Logging with purpose

No matter how skilled you are as a developer, once you put your system into production and users are allowed in, unexpected things will happen. While most users are just doing their job, some users may have far more nefarious purposes for interacting with your system. In both cases you need insight into what is happening in your system so you can ensure the regular users are able to do their jobs, and prevent the bad actors from abusing your system. This is where logging and monitoring really can make a difference by providing necessary data to improve and protect your system.

Logging is a multifaceted tool, and has many use cases but without a proper strategy in place the logs can easily fill up with noise hiding the desired information. In this session we'll see how logging can serve both developers and operations, as well as keeping an audit trail for business and security reasons. Log with purpose, and cut down on the difficulty of separating useful signals from overwhelming noise.

OAuth 2.0 and OpenID Connect demystified - An OpenIddict story

Adding sign in via OpenID Connect providers like Microsoft or Google is a breeze these days. With a few click of the mouse a fully scaffolded ASP.NET Core Identity project is generated that pretty much works with just some configuration changes. But then the authentication scenarios become more complex, and so the scaffolded code requires changes, at which time it's easy to wind up changing code that you didn't write, and to be honest, probably never quite understood in the first place.
In this session we'll shed some light on just what OpenID Connect and OAuth 2.0 are and how they work together to authenticate your users. And with this knowledge in hand we'll look at how OpenIddict can help you simplify your OpenID Connect workflows on both ASP.NET and ASP.NET Core, so you can get back to keeping the riff raff out of your systems.

Keep it secret, keep it safe - Encryption that just works with ASP.NET Core Data Protection

If you have ever setup Anti-forgery tokens in ASP.NET Core, or added cookie authentication to ASP.NET Core Identity, you have relied on ASP.NET Data Protection. With a design philosophy of being easy to use and with simple or no configuration, ASP.NET Core Data Protection offers industry standard methods of protecting your sensitive data, and it's available for both .NET and .NET Framework.

Join me as we look at how to protect your data via the near fool proof IDataProtector and how to setup Data Protection from the simplest "it just works" scenario to sharing keys between different services or load balanced instances using Azure Key Vault. For when Azure Key Vault is not an option we'll look at how to persist and share keys to file a system or a database. And if nothing existing works for you, with the extensibility APIs there's always the option of building your own key repository.

Cheating at .NET security, the right way

You might have heard of the OWASP Top 10 Web Application Security Risks, but did you know that OWASP publishes more than 80 Cheat Sheets with condensed information on how to improve security in your applications? With topics ranging from Authentication and Logging to Threat Modeling and User Privacy protection the Cheat Sheets provides both guidance as well as hands-on code examples. In this session we'll focus specifically at the DotNet Security Cheat Sheet and look at some practical examples on how to address the OWASP Top 10 Security Risks in .NET. And for those of you still using .NET Framework, don't worry there's some good stuff in there for you as well.

Analyze this: Raise your code quality and follow code standards with the Roslyn analyzers

If you are a developer using Visual Studio, chances are you have noticed squiggly underlines in your code that show up when you have written code the compiler cannot interpret. They are only a small part of the surprisingly extensive Roslyn analyzers tool kit.

Starting with .NET 5 a few analyzers are activated by default, but with some simple configuration, these and hundreds more can be enabled not just for .NET 5+ but previous versions of .NET such as .NET Core and .NET Framework. There are analyzers to help you improve your code quality and analyzers to help you maintain your coding standards. Using .editorconfig files you can configure these analyzers across your entire code base and control which analyzers should be active for different parts of your code base.

In this session, we will dive into how the Roslyn analyzers are activated and configured to display suggestions, warnings, or errors. I will look at strategies on how to add Roslyn analyzers to an existing code base without being swamped in warnings, and show how to validate the rules during a command-line build. Once enabled the Roslyn analyzers help ensure your code is easier to read and safer to run.

Thinking clearly: What can design principles teach us about writing clear code?

The design of individual lines of code as well as the greater structure of our projects are important in understanding the functionality of our applications. Our code is the UI into the application logic and with that in mind, how can we use UI design principles to write code that is clear and easy to understand?

In this session we take common design patterns and principles and apply them to our code. How the eye travels throughout a design (Movement), and the reoccurrence of elements (Repetition), can assist us in method design and class structure. Pieces of recognizable elements (Patterns), and the visual ranking of elements (Hierarchy), will aid us design our classes and organize our projects. With these patterns and more we will see why code styles matter, why names are important, and why, even in code, less is more.

Target audience is any coder who wants tips and hints on how write clearer code.