.Net

Introduction

Starting with .Net 5.0 (previously ".net core") Microsoft switched the application framework to an OpenSource, portable and container first delivery.

We recommend any developer using .Net to review the support lifecycle. As an application developer the responsibilities to patch and update the framework is under a different lifecycle they now assume.

Getting Started

First create a new GitLab project using the instance template from the AppBase for your language (Dotnet).
- The AppBase will provide you with a pattern to deploy applications
- Will automatically setup GitLab CI/CD tools such as security settings
- The quickest way to get up and running with OpenShift.
- Read the README.md file in the repository for latest instructions and notes for your framework.

TODO:

OpenShift notes

Notes

Microsoft Cloud-Optimized apps

info about who to cloud optimize

NuGet lock

Add the following lines to the WebApp/WebApp.csproj to generate a NuGet lockfile for the GitLab Dependency Scanner.

<PropertyGroup>
    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
</PropertyGroup>

X-forwarded-for

x-forwarded-for headers load balancers + kestrel (enable these, usually will break for open id connect/AzureAD)

How to solve https redirects behind a load balancer

Health probes

Probes for liveness and readiness

Caching

Caching to move the session and state to a cache tier vs in app (round robin can cause issues)

Kestrel options

General kestrel options (security limits)

Entity Framework

EF Migrations

Security Headers

HSTS (this will always come up in security scans)

XSRF/CSRF mitigation

XSS mitigation

CORS mitigation

Introduction​

Getting Started​

Notes​

Microsoft Cloud-Optimized apps​

NuGet lock​

X-forwarded-for​

Health probes​

Caching​

Kestrel options​

Entity Framework​

Security Headers​