ASP.NET Community Standup – February 16, 2016

This is the next in a series of blog posts that will cover the topics discussed in the ASP.NET Community Standup.  The community standup is a short video-based discussion with some of the leaders of the ASP.NET development teams covering the accomplishments of the team on the new ASP.NET 5 framework over the previous week.  Within 30 minutes, Scott HanselmanDamian EdwardsJon Galloway and an occasional guest or two discuss new features and ask for feedback on important decisions being made by the ASP.NET development teams.

Each week the standup is hosted live on Google Hangouts and the team publishes the recorded video of their discussion to YouTube for later reference. The guys answer your questions LIVE and unfiltered.  This is your chance to ask about the why and what of ASP.NET!  Join them each Tuesday on where the meeting’s schedule is posted and hosted.

This week’s meeting is below:


Links of the Week


Why does Damian have a gavel in the ASP.NET team room?  During a security review in the past, a security analyst brought the gavel so that they could interrupt the presenting engineers to point out items that need review.

The post-its on the wall behind Damian are older, from a different team and are not relevant any longer.

Over the last two weeks a number of planning meetings and discussions took place to discuss what is remaining for ASP.NET Core.  There is a set of data that the team is collecting and prioritizing in order to better estimate a final delivery date.  Among the items under discussion is a versioning story for delivering a first version that can be easily updated.  There are lots of implications to this including how projects get built, the frameworks and tools get updated, and the team wants to ensure that they get it correct.

There are roughly four key foundational documents that the team needs to agree on in order to have the final scope of deliverables.  Damian feels that these are not ‘Github Issues’ but a higher-level document and discussion that will generate issues that support these documents.  These documents cover roughly the following concepts:

  • .NET Core CLI
  • .NET Core Project Model
  • .NET Standard Library
  • .NET Platform Standard

The interesting thing about this release compared to prior releases is that the Microsoft teams are very much abiding by the transparency of an open-source project and you can see all of the changes and discussions that are taking place in developing the ASP.NET framework and tools.  Damian pointed out that a similar experience happened with Visual Studio 2010 when a beta was released and the feedback indicated that more work was needed. A delay was announced and in a closed-source manner the teams quietly worked through similar discussions that you are hearing about now prior to the release of Visual Studio 2010.  The result: a good product that a number of developers are still using today.

Questions and Answers:

Comment: If this is open source, there needs to be transparency

— We agree, once we have a delivery date confirmed we think developers will be able to start making decisions about how to proceed.  If you are working off of nightly builds, you may have to engage in changes between now and the release date.

Question: If ASP.NET Core is supposed to launch as a console application, when I have several web applications in a solution and I hit F5, will it launch in debug mode with several console windows?

— Not if they are configured to launch in IIS express – IIS Express will launch in the systray with the applications launched and managed in the scope of IIS Express with no window

Question: What is the status of ASP.NET Identity for ASP.NET Core

— User management UI is not part of ASP.NET Core, and a full product like Identity Server can handle and provide a user interface for this.  There is a self-serve identity registration and password management capability in the templates and framework.

Question: If ASP.NET Core is being delayed, will Entity Framework Core be able to get more features in?

— No… no one is able to get more features in because all teams are blocked by the same core engineering concept changes.

Question: Can the standup be run earlier?

— The standup is held at 10am PT one week and 3pm PT the next.

Question: Is SignalR being released before or after RTM since that date is being pushed out?

— After – we are not adding scope to the release.

Question:  Is “MVC6” available on ASP.NET 4.6?

— No… the MVC capabilities in ASP.NET Core are part of ASP.NET Core, and not specific to MVC. MVC6 was named that because it had the same package name as MVC 5 and needed a new version number. Due to the rename it is now just MVC that is just part of ASP.NET Core.

Question: Can this ASP.NET Core project format be used with ASP.NET 4.6 projects?

— No, ASP.NET 4.6 does not support this capability

Question: Bower files are placed in wwwroot/lib – this puts them in source control.

— Hanselman has a blog post about how to move this content around using Gulp. Then exclude the lib folder from source control appropriately

Question: Will ASP.NET Core in IIS be hosted in w3wp.exe?

— No, the Http Platform Handler will be used — Scott has a blog post that demonstrates how this works with Ruby on Rails.

Question: How about integrating console windows into VS?

— Not yet… and out of scope of ASP.NET.  The package manager console and the new REPL in Visual Studio should get you a lot of the features you need.

Question:  Are there plans for supporting Oracle DB?

— This is an entity framework question — we’re working with partners to help support other drivers like Mongo and Postgres.  Big and obvious stuff like this is in the works.  🙂

Question: When ASP.NET Core 1 is released, when will EF7 (now Entity Framework Core 1) and SignalR come out?

— Entity Framework Core is part of the release. SignalR is not on the schedule yet, we will let everyone know when we can plan to deliver that feature.  The team is not adding scope and is working hard to not drop scope from the release.  They are purposely not mentioning dates because they are focused on functionality right now.

Question:  What does the team think of Aurelia?

— Scott and Damian haven’t used it yet, but Jon has tried it and is happy with it.  It should work fine with ASP.NET Core because it is a front-end library that should work great with any server-side framework

Question: How is the performance work going?

— Good! There is a larger team engaged now that is prepping updates that will be submitted to TechEmpower benchmarks. It will get faster, as there are some known techniques that are still being implemented that will drive performance by another 20-30% This is the one area that is low-risk and could get more attention and benefit from a pushed out timeline.

Question: Can we have a type-safe configuration file? We have typescript and roslyn – why not strongly-typed?

— This was purposely designed to be extremely flexible to allow for many different configuration options.  Filip W. has a blog post that demonstrates adding this capability of code as configuration  Damian uses strongly-typed classes that are populated by config files, check the documentation for more details.  Scott prefers .INI files because he’s a child of the ’90s.

Comment: Thank you for putting Gulp into the new web templates — introduced a new developer to Gulp and they enjoy working with it now.

Question: Noticed that the team is using an internal version of Moq, are there any mocking frameworks available that support .NET Core?

— Not yet, the issue is that most have a dependency on a Castle.Windsor feature.  We submitted a PR to Moq to allow it to be able to support .NET Core, and we haven’t followed up to determine if it was accepted.

Question: Whats the best way to get session state into ASP.NET Core?

— Its there… it’s a new session API with providers for Redis and SQL.

Question:  Are there any renames coming like Microsoft.Extensions.*

— No… the tools may change , like the EF Command Line tool and the user secrets tool

Question:  Is there an example of using OAuth with Google?

— Its in the new default templates in Visual Studio, there are samples in the entropy repository. The sample one in the docs doesn’t show how to handle custom claims — look in the repo or ask a question in the Issues.

Question: Is there a way to get csproj files to automatically add files that are in the project path in a way like the new project.json project model does?

— There is a way to update the csproj content to include a folder with a wildcard, but Visual Studio doesn’t understand it.  This is one of the features of the new project model.

Question: Can we create a new HttpRequest and push it down the pipeline from inside that application for testing or a proxy?

— Yes, the team uses this for testing — the error handler middleware will reset and re-run the pipeline when there is an error.

Question: Several solutions with several projects referencing each other are creating problems when new commits are fetched. Dnu restore and then restart seems to be the only way out

— This is a problem that the team is working on.  The way around this seems to be to clsoe Visual Studio and sync from Git first so that Visual Studio does not kick off a dnu restore as the project is updated from Git.

Question:  If an application under Kestrel crashes, is there an automatic restart?

— Your front host-process like nginx or IIS knows how to restart the server process that its maintaining. If you’re not using a host-process and running kestrel directly then you should be able to re-run using the service process.

Question: Can we get a JToken from json config when the full key path isn’t specified?

— The config API only returns strings so that it is provider agnostic. The config primitives are all string-based so that you can change your configuration provider.

Question:  Calling MVC6 API using CORS from another app, all works fine when returning 200 and 404 status codes. When an unhandled exception returning a 500 status code is triggered, the access-control-origin header isn’t configured properly.

— There is CORS-middleware available that can be configured, but CORS is a browser-centric concern.  The CORS policy is only needed if you are doing anything that is not a simple GET.

Question:  Do you foresee a lot of API churn going forward?

— The APIs in the ASP.NET stack are very stable – the work is now in the packaging, installers, and under-the covers experience.

Question: How can I use Azure App Service Simple Auth with an ASP.NET Core application?

— The Azure feature is based on traditional ASP.NET features and will not available at launch of ASP.NET Core.

Question: Is it possible to have the build process create everything needed for the web app in one directory?

— This is one of the key scenarios the team is trying to define the story around.  How does the .NET CLI prepare content to be published is the question they’re working through.

Question:  What is the status on Http Basic, Digest or NTLM authentication on kestrel?

— NTLM and Digest will not be in 1.0, Damian needs to verify if Basic is included in 1.0 but does not think Basic auth middleware is built yet.

Question: What samples would you suggest to learn the latest bits? Is Music Store up to date?

— Not yet… the end-to-end story is not there yet, you would only get fragments. The new release isn’t ready until the .NET CLI stuff is ready. Dnx is out of date now and you should wait until the framework is a little more ready.  Jon also recommends checking out the MVC Samples repositories on GitHub.


Thank you for reading and your interest in ASP.NET.  We know the Community Standup is a good resource for those folks that want to be engaged with the team, and we look forward to sharing more with you next time.  Follow along at