Your C# Methods Were Always AI Tools. They Just Didn't Know It Yet.

Here's a secret about AI agents: the impressive part isn't the LLM. It's what happens when you give the LLM permission to call your code.

A method that looks up customer data. A function that checks if inheritance shares add up to 100%. A service that retrieves FAQ content. You've been writing AI tools for years. They just didn't have a [Description] attribute on them yet.

In this session, I'll start with the simplest possible AI agent, then progressively add real capabilities: function tools backed by plain C# methods, middleware for logging and control, a multi-agent workflow where one agent validates legal documents while another drafts summaries, and full observability through OpenTelemetry. The examples come from our legal tech product, where we went through exactly this journey, from auto-suggesting chat answers to orchestrating agents that review legal documents.

Built on Microsoft Agent Framework and Microsoft.Extensions.AI, but the talk is about the patterns, not the packages. If you know dependency injection, middleware, and handlers, you're already 80% of the way there.

This session is for .NET developers who want to integrate AI capabilities into existing applications without rewriting everything or getting a PhD first.

You'll leave with:
- A practical understanding of agents, tools, and workflows in Microsoft Agent Framework
- The ability to decide what should be a deterministic function vs. what needs an LLM
- Patterns for multi-agent orchestration that are testable and observable
- A healthy respect for the line "if you can write a function, do that instead"

Build With Intent

We inherit habits. From courses, from examples, from colleagues, from "best practices" no one remembers the origin of.

We build layer upon layer of abstractions because that's how it's always been done, not because the problem demands it. The same happens in the kitchen, at the gym, and many other places in our life: we do things because we've always done them that way. We forget to ask "why?"

We talk a lot about building software fast, but do we remember to ask why we're building this particular thing? In an age where AI can generate code faster than we can think, the ability to ask "but should this code exist?" becomes more important than ever.

In this talk, we'll explore how to stop, ask the right questions, and make intentional choices, with a simple framework you can use right away. In your code, your architecture, the way you work and in your life.

Modern Authentication & Authorization Patterns in .NET

Most .NET developers rely on basic authentication patterns that break down in modern distributed systems. Simple role-based authorization and cookie-based authentication can't handle multi-tenant SaaS applications, microservices architectures, or mobile clients securely. The result is either over-engineered custom solutions or security vulnerabilities that expose sensitive data.

This talk demonstrates OAuth 2.0 and OpenID Connect implementation in .NET, focusing on policy-based authorization, zero-trust patterns for microservices and token management strategies. We'll build working examples of attribute-based access control (ABAC), service-to-service authentication, and cross-platform token flows. You'll see techniques for debugging authentication failures and how to security patterns using ASP.NET Core's authorization framework.

If you are a .NET developer working on web APIs, microservices, or multi-client applications who need to move beyond basic [Authorize] attributes, this talk is for you. Whether you're building SaaS platforms, securing service-to-service communication, or integrating with third-party identity providers, you'll gain immediately usable code patterns and architectural strategies for production-ready authentication systems.

Code that writes code - .NET Source generators

Tired of writing repetitive boilerplate code? Enter .NET Source Generators - your key to automating code generation at compile time. In this session, we'll explore and demystify this powerful feature that lets you inspect your codebase and generate new C# source files during compilation.

You'll learn how to create source generators from the ground up, including working with the Roslyn compiler API to analyze syntax trees, semantic models, and symbols. Don't worry, it's actually easier than it sounds! We'll explore practical techniques for traversing your codebase, filtering syntax nodes, and generating precise, context-aware code that integrates seamlessly with your existing projects.

Through hands-on examples, we'll implement source generators that solve real-world problems. We'll cover examples like creating strongly typed entity IDs to prevent primitive obsession, generating boilerplate code, auto-implementing interfaces, building compile-time helpers and more.

This session is designed for intermediate to advanced .NET developers, team leads and architects looking to improve code maintainability, as well as anyone interested in meta-programming and code generation.

After this session, attendees will gain a thorough understanding of source generator architecture and lifecycle, along with practical knowledge of working with the Roslyn API for code analysis. They'll learn essential techniques for debugging and testing source generators, good practices for implementing them in production projects, and acquire a toolkit of ready-to-use patterns for some common source generation scenarios.

Ditch your backlog and start building stuff that actually matters

Your backlog is lying to you

It promises order but delivers anxiety. It says "we'll get to this eventually" but really means "never." We were drowning in our endless list of "someday" tasks for years until we killed our backlog, and our team finally started shipping what actually mattered.

In this talk, I'll show you what we learned from ditching the traditional backlog in favor of focused work cycles and strategic prioritization. Who could have known that when you stop pretending you'll someday build everything on that list, you can start actually focusing on building the right things, right now.

We swapped time estimates for time budgets. We traded the illusion of planning for actual progress. And we went from accumulating technical debt to actually paying it down.

There were trade-offs and challenges along the way, and I'll candidly share those as well. Whether you're at a scrappy startup or navigating the enterprise, you'll walk away with a new lens on how to move faster without the backlog baggage.

Ready to dump that backlog?

Awesome Azure Authentication Adventures Workshop

So, you know how to build an app, but all this authentication stuff in Azure is a bit of a black box for you? This is the workshop for you then! Over two full days, you will dive into all things identity-related in Azure, how to set it up, maintain it and how to use it in your apps! This is a practical workshop, taking you through the basics of identity, showing you how to configure Entra ID and how to use it in your applications.

You will not only learn how to use Entra ID to protect your apps, but also to protect the environment they run in and how to use Entra ID to enforce policies for resource access.

Some of what you will learn:
• The basics of OAUTH/OpenID.
• Identity concepts in Entra ID.
• How to integrate your applications with Entra ID and use single-sign-on (SSO).
• How to secure your APIs using Entra ID.
• Several ways of granularly granting permissions to various resources, both by role, application or user.
• What is the difference between an app registration and a service principal?
• Getting rid of passwords and using managed identities.
• Using identity to access Azure resources
• Role-based access control
• Granting access to external collaborators.
• Implementing just-in-time, auditable permissions for protected resources.

There will be hands-on labs you can do on-site and take home with you to reinforce the concepts and techniques you learn.

Who is this for?
Developers who want to get a better understanding of how Entra ID works and how to use it to secure their applications and environments.

While the concepts can be used with any language, the workshop examples and labs will be in C# on the .NET platform.

No prior knowledge about Azure Active Directory or identity assumed. Basic programming skills and familiarity with C# are necessary to follow code examples and do the hands-on labs.

To do the labs you will need to bring a computer with the latest .NET SDK and the editor of your choice (for instance Visual Studio, JetBrains Rider or VS Code).

This is a two-day, interactive workshop with hands-on labs. Can also be adapted to a one-day workshop, usually with less hands-on labs

Practical advice for building glorious monoliths

Monoliths often get a bad rap. However, when designed with care and strategy, a monolithic architecture can not only be efficient but also 'glorious.' This session aims to dismantle the myths surrounding monolithic applications and provide advice for building a robust, maintainable and scalable monolith.

We will look at various aspects of monolithic architecture, such as defining contexts, organizing the code, structuring your application for developer ergonomics, synchronous and asynchronous communication between contexts, minimizing boilerplate code, effective data separation, testing and implementing useful architectural patterns.

Through practical examples in code and advice you will get an overview of key principles for creating a high-quality modular monolithic application that is a joy to work with.

Are you a developer or an architect who want to see how you can build monoliths, learn why you absolutely should, and still enjoy your work? Then this session is for you.

Let's build that glorious monolith - The Art of Monolithic Application Design

Monoliths often get a bad rap. However, when designed with care and strategy, a monolithic architecture can not only be efficient but also 'glorious.' This workshop aims to dismantle the myths surrounding monolithic applications and provide practical insights into building a robust, maintainable and scalable monolith. Through both theoretical knowledge and hands-on practice, participants will learn key principles of creating a high-quality monolithic application that is a joy to work with.

## What you will learn and do

During the workshop, we will look at various aspects of monolithic architecture, such as defining contexts, organizing the code, structuring your application for developer ergonomics, synchronous and asynchronous communication between contexts, minimizing boilerplate code, effective data separation, testing and implementing useful architectural patterns.

Participants will have the opportunity to apply these concepts in real-time, as we collectively build a monolithic application from scratch. The session will also cover strategies for maintaining a monolith's integrity over time and, if necessary, transitioning parts of the monolith into separate services.

## Who is this workshop for?

This hand-on workshop is designed for developers and architects who want to explore the full potential of monolithic architecture. Whether you are building a new application or looking to improve an existing one, "Let's Build That Glorious Monolith" teaches you a monolithic design that will let you enjoy a calm and pleasant life.

## Practical requirements

The workshop will be using C# and .NET for the hands-on coding, but the principles are applicable in many languages and frameworks. Some familiarity with C# and .NET is helpful for following along with the examples and labs.

Participants are expected to bring their own laptop with the latest version of .NET and a suitable editor. Some of the labs require having Docker installed and working.

This is a two-day, interactive workshop with hands-on labs. Can also be adapted to a one-day workshop, usually with less hands-on labs

Building that glorious monolith. And carving it too.

To microservice or not to microservice, is that really the question? I'd argue that the best way to start a project is by building a monolith. It will give you better results, faster, than running down the microservice path right off the bat. But we've all heard the horror stories from the big ball of mud monolith that slows all development to a crawl. It doesn't have to be that way. There are some well-established patterns and practices that help us build glorious monoliths, where the code is not a big ball of mud or stale and sticky spagetti.

I'll talk about how we've used techniques like Domain Driven Design, eventing, and API design for keeping our monolith ordered and easy to navigate. Keeping the complexity manageable and our development speed fast.

And we'll show you how to carve out the pieces you need, when you need it, to another service - with a minimum of work.

Awesome Azure Authentication Adventures

You have some web applications and some services deploying to Azure, and you want all the communication to be authenticated and secure. Both from your users and between the different services and from the service to the databases. And without passing usernames and passwords in connection strings and application settings.

Turns out, Azure Active Directory is great at this, but it's not always easy to get it right. We'll go through user authentication, forwarding credentials, asking for consent, securing your APIs, service to service communication, managed identities and database authentication. All of it! How does it work and how can you get secure right away.

Keep your nose out of it. Denying yourself access to production

In today's world of personal data, privacy concerns, malware and just plain bad luck, having access to a production system and production data is simply a Bad Idea. And not just for yourself, but every one. The developers, the database admin, the operations team - none of them should have access to production.

So how can we do that, and at the same time maintain our high rate of releases, our agility and our sanity?

Glenn will go though some principles to follow and also show you in practice how you can create your environment, lock it down and update it, all without human intervention. He will also show you how you can monitor the environment for unauthorized changes. How you can have "emergency hatches" for when you really need access, but in a controlled fashion. Examples will be for Microsoft Azure, but the principles are universal.

In short, if you want to keep your production environment and production data at an arms length, but still so what you need when you need it, this is your session.

Developing privacy

In this day and age, privacy is important to our customers, and it should be important to you as well! In some cases, you're legally obligated to ensure your user's privacy and to protect their information, but it's increasingly becoming The Right Thing To Do (tm) as well. So how do we do it? Which traps lie in these waters? How do we, as developers, build solutions that protect our users from the start and all the way into the core of our applications. We'll go through patterns and techniques you can directly apply in your work, we'll talk about questions you should be asking your business and help you make privacy a feature of your system and not an afterthought. Without making your life needlessly difficult.

Why your company needs an internal API and what you should do about it

A problem for many companies is that their information and processes is locked down in various software systems. Integrations are hard, often duplicated and multiplied by the number of systems. Changing core systems directly is slow, costly and hard. The complexity increases exponentially and slows the rate of innovation.

Creating a company service platform on top of these core systems can allow for a simpler and faster way of innovating and experimenting. How do we ascend to this Nirvana? By good old-fashioned development. By doing the hard work only once and building services that exposes more and more parts of the internal systems and processes. I’ll show you the why and the how, enabling you to create a robust, scalable and secure service platform for your business.

Where do you want to go tomorrow?

Are you in the place you want to be? Are you moving into unknown territory or thinking about stepping up, but you don't really know how?

We'll talk about the different roles a developer can, and probably will, have in a lifetime, how to handle them, how to prevent some of them and how to get to the ones you want faster. In short, how to manage your career like a proper project and not just wing it all the time.

I'll claim to have picked up some insight in a few different roles, warn you against some of my stupid mistakes and share some experiences I've seen others have. All in all you should get some inspiration and tools to help you decide where to go and how to get there.