If you develop Web applications or Web APIs, you’ve certainly used Fiddler for examining requests and responses. If your client and server run on PC the is no problem using Fiddler, but imagine that both my server and client run on Linux devices and I wish to sniff HTTP traffic between them but I do not have possibility to install software like Fiddler or Wireshark on these devices. The only thing I can do is to configure the server’s host name on the client device. Here is the diagram:
One of the possible solutions here is to direct traffic via my Windows machine, where I can use Fiddler and other tools. This requires use of proxy server which will listen to HTTP traffic and redirect it to the actual server. There are such existing proxy servers like NGINX and other, but I like to write tools by myself. 🙂
So this post is about writing your own redirecting proxy using C#.
Sometimes there is a need to embed a simple HTTP Web host into your application without using IIS (to expose some API, provide some management UI etc.). The code below does exactly that.
The SelfHostedWebServer class encapsulates HttpListener class which does all the job. You may create an instance of the class providing 3 parameters to the constructor: the list of URLs to listen (e.g. http://localhost:8080/api and http://localhost:8080/ui), callback which will be called when http request is received (you will need to create a method which reads the request and creates a response) and log callback (an optional method which will be called to provide log messages). The class is based on the https://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server post, with some changes and improvements.
Let’s talk about security.
When you develop a software, one of the issues to consider is security. It is relevant for any type of applications – web, desktop, mobile etc.
I’ve seen couple of anti-pattern ways to deal with security in software development:
- application is developed without paying too much attention to the security, and then – as one of the last steps before the release – some security expert is invited to perform security review or penetration testing and provide a list of required changes – some of them are rejected (because it is too late to do such large changes) and some of them are implemented (in a quick and dirty way). For example, list of twenty required changes is provided, and then PM says – ok, we can’t do items #1-19 from the list, let’s do just number #20 – which is for example enable SSL – and that’s it.
- application is developed with security in mind, but it is not done in systematic way (just some security issues are considered and some security features are enabled here and there) and it is not done by security experts.
In order to avoid being in group a or b below, security should be considered in a systematic way during all the software development lifecycle, and acceptable standards, guidelines and best practices should be used. Such practices include OWASP, Microsoft SDL, CERT and more. See for example benefits and some details on Microsoft SDL: https://www.microsoft.com/en-us/SDL/about/benefits.aspx , https://social.technet.microsoft.com/wiki/contents/articles/7100.the-security-development-lifecycle.aspx
Below I will provide a cumulative checklist of issues which should be taken care of in order to develop a secure software. It should be implemented as early as possible during the development process.
There are a lot of tutorials on starting Angular 2 + ASP.NET/WebAPI project, but they contain almost hundred of steps where you need to create tsconfig.json, package.json and a lot of other files manually, change things, download multiple packages and so on – and at the end your project contains many unnecessary files.
The purpose of this post is to give the simplest and quickest way to quick-start a new Angular 2 Web Application with ASP.NET WebApi backend. It is the quickest way to start a new project I’ve found so far, and it is based on a VS project template available online developed by Miňo Martiniak (Mino.Angular2VisualStudioTemplate).
Install and Create Project
1. Install VS2017, npm, node.js – see one of my previous posts: Visual Studio 2017 + Node.JS + TypeScript – Visual Studio 2017 + Node.JS + TypeScript.
2. In VS 2017, Create new project – search online templates for Angular:
There is a huge amount of different books on software development. Most of them are like “Building applications using XYZ and ABC”, with many pages of code inside, examples and directions. They may be useful, but you may manage to do without them, just by using some articles, tutorials and examples.
And there are books which give you concepts, ideas and deeper understanding of things, which form you as a developer and professional, and help you in many projects and many positions, whatever technology you use. These books you remember forever and sometimes read them again and again.
So, here I will give my list (partial, what I remember) of such fundamental books I recently read and recommend any software developer to read.
Why node.js? https://www.toptal.com/nodejs/why-the-hell-would-i-use-node-js
Why typescript? https://www.typescriptlang.org/ , https://basarat.gitbooks.io/typescript/docs/why-typescript.html
Why Visual Studio? https://www.visualstudio.com/vs/node-js/
Below I explain how to install and configure all these things together.
1. Install Visual Studio 2017
Install Visual Studio 2017 (Community Edition is free for personal use!): https://www.visualstudio.com/free-developer-offers/
Select the Node.js development option during the setup:
2. Install Node.js and NPM
Download node from https://nodejs.org/en/download/
Update npm by the following command in the command line:
npm install npm@latest -g
Imagine you have developed a service. Any service – Web Service, Web API, WCF, UDP – technology and protocol do not matter. Then your service should be used by other components of some system or project (I will call them “clients” here). In many cases running just single instance of your service will not be enough due to different reasons:
- Availability/redundancy. The whole system may fail if your single service instance fails. So, you will need to run multiple instances of your service on different servers. Some instances may be passive.
- Performance and load balancing. Single instance of your service may not be able to deal with all the requests it gets, and you will need to distribute the load between multiple active instances hosted on different servers. In other words, your service should be scalable.
- Both reasons 1 and 2.
In this post I will try to overview available options for running multiple instances of the same service, and I wish to have a design which covers all reasons from the list above –redundancy, load balancing, scalability, high availability. I will not use any special technologies or frameworks dedicated to this problem – just general ideas and plain old programming languages, databases and communication protocols.
The problems we meet here are obvious: if there are multiple services and multiple clients, somebody should tell the client what is the address for sending requests, somebody should take a decision which service instance will process a request, somebody should monitor the state of the services, somebody should solve concurrency conflicts between the services etc.
So, let’s start with the options.