfies the condition, regardless of how many elements in the collection satisfy the condition.

2

Episode 3 : Basic overview of Monolithic and Microservices applications

Lets see the difference b/w monolithic and microservices

๐Œ๐จ๐ง๐จ๐ฅ๐ข๐ญ๐ก๐ข๐œ:

  1. A monolithic application is a single, self-contained program that consists of a single codebase.
  2. It is typically built and deployed as a single unit
  3. It tends to be more tightly coupled
  4. It can be more brittle, since a failure in one part of the application can affect the entire system

๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐ž๐ซ๐ฏ๐ข๐œ๐ž๐ฌ:

  1. A microservices application is a collection of small, independent services that communicate with each other to form a complete application.
  2. It is built as a set of independent services that are deployed and managed separately
  3. It is flexible and scalable as individual services can be updated and deployed without affecting the entire application.
  4. It tends to be loosely coupled.
  5. These applications can be more complex to build and manage, since they require coordination among multiple services.
  6. They can also be more expensive to run, since each service needs to be individually managed and scaled.

3

Episode 4 : Difference b/w Boxing and Unboxing in C#

๐๐จ๐ฑ๐ข๐ง๐  and ๐”๐ง๐›๐จ๐ฑ๐ข๐ง๐  are used to convert value types to reference types and vice versa. When value type is moved to a reference type itโ€™s called as ๐๐จ๐ฑ๐ข๐ง๐  . The vice-versa is termed as ๐”๐ง๐›๐จ๐ฑ๐ข๐ง๐ .

4

Episode 5 : Benefit of using AsReadOnly Method of List in .NET

Here are some benefits of ๐€๐ฌ๐‘๐ž๐š๐๐Ž๐ง๐ฅ๐ฒ Method of ๐‹๐ข๐ฌ๐ญ<๐“>

  1. It gives you read only view of your collection.
  2. It allows you to prevent the collection from being modified, either accidentally or intentionally
  3. It can improve the performance of your code in some cases because the read-only wrapper provides a more restricted view of the collection.
  4. This can be particularly beneficial when working with large collections, where even small performance improvements can make a significant difference.

5

Episode 6 : Difference b/w Any and All Method for Collection in .NET

๐€๐ง๐ฒ ๐ฏ๐ฌ ๐€๐ฅ๐ฅ ๐„๐ฑ๐ญ๐ž๐ง๐ฌ๐ข๐จ๐ง ๐Œ๐ž๐ญ๐ก๐จ๐ ๐จ๐Ÿ ๐‹๐ข๐ฌ๐ญ<๐“>

1.The ๐€๐ฅ๐ฅ method checks if all elements of a list satisfy a specified condition.

2.The ๐€๐ง๐ฒ method checks if any elements of a list satisfy a specified condition.

6

Episode 7 : Lazy Loading vs Eager Loading in EntityFramework

๐‹๐š๐ณ๐ฒ ๐‹๐จ๐š๐๐ข๐ง๐  (๐‹๐‹)

  1. Lazy Loading is a process where EF loads the related entities on demand.

  2. It is the default behavior of EF

  3. It delays the loading of related entities until you specifically request it.

  4. You can go with it when you are sure that you are not using the related entities Instantly.

  5. The number of round trips to the database is more as for each master entity data, it will issue a separate SQL query to get the child-related entity data.

  6. It simply uses the SELECT Statement without any join.

  7. If you are not interested in related entities or the related entities are not used instantly, then you can use it.

๐„๐š๐ ๐ž๐ซ ๐‹๐จ๐š๐๐ข๐ง๐  (๐„๐‹)

  1. Eager loading is a Process where EF loads the related entities along with the main entity

  2. EF will not execute separate SQL queries for loading the related entities.

  3. All the entities are loaded from the database with a single query saving bandwidth and server CPU time.

  4. You can go with EL when you are sure that you will be using the related entities with the main entity everywhere

  5. It is a good practice to reduce the number of SQL queries to be sent to the database server to fetch the related entities

  6. It will use SQL Joining to join the related tables with the main table and then return the Main entity data along with the related entities.

  7. If you are interested in related entities used instantly in your application, then you need to go with it.

๐๐จ๐ญ๐ž : If you want to check the ๐’๐๐‹ ๐†๐ž๐ง๐ž๐ซ๐š๐ญ๐ž๐ ๐๐ฎ๐ž๐ซ๐ฒ when a LINQ query executes then you can check it by clicking on ๐“๐จ๐จ๐ฅ๐ฌ -> ๐’๐๐‹ ๐’๐ž๐ซ๐ฏ๐ž๐ซ ๐๐ซ๐จ๐Ÿ๐ข๐ฅ๐ž๐ซ in SQL Server Management Studio.

7

Episode 8 : Aggregate function over List by Default Provided

You would be familiar with aggregate functions from SQL, letโ€™s see how to use Entity Framework Queryable Extension Methods for aggregate functions over the List

  1. Sum
  2. Average
  3. Minimum
  4. Maximum
  5. Count

.NET 6.0 has 12 overloads of these all methods for all numeric data types used in code โฌ

8

Episode 9 : Difference b/w Include and ThenInclude in Entity Framework

Include and ThenInclude are two methods in EF that can be useful for improving the performance of a query by reducing the number of databases round trips.

Include is used for eager loading thatโ€™s why related entities come in a single query and database round trips are reduced.

Main difference b/w them is level, include is used for ๐’๐ข๐ง๐ ๐ฅ๐ž ๐‹๐ž๐ฏ๐ž๐ฅ travelling along entities and ThenInclude is helpful in ๐Œ๐ฎ๐ฅ๐ญ๐ข๐ฅ๐ž๐ฏ๐ž๐ฅ ๐‘๐ž๐ญ๐ซ๐ข๐ž๐ฏ๐š๐ฅ.

9

Episode 10 : Use ToQueryString() Extension method while debugging

ToQueryString is a custom extension method that converts IQueryable to SQL Query at the back-end side, especially helpful for debugging. โฌ

10

Episode 11 : How to avoid DbContext threading issues in Entity Framework

When EF Core detects an attempt to use a DbContext instance concurrently, you'll see an InvalidOperationException with a message like this:

"A second operation started in this context before a previous operation was completed."

There are few ways that can help you to avoid threading issues in EF.

  1. Use a separate DbContext instance for each thread. This ensures that each thread has its own DbContext instance, which means that there is no shared state between threads and no potential for threading conflicts.

๐๐ซ๐จ๐›๐ฅ๐ž๐ฆ: Costly in terms of memory usage

  1. Use a thread-safe DbContext wrapper. In this approach, you would create a wrapper class for DbContext that uses synchronization techniques, such as the lock keyword to ensure that only one thread can access the DbContext instance at a time.

๐๐ซ๐จ๐›๐ฅ๐ž๐ฆ: It can impact performance because threads may have to wait for access to the DbContext instance.

  1. Use ๐š๐ฌ๐ฒ๐ง๐œ๐ก๐ซ๐จ๐ง๐จ๐ฎ๐ฌ methods that allows you to write code that can run concurrently on multiple threads. It can help improve the performance of your application by allowing multiple operations to be executed concurrently. We can use ๐š๐ฐ๐š๐ข๐ญ and ๐š๐ฌ๐ฒ๐ง๐œ to perform asynchronous operation.

I have so far used ๐š๐ฌ๐ฒ๐ง๐œ๐ก๐ซ๐จ๐ง๐จ๐ฎ๐ฌ methods, which one do you practice frequently?

11

Episode 12 : How to register Open Generics in .NET Core Dependency Injection

If you have a generic interface and its generic implementation like we mostly do when we make a generic repository for CRUD operations and you want to register its dependency injection at startup, then there is a simple way of registering the DI.

  1. For .NET 3.1 register in ConfigureServices in ๐’๐ญ๐ซ๐š๐ญ๐ฎ๐ฉ.๐œ๐ฌ

  2. For latest versions of .NET(6.0 ,7.0) register in ๐๐ซ๐จ๐ ๐ซ๐š๐ฆ.๐œ๐ฌ

12

Episode 13 : What are CORS and how to enable them in .NET at API Level

CORS stands for Cross Origin Resource sharing, so what exactly is cross origin.

These two URLs have the same origin: ๐—๐—๐—๐—‰๐—Œ://๐—†๐—’-๐—Œ๐—‚๐—๐–พ-๐—‡๐—ˆ-๐Ÿฃ.๐–ผ๐—ˆ๐—†/๐–ฆ๐–พ๐—/๐–ง๐–บ๐—„๐—Ž๐—‡๐–บ๐–ฌ๐–บ๐—๐–บ๐—๐–บ ๐—๐—๐—๐—‰๐—Œ://๐—†๐—’-๐—Œ๐—‚๐—๐–พ-๐—‡๐—ˆ-๐Ÿฃ.๐–ผ๐—ˆ๐—†/๐–ฆ๐–พ๐—/๐– ๐—…๐—…๐–จ๐—Œ๐–ถ๐–พ๐—…๐—…

These URLs have different origins ๐—๐—๐—๐—‰๐—Œ://๐—†๐—’-๐—Œ๐—‚๐—๐–พ-๐—‡๐—ˆ-๐Ÿฃ.๐–ผ๐—ˆ๐—†/๐–ฆ๐–พ๐—/๐–ง๐–บ๐—„๐—Ž๐—‡๐–บ๐–ฌ๐–บ๐—๐–บ๐—๐–บ ๐—๐—๐—๐—‰://๐—†๐—’-๐—Œ๐—‚๐—๐–พ-๐—‡๐—ˆ-๐Ÿฃ.๐—‡๐–พ๐—/๐–ฆ๐–พ๐—/๐– ๐—…๐—…๐–จ๐—Œ๐–ถ๐–พ๐—…๐—…

To facilitate requests from different origins you need to enable CORS in .NET.

In .NET 6 by using the combination of these methods you can enable CORS as per your requirement.

๐€๐ฅ๐ฅ๐จ๐ฐ๐€๐ง๐ฒ๐Ž๐ซ๐ข๐ ๐ข๐ง: This policy allows requests from any origin.

๐–๐ข๐ญ๐ก๐Ž๐ซ๐ข๐ ๐ข๐ง๐ฌ: This policy allows requests from specific origins. You can specify one or more origins as arguments to this method.

๐€๐ฅ๐ฅ๐จ๐ฐ๐€๐ง๐ฒ๐‡๐ž๐š๐๐ž๐ซ: This policy allows requests with any header.

๐–๐ข๐ญ๐ก๐‡๐ž๐š๐๐ž๐ซ๐ฌ: This policy allows requests with specific headers. You can specify one or more headers as arguments to this method.

๐€๐ฅ๐ฅ๐จ๐ฐ๐€๐ง๐ฒ๐Œ๐ž๐ญ๐ก๐จ๐: This policy allows requests with any HTTP method (e.g., GET, POST, PUT, DELETE).

๐–๐ข๐ญ๐ก๐Œ๐ž๐ญ๐ก๐จ๐๐ฌ: This policy allows requests with specific HTTP methods. You can specify one or more methods as arguments to this method.

Few Things to Keep in mind

โœ”๏ธCORS is not a security feature. CORS is a W3C standard that allows a server to relax the same-origin policy.

โœ”๏ธAn API isn't safer by allowing CORS.

โœ”๏ธIt's a way for a server to allow browsers to execute a cross-origin request that otherwise would be forbidden.

โœ”๏ธBrowsers without CORS can't do cross-origin requests.

CORS

Episode 14 : Common Middlewares in .NET API

Middleware is software that's assembled into an app pipeline to handle requests and responses. Each component:

Chooses whether to pass the request to the next component in the pipeline.

Can perform work before and after the next component in the pipeline.

Here are some common types of middleware that might be used in a .NET API program:

  1. Routing
  2. Exception handling
  3. Authentication and authorization
  4. CORS (Cross-Origin Resource Sharing)
  5. Response compression
  6. Request validation
  7. Response caching 8.Static file serving

๐‘๐จ๐ฎ๐ญ๐ข๐ง๐  ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for determining which endpoint should handle a particular request based on the request's path and method.

๐„๐ฑ๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง ๐ก๐š๐ง๐๐ฅ๐ข๐ง๐  ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for catching and handling exceptions that occur during the processing of a request.

๐€๐ฎ๐ญ๐ก๐ž๐ง๐ญ๐ข๐œ๐š๐ญ๐ข๐จ๐ง ๐š๐ง๐ ๐š๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ณ๐š๐ญ๐ข๐จ๐ง ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for verifying that a request is from an authenticated and authorized user.

๐‚๐Ž๐‘๐’ (๐‚๐ซ๐จ๐ฌ๐ฌ-๐Ž๐ซ๐ข๐ ๐ข๐ง ๐‘๐ž๐ฌ๐จ๐ฎ๐ซ๐œ๐ž ๐’๐ก๐š๐ซ๐ข๐ง๐ ) ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for adding the necessary headers to allow a browser to make cross-origin requests to the API.

๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐œ๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for compressing the response payload in order to reduce the size of the response and improve performance.

๐‘๐ž๐ช๐ฎ๐ž๐ฌ๐ญ ๐ฏ๐š๐ฅ๐ข๐๐š๐ญ๐ข๐จ๐ง ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for validating incoming requests to ensure that they conform to the expected format.

๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐œ๐š๐œ๐ก๐ข๐ง๐  ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for caching responses in order to reduce the load on the server and improve performance.

๐’๐ญ๐š๐ญ๐ข๐œ ๐Ÿ๐ข๐ฅ๐ž ๐ฌ๐ž๐ซ๐ฏ๐ข๐ง๐  ๐ฆ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž: This middleware is responsible for serving static files, such as HTML, CSS, and JavaScript files, from the file system.

Itโ€™s important to note that the order in which middleware is added to the pipeline can be important, as the middleware will be executed in the order in which it is added. For example, if the authentication middleware is added before the routing middleware, the routing middleware will not be executed until the authentication middleware has completed.

14

Episode 15 : Response Compression in .NET Core and how to configure its middleware

Network bandwidth is a limited resource. Reducing the size of the response usually increases the responsiveness of an app, often dramatically. One way to reduce payload sizes is to compress an app's responses.

๐–๐ก๐š๐ญ ๐ข๐ฌ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง Response compression is a technique that can be used to reduce the size of HTTP responses, which can improve the performance of a web application by reducing the amount of data that needs to be transmitted over the network.

๐๐ž๐ง๐ž๐Ÿ๐ข๐ญ๐ฌ ๐จ๐Ÿ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง

1.Improved performance: Compressing the response can reduce the amount of data that needs to be transmitted over the network, which can lead to faster page load times and a better user experience.

2.Reduced bandwidth usage: By compressing the response, you can reduce the amount of data that is transmitted over the network, which can lead to reduced bandwidth usage and lower costs for hosting and bandwidth.

3.Better SEO: Search engines take page load times into account when ranking websites, so a faster loading website may rank higher in search results.

๐‡๐จ๐ฐ ๐ญ๐จ ๐œ๐จ๐ง๐Ÿ๐ข๐ ๐ฎ๐ซ๐ž ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง ๐Œ๐ข๐๐๐ฅ๐ž๐ฐ๐š๐ซ๐ž ๐ข๐ง .๐๐„๐“ We can configure it using the . NET middleware, AddResponseCompression.

.NET also Provides built in providers for compression we can configure their options as per our need.

1.BrotliCompressionProvider Using it a text file response at 2,044 bytes was compressed to ~979 bytes.

  1. GzipCompressionProvider Using it a Scalable Vector Graphics (SVG) image response at 9,707 bytes was compresses to ~4,459 bytes

๐”๐‘๐‹: https://bit.ly/3G3rsIj

๐‚๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง ๐‹๐ž๐ฏ๐ž๐ฅ๐ฌ ๐Ž๐ฉ๐ญ๐ข๐ฆ๐š๐ฅ - The compression operation should be optimally compressed, even if the operation, it takes a longer time to complete.

๐…๐š๐ฌ๐ญ๐ž๐ฌ๐ญ - The compression operation should complete as quickly as possible, even if the resulting file is not optimally compressed.

๐๐จ ๐‚๐จ๐ฆ๐ฉ๐ซ๐ž๐ฌ๐ฌ๐ข๐จ๐ง - No compression should be performed on the file.

๐’๐ฆ๐š๐ฅ๐ฅ๐ž๐ฌ๐ญ ๐’๐ข๐ณ๐ž - The compression operation should create output as small as possible, even if the operation takes a longer time to complete.

๐Œ๐ˆ๐Œ๐„ ๐“๐ฒ๐ฉ๐ž๐ฌ ๐›๐ฒ ๐ƒ๐ž๐Ÿ๐š๐ฎ๐ฅ๐ญ ๐’๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ๐ž๐ ๐๐ฒ .๐๐„๐“ ๐๐ซ๐จ๐ฏ๐ข๐๐ž๐ซ๐ฌ

  1. text/plain
  2. text/css
  3. application/javascript
  4. text/html
  5. application/xml
  6. text/xml
  7. application/json
  8. text/json
  9. application/wasm

15

Episode 16 : Count() vs TryGetNonEnumeratedCount() and Which one is better ?

๐‚๐จ๐ฎ๐ง๐ญ()

This method will make an enumeration to calculate the count of elements.

Available in all versions of .NET

๐“๐ซ๐ฒ๐†๐ž๐ญ๐๐จ๐ง๐„๐ง๐ฎ๐ฆ๐ž๐ซ๐š๐ญ๐ž๐๐‚๐จ๐ฎ๐ง๐ญ()

This attempts to determine the number of elements in a sequence without forcing an enumeration.

It is available in .NET 6 and .NET 7

It is available only on the ICollection interface.

It is typically a constant-time operation, but ultimately this depends on the complexity characteristics of the underlying collection's implementation.

16

Episode 17 : Everything about Rate Limiting in .NET

Rate limiting is a technique used to control the amount of incoming and outgoing traffic to a network or service. It is often used to protect servers and other resources from being overwhelmed by too many requests, or to prevent abuses such as distributed denial of service (DDoS) attacks.

๐‡๐จ๐ฐ ๐ข๐ญ ๐ฐ๐จ๐ซ๐ค๐ฌ? Rate limiting works by setting a limit on the number of requests that a client can make to a server within a specified time period. If the client exceeds the rate limit, the server will return an error, typically an HTTP status code 429 (Too Many Requests), to the client.

๐๐ž๐ง๐ž๐Ÿ๐ข๐ญ๐ฌ ๐จ๐Ÿ ๐‘๐š๐ญ๐ž ๐‹๐ข๐ฆ๐ข๐ญ๐ข๐ง๐ ?

  1. Protecting against denial-of-service attacks of specific types.
  2. Maintaining service availability.
  3. Reducing resource consumption.
  4. Detecting & blocking maliciousbehavior.
  5. Improving user experience.

๐‚๐จ๐ง๐ฌ ๐จ๐Ÿ ๐‘๐š๐ญ๐ž ๐‹๐ข๐ฆ๐ข๐ญ๐ข๐ง๐ ? Rate limiting cannot distinguish between good and bad traffic, it will just look into IP and number of requests, so in some cases by changing the IP address attack is still possible.

๐€๐ญ ๐ฐ๐ก๐ข๐œ๐ก ๐ฉ๐จ๐ข๐ง๐ญ ๐ฐ๐ž ๐œ๐š๐ง ๐š๐ฉ๐ฉ๐ฅ๐ฒ ๐‘๐š๐ญ๐ž ๐‹๐ข๐ฆ๐ข๐ญ๐ข๐ง๐ ?

  1. Network Edge
  2. Application Layer
  3. Database Layer
  4. Service Level

๐‡๐จ๐ฐ ๐œ๐š๐ง ๐ˆ ๐ฏ๐ž๐ซ๐ข๐Ÿ๐ฒ ๐ญ๐ก๐š๐ญ ๐‘๐š๐ญ๐ž ๐‹๐ข๐ฆ๐ข๐ญ๐ข๐ง๐  ๐ก๐š๐ฌ ๐›๐ž๐ž๐ง ๐š๐๐๐ž๐? You can check from response headers of your request there would be complete information that is your remaining limit, what is limit time etc. if your Rate Limiting has successfully configured.

๐‡๐จ๐ฐ ๐ญ๐จ ๐š๐๐ ๐‘๐š๐ญ๐ž ๐‹๐ข๐ฆ๐ข๐ญ๐ข๐ง๐  ๐ข๐ง .๐๐„๐“ ๐€๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง? We can apply rate limiting on Application Layer in our project using Asp Net Core Rate Limit NuGet Packageโฌ

17

Episode 18 : A basic visit to Response Caching along with its implementation in .NET

Response caching is a technique for storing the responses of an API or web application in a cache so that they can be served faster to subsequent requests. The responses are stored in a cache with a key that uniquely identifies them, and the cache has a limited size and a policy for removing items when it becomes full.

๐๐ž๐ง๐ž๐Ÿ๐ข๐ญ๐ฌ ๐จ๐Ÿ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐š๐œ๐ก๐ข๐ง๐ ?

  1. Improved performance by reducing the load on the server.

  2. Reduced server load, as it can serve the cached response instead of generating a new one.

  3. Reduced bandwidth usages it reduces the amount of data that needs to be transferred between the server and the client.

  4. Improved security as it can reduce the number of requests that reach the server, reducing the risk of certain types of attacks.

๐Ž๐ง ๐ฐ๐ก๐ข๐œ๐ก ๐ซ๐ž๐ช๐ฎ๐ž๐ฌ๐ญ๐ฌ ๐ฐ๐ž ๐œ๐š๐ง ๐š๐ฉ๐ฉ๐ฅ๐ฒ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐š๐œ๐ก๐ข๐ง๐ 

  1. Get
  2. Head

๐…๐ž๐ฐ ๐œ๐จ๐ง๐ฌ๐ญ๐ซ๐š๐ข๐ง๐ญ๐ฌ ๐Ÿ๐จ๐ซ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐š๐œ๐ก๐ข๐ง๐  1.The request must result in a server response with a 200 (OK) status code.

2.Response Caching Middleware must be placed before middleware that require caching. For more information, see ASP.NET Core Middleware.

3.The Authorization header must not be present.

  1. Cache-Control header parameters must be valid, and the response must be marked public and not marked private.

  2. The Content-Length header value (if set) must match the size of the response body.

๐’๐จ๐ฆ๐ž ๐ซ๐ž๐š๐ฅ-๐ฐ๐จ๐ซ๐ฅ๐ ๐ž๐ฑ๐š๐ฆ๐ฉ๐ฅ๐ž๐ฌ ๐จ๐Ÿ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐‚๐š๐œ๐ก๐ข๐ง๐ 

  1. News website
  2. E-commerce websites In your application you can apply response caching to those requests whose response is changed after a time and you are sure about it.

๐‡๐จ๐ฐ ๐œ๐š๐ง ๐ˆ ๐ฏ๐ž๐ซ๐ข๐Ÿ๐ฒ ๐ข๐ญ? Create an application apply caching and then request it from Postman and set time to 60 minutes, you will notice that only first request will reach the controller, after that even if you try request will not reach controller.

18

Episode 19 : Do you know how to initialize an Empty Enumerable in .NET ?

โœ”๏ธ .NET provides us the Empty() method to initialize an empty Enumerable of any type.

โœ”๏ธThis method is useful for passing an empty sequence to a user defined method that takes an IEnumerable โคต๏ธ

19

Episode 20 : Dependency Injection Explained in .NET

This post crossed 100K views on my LinkedIn

100K

Dependency injection involves providing a class with its required dependencies from an external source rather than having the class create them itself.

This helps to decouple the object creation process from the caller, leading to a more modular and flexible system.

In other words, it allows a class to focus on its core functionality rather than worrying about how to create and manage its dependencies.

๐–๐ก๐ฒ ๐๐จ ๐ฐ๐ž ๐ง๐ž๐ž๐ ๐๐ž๐ฉ๐ž๐ง๐๐ž๐ง๐œ๐ฒ ๐ข๐ง๐ฃ๐ž๐œ๐ญ๐ข๐จ๐ง? By using DI classes are decoupled from each other so you make changes at one place and it is reflected all over the places.

๐‡๐จ๐ฐ ๐ญ๐จ ๐ข๐ฆ๐ฉ๐ฅ๐ž๐ฆ๐ž๐ง๐ญ ๐๐ž๐ฉ๐ž๐ง๐๐ž๐ง๐œ๐ฒ ๐ข๐ง๐ฃ๐ž๐œ๐ญ๐ข๐จ๐ง?

โœ… In .NET 6 we implement DI in Program.cs class by using builder.Services

โœ… For previous versions of .NET, to implement DI we need to add the service in โ€œConfigureServicesโ€ method which is in Startup.cs file

๐ƒ๐ข๐Ÿ๐Ÿ๐ž๐ซ๐ž๐ง๐ญ ๐ฐ๐š๐ฒ๐ฌ ๐จ๐Ÿ ๐ข๐ฆ๐ฉ๐ฅ๐ž๐ฆ๐ž๐ง๐ญ๐ข๐ง๐  ๐ƒ๐ž๐ฉ๐ž๐ง๐๐ž๐ง๐œ๐ฒ ๐ˆ๐ง๐ฃ๐ž๐œ๐ญ๐ข๐จ๐ง There are three ways of doing DI:

1.Scoped โžก๏ธ It will create an instance per scope, if we are in same scope same instance would be used. Whenever we go out of scope new instance would be created.

  1. Transient โžก๏ธ It creates new instances every time its injected.

  2. Singleton โžก๏ธ It instantiates one global object for all requests coming to the server from any user.

๐๐ž๐ง๐ž๐Ÿ๐ข๐ญ๐ฌ ๐จ๐Ÿ ๐ƒ๐ž๐ฉ๐ž๐ง๐๐ž๐ง๐œ๐ฒ ๐ˆ๐ง๐ฃ๐ž๐œ๐ญ๐ข๐จ๐ง

1.Improved testability: Dependency injection makes it easier to write unit tests for your code, as you can easily substitute mock objects for the real dependencies.

  1. Enhanced flexibility: By injecting dependencies from the outside, you can easily change the implementation of a class's dependencies without having to modify the class itself. This makes it easier to adapt your application to changing requirements.

  2. Increased modularity: Dependency injection encourages the use of small, single-purpose classes that are easy to test and reuse in different contexts. This can lead to a more modular and maintainable codebase.

  3. Better separation of concerns: Dependency injection helps to separate the concerns of different parts of your application, making it easier to understand and maintain the code.

  4. Enhanced decoupling: Dependency injection promotes loose coupling between classes, which can make your application more resilient to change and easier to test.

20

Episode 21 : IEnumerable vs IQueryable in .NET

IEnumerable and IQueryable interfaces are both used to work with collections of data and both support LINQ (Language Integrated Query).

๐ˆ๐๐ฎ๐ž๐ซ๐ฒ๐š๐›๐ฅ๐ž

โœ… IQueryable executes queries on the server side.

โœ… It is designed specifically to work with LINQ

โœ… It extends IEnumerable, which means it includes all of the functionality of IEnumerable.

โœ… It can be more efficient when working with large data

โœ… It can be more helpful when you have to apply a lot of filtrations, you can apply all filters on Queryable and when you are done you can convert data to desired collection

๐ˆ๐„๐ง๐ฎ๐ฆ๐ž๐ซ๐š๐›๐ฅ๐ž โœ”๏ธ IEnumerable executes queries on the client side.

โœ”๏ธ It is generally used to work with in-memory data collections.

Explanation with code โคต๏ธ

21

Episode 22 : Why is it generally considered good practice to keep Dependency Injections in seperate class !

It is good practice to move all of your dependency injection work in a separate class instead of filling your Program.cs with all Injections. Here are some benefits of this approach

  1. By keeping dependency injections in separate classes, you can better adhere to the principle of separation of concerns. So, your Program.cs is just focusing on configuration and its DI class headache to manage dependencies.

  2. Keeping dependency injections in separate classes can make it easier to maintain the application over time. For any change in DIโ€™s, you would not be changing the Program.cs rather you would just change the desired dependency injection class

  3. For better understanding we can create different DI classes that would be dealing with similar dependencies.

How you prefer to keep your dependencies? ๐Ÿ“โคต๏ธ

22

Episode 23 : Difference b/w GetType() and typeOf() Methods in .NET

Both TypeOf and GetType help you to get the type with a little difference

โœ… typeof gets the type from a class while GetType gets type from an object.

โœ… The GetType method is used to retrieve the type of an object at runtime, while the typeof operator is used to retrieve the type of an object at compile-time.

I have described one example where typeof can prove helpful , what other situations could be where GetType and typeof can save us ๐Ÿ“โฌ

23

Episode 24 : Difference b/w VAR and DYNAMIC keyword in C#

๐•๐€๐‘ โœ… VAR is early binded (statically checked)

โœ… It looks at your right-hand side data and then during compile time it decides the left-hand side data type

โœ… Use of var makes your code more readable, simplified and reduces the typing.

๐ƒ๐˜๐๐€๐Œ๐ˆ๐‚ โœ”๏ธ Dynamic is late binded (dynamically evaluated).

โœ”๏ธ It is used to work on dynamic objects.

โœ”๏ธ It helps us when we are not sure about the data type of objects, saves us from a lot of data type-oriented checking (because the compiler ignores them).

๐Ÿ’ญ There is a debate over var or proper type. I would like to hear your opinion, many people say that we should use var instead of proper type, but some say that if you are familiar with type then why would you go for var. ๐Ÿ“โฌ

24

Episode 25 : StringBuilder vs string in C#

Difference b/w String and StringBuilder

๐’๐ญ๐ซ๐ข๐ง๐ ๐๐ฎ๐ข๐ฅ๐๐ž๐ซ

  1. StringBuilder is mutable

  2. StringBuilder will only create one object on heap and every time it would be updated with new value even if you append/insert 1 million values.

๐’๐ญ๐ซ๐ข๐ง๐ 

  1. String is immutable.

  2. Every time when we update data in string it creates a new instance of object. So, if you update value 1K times it will create 1K new instances.

๐“๐ข๐ฆ๐ž ๐๐ข๐Ÿ๐Ÿ๐ž๐ซ๐ž๐ง๐œ๐ž ๐จ๐ฏ๐ž๐ซ ๐Ÿ๐ŸŽ,๐ŸŽ๐ŸŽ๐ŸŽ ๐ข๐ญ๐ž๐ซ๐š๐ญ๐ข๐จ๐ง๐ฌ A good rule of thumb is to use strings when you aren't going to perform operations like(Append/Remove) repetitively, use StringBuilder for vice versa.

I took 10,000 iterations and checked the difference for that see the difference in picture.โฌ

25

Episode 26 : Arrays vs ArrayList in C#

Difference b/w Array and Arraylist and which one is faster.

๐€๐ซ๐ซ๐š๐ฒ

  1. Arrays are fixed in size.
  2. It is strongly typed, in other words when you create an array it can store only one data type.

๐€๐ซ๐ซ๐š๐ฒ ๐‹๐ข๐ฌ๐ญ

  1. It is a collection from System.Collection in .NET

  2. It is dynamically resizable.

  3. It can store any data type

๐–๐ก๐ข๐œ๐ก ๐จ๐ง๐ž ๐ข๐ฌ ๐Ÿ๐š๐ฌ๐ญ๐ž๐ซ ๐š๐ง๐ ๐–๐ก๐ฒ ? Array list takes any data type which leads to boxing and unboxing. As arrays are strongly typed, they do not do boxing and unboxing. So, arrays are faster as compared to array lists.

When boxing and unboxing happens the data needs to jump from stack memory to heap and vice-versa which is a bit of memory intensive process. As a good practice avoid boxing and unboxing wherever possible.

๐‘๐ž๐œ๐š๐ฉ ๐จ๐Ÿ ๐๐จ๐ฑ๐ข๐ง๐  ๐š๐ง๐ ๐”๐ง๐›๐จ๐ฑ๐ข๐ง๐  Boxing and Unboxing are used to convert value types to reference types and vice versa. When the value type is moved to a reference type itโ€™s called Boxing. The vice-versa is termed as Unboxing.

๐–๐ก๐ž๐ง ๐ฌ๐ก๐จ๐ฎ๐ฅ๐ ๐ฐ๐ž ๐ฎ๐ฌ๐ž ๐€๐ซ๐ซ๐š๐ฒ๐ฅ๐ข๐ฌ๐ญ ๐จ๐ซ ๐€๐ซ๐ซ๐š๐ฒ? Overall, Arraylist is a more flexible and convenient choice when you need to work with a collection of objects that can change size over time, while an array is a good choice when you need to work with a fixed-size collection of elements of the same data type.

26

Episode 27 : Extension Methods in C#

An extension method is a special kind of static method that allows you to "add" methods to an existing type without modifying the type itself.

You already know about extension method let me remind you, you might have used method ToString() that is extension Method for string

๐๐ž๐ง๐ž๐Ÿ๐ข๐ญ๐ฌ ๐จ๐Ÿ ๐ฎ๐ฌ๐ข๐ง๐  ๐ž๐ฑ๐ญ๐ž๐ง๐ฌ๐ข๐จ๐ง ๐ฆ๐ž๐ญ๐ก๐จ๐๐ฌ

  1. Extension methods allow you to reuse code across multiple types without having to create a new subclass or interface for each type.

  2. They reduce code duplication and improve the maintainability of your code.

  3. They can make your code more readable by allowing you to define methods that are directly related to the type they are extending

  4. These methods are used extensively in the LINQ (Language Integrated Query) library.

  5. They are very simple to develop just a static method of static class and in parameter you add this keyword.

๐‡๐จ๐ฐ ๐ญ๐จ ๐œ๐ซ๐ž๐š๐ญ๐ž ๐„๐ฑ๐ญ๐ž๐ง๐ฌ๐ข๐จ๐ง ๐Œ๐ž๐ญ๐ก๐จ๐? Extension methods are defined as static methods in a static class, and use the "this" keyword to specify the type they are extending.

๐’๐จ๐ฆ๐ž ๐ฌ๐œ๐ž๐ง๐ž๐ซ๐ข๐จ Suppose you are creating some game and your text should be in some weird notations that all characters should be lower case followed by upper case, so itโ€™s better to create an extension method for string and then use it throughout the application.

27

Episode 28 : Common design principles you should keep in mind while developing applications

โœ…๐’๐ž๐ฉ๐š๐ซ๐š๐ญ๐ข๐จ๐ง ๐จ๐Ÿ ๐œ๐จ๐ง๐œ๐ž๐ซ๐ง๐ฌ This principle asserts that software should be separated based on the kinds of work it performs.

Consider a media player application that has a feature to create and save playlists. The application has logic to retrieve a list of songs from the user's library and logic to organize the songs into playlists. The behavior for retrieving the list of songs should be separate from the behavior for creating the playlists, since these are separate concerns.

โœ… ๐„๐ง๐œ๐š๐ฉ๐ฌ๐ฎ๐ฅ๐š๐ญ๐ข๐จ๐ง Encapsulation is a way to protect the data inside an object from being changed by code outside of that object.

In other words, it helps to keep the internal state of an object hidden from the rest of the program. Instead of allowing other parts of the program to directly access and change the data inside an object, we should provide specific methods (getter/setter) that can be used to manipulate the data in a controlled way.

โœ…๐’๐ข๐ง๐ ๐ฅ๐ž ๐ซ๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ข๐›๐ข๐ฅ๐ข๐ญ๐ฒ The single responsibility principle is a concept in software development that says that each object or component in a program should only have one job or responsibility.

For example, the user interface should be responsible for presenting information to the user, while the data access layer should be responsible for storing and retrieving data. The business logic, which is the part of the program that does the important work, should be kept in its own section so it can be tested and changed without affecting other parts of the program.

โœ…๐ƒ๐จ๐งโ€™๐ญ ๐ซ๐ž๐ฉ๐ž๐š๐ญ ๐ฒ๐จ๐ฎ๐ซ๐ฌ๐ž๐ฅ๐Ÿ (๐ƒ๐‘๐˜) The application should avoid specifying behavior related to a particular concept in multiple places as this practice is a frequent source of errors.

Avoid binding together behavior that is only coincidentally repetitive. For example, just because two different constants both have the same value, that doesnโ€™t mean you should have only one constant, if conceptually theyโ€™re referring to different things. Duplication is always preferable to coupling to the wrong abstraction.

โœ…๐ƒ๐ž๐ฉ๐ž๐ง๐๐ž๐ง๐œ๐ฒ ๐ˆ๐ง๐ฏ๐ž๐ซ๐ฌ๐ข๐จ๐ง The direction of dependency within the application should be in the direction of abstraction, not implementation details.

The practice of dependency injection is made possible by following the dependency inversion principle. See the difference of graph when Dependency Inversion is applied.

28

Episode 29 : Sealed keyword in C#

When applied to a class, the sealed modifier prevents other classes from inheriting from it.

When applied to a method or property, the sealed modifier must always be used with override because structs are implicitly sealed, they cannot be inherited.

๐–๐ก๐ž๐ง ๐ฌ๐ก๐จ๐ฎ๐ฅ๐ ๐ฐ๐ž ๐ฆ๐š๐ค๐ž ๐จ๐ฎ๐ซ ๐œ๐ฅ๐š๐ฌ๐ฌ ๐ฌ๐ž๐š๐ฅ๐ž๐

  1. It ensures that a class cannot be subclasses / used as base class, either to maintain the integrity of the class's design or to improve performance.
  2. When you want to create a class that can be used as a singleton, to ensure that only one instance of the class can be created (Although defining a class does not ensure that it would become singleton, we need to take care for few more things for singleton).

๐‡๐จ๐ฐ ๐ฆ๐š๐ค๐ข๐ง๐  ๐š ๐œ๐ฅ๐š๐ฌ๐ฌ ๐ฌ๐ž๐š๐ฅ๐ž๐ ๐ข๐ฆ๐ฉ๐ซ๐จ๐ฏ๐ž๐ฌ ๐ญ๐ก๐ž ๐ฉ๐ž๐ซ๐Ÿ๐จ๐ซ๐ฆ๐š๐ง๐œ๐ž A sealed class does not have to worry about executing code in derived classes that may override members of the sealed class at runtime It reduces the number of methods calls that need to be made at runtime. When a method is called on an object, the runtime must determine which method to execute by checking the object's type and searching up the inheritance hierarchy until it finds a matching method.

29

Episode 30 : String Interpolation vs Verbitam Identifier vs Raw String Literal

Let's see the difference b/w them

๐’๐ญ๐ซ๐ข๐ง๐  ๐ข๐ง๐ญ๐ž๐ซ๐ฉ๐จ๐ฅ๐š๐ญ๐ข๐จ๐ง ๐ฎ๐ฌ๐ข๐ง๐  $ The $ special character identifies a string literal as an interpolated string. An interpolated string is a string literal that might contain interpolation expressions. String interpolation provides a more readable, convenient syntax to format strings. It's easier to read than string composite formatting.

๐•๐ž๐ซ๐›๐š๐ญ๐ข๐ฆ ๐ˆ๐๐ž๐ง๐ญ๐ข๐Ÿ๐ข๐ž๐ซ - @ The @ special character serves as a verbatim identifier. It can be used in the following ways

  1. To enable C# keywords to be used as identifiers.
  2. It helps to specify a string that should be interpreted literally, without any escape characters being processed.

๐‘๐š๐ฐ ๐ฌ๐ญ๐ซ๐ข๐ง๐  ๐ฅ๐ข๐ญ๐ž๐ซ๐š๐ฅ - """ A raw string literal (Available in C# 11.0) starts and ends with a minimum of three double quote (") characters.

  1. It can span multi lines
  2. Like @ it can also specify a string that should be interpreted literally
  3. It can combine work with interpolated string
  4. It can be helpful in designing server-side emails as well

While working with them following rules should be kept in mind.

  1. Both opening/closing quote characters must be on their own line.
  2. Any whitespace to the left of the closing quotes is removed from all lines of the raw string literal.
  3. Whitespace following the opening quote on the same line is ignored.
  4. Whitespace only lines following the opening quote are included in the string literal.

30

Episode 31 : Pad Left and Pad Right Method of String in C#

The ๐๐š๐๐‹๐ž๐Ÿ๐ญ and ๐๐š๐๐‘๐ข๐ ๐ก๐ญ methods of the ๐’๐ญ๐ซ๐ข๐ง๐  class in C# can be used to pad the current string with a specified number of characters on the left or right side, respectively.

๐ŸŽฏ These methods can be useful when you want to align strings in a particular way.

๐ŸŽฏ They can give you a helping hand when you want to ensure that a string meets a minimum length requirement.

31

Episode 32 : How to read values from appsetting.json through IOptions and apply validation on it

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ : Define your properties in key-value format in json file.

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ : Make a class with same properties , make sure names should be exactly same.

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ‘ : Inject configurations in Program.cs (For .NET 6) and in ConfigureServices Method (Below than .NET 6)

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ’ : Now Inject class containing properties in constructor of your desired class where you need.

32

If you want to add validations on your IOptions you can visit my friend Milans's blog post here

Episode 33 : How to add DbContext Dependency Injection in .NET Core API ?

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ : Define a DbContext class that represents the database context in your application.

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ : In the ConfigureServices/Program.cs add a call to the AddDbContext method to register the DbContext with the dependency injection container.

๐ŸŽฏ ๐’๐ญ๐ž๐ฉ ๐Ÿ‘ : Inject the DbContext instance into the constructor of your controllers or services that require it or maybe you can use Unit of work class as well , its up to you :)

33

Episode 34 : How can we improve performance of .NET Application ?

โ–ถ Use string builder for concatenation rather than string when concatenation data is huge.

โ–ถ Avoid boxing / unboxing by using generics.

โ–ถ Avoid writing in line SQL queries use stored procedures.

โ–ถ Choose your indexes (clustered and non-clustered) properly.

โ–ถ Use Caching for data which will not change frequently.

โ–ถ In ASP .NET use output cache directive for page level caching.

โ–ถ Use Async Calls

โ–ถ Use Raw SQL

โ–ถ Use Caching for data that is not used frequently

โ–ถ Use Lazy Loading unless the Eager Loading is needed.

โ–ถ Select only date that in needed in your LINQ Queries

โ–ถ Use AsNoTracking for where you need read-only data

Episode 35 : How to store password in database

  1. Plain text password โŒ
  2. Hashed password โŒ
  3. Hashed password with Salt โœ”

๐๐ฅ๐š๐ข๐ง ๐ญ๐ž๐ฑ๐ญ ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ : Saving password in plain text is the worst approach because it is open to everyone who has database access and an easy target for attackers. Its not recommended at all.

๐‡๐š๐ฌ๐ก๐ž๐ ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ : Hashing the plain text password first and then saving it, it seems safe but it isnโ€™t safe again, you can fall for attack in this case as well rainbow attack.

๐‡๐š๐ฌ๐ก๐ž๐ ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐ฐ๐ข๐ญ๐ก ๐’๐š๐ฅ๐ญ : Last option is hash of salt and plain password. This would be a suitable password.

๐–๐ก๐š๐ญ ๐ข๐ฌ ๐’๐š๐ฅ๐ญ?

Salt is a unique and random string that we append with each password to make it safe. In C# we can simply use ๐†๐”๐ˆ๐ƒ to get a unique string.

๐‡๐จ๐ฐ ๐‡๐š๐ฌ๐ก๐ž๐ ๐ฉ๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐ฐ๐ข๐ญ๐ก ๐’๐š๐ฅ๐ญ ๐ข๐ฌ ๐ฏ๐š๐ฅ๐ข๐๐š๐ญ๐ž๐?

โ–ถ While saving the hashed password in database we store SALT as well in different column.

โ–ถ When the request comes for login we retrieve the SALT against that specific user against username/email and then combine it with the incoming password then hash it

โ–ถ After that it is compared with the hashed password that was originally saved in database and verified accordingly.

About

This repository contains all the content I have published so far

Resources

Readme
Activity

Stars

42 stars

Watchers

8 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published