The painful way of migrating to dotnet

Recently I started to checkout the newer version of Microsoft dotnet. However, the tooling [Visual Studio / VSCode] were all like, you have to be connected to the internet and also need to be updated. Few of the packages are moving the bleeding edge, the remaining still lagging behind.

As a normal developer that is used to .Net Framework 4.7, it really is a worst experience, as you get all weird errors, but no help from Microsoft groups. I ran into this while running a test case in XUnit where there is a huge mess. I made a simple check-in for ASP.NET Security which took 1 hour but trying to setup debugging and running the tests have taken approx 2 days and not yet successful.

Given this much pain, it will be worth moving to a different language and trying to get up to speed as I was never expecting Microsoft to screw up the developer’s life so bad with the newer versions.

Configuration Aspects in Multi-Tenancy

In Multi-tenancy, the following are some of the aspects that are linked to the configuration of the application that needs to be delivered as a SaaS application.

Custom configuration

1.1 User Based Configuration

In case you are planning to allow the user’s to custom configure the application, they have to be maintained on a per-user basis and in case of one user having access to different companies [tenants in Multi-Tenancy], you will also have to isolate the data by tenant and user combination

There are various levels like flipping switches by a user that turns on and off of a functionality to even licensing the product at a user level. The former will require a user based discretion alone. However, the latter one may require a workflow like a model where a user can raise a request for a feature from his admin and the admin approves the same and then the user gets to access the newly requested feature

1.2 Tenancy Based Configuration

In case of a tenancy based model of customization, there will be multiple levels like having a company [tenant] to subscribe to plans to gain access to the various application features.

Additionally, the tenant will have to configure the company workspace like providing the credit card details for payment, email configuration for the company specific emails etc. This also involves the flipping of ON / OFF switches which in turn make the functionality work more dynamically

  • Regarding the several applications you have plans for, they do require SSO and also the flow of the configuration and company specific data across the applications. There can be company [tenant] specific database which needs to be stored and maintained for which the Azure Shard Map or similar ones can be used.
  • There is a code base scaling which can be configured on-demand by your PaaS provider like Azure. However, the application needs to be developed in a fashion so that it can support database partitioning and scaling. This will have to take into account the factors like data-isolation etc.

There are various PaaS providers which needs to be decided based on your exising and future / predicted user base and then the same can be decided and opted for.

Microsoft has some nice articles for Multi-Tenancy given below

Entity Framework Versus Dapper

Comparison of Dapper Versus EntityFramework

Being authored an authorization server for Multi-Tenant SaaS Applications, one fine day, I was doing application profiling and noticed in profiler, that the context loading was taking more time, rather than rewriting the same in ADO.Net for critical requests that are required to handle data faster, I thought I would opt for Dapper.

Dapper had a simple wrapper over the SQL Connection that takes the Query and the paramters [SQL Paramters for parameterized Query]. I found dapper simple and interesting. Deciding to try out Dapper in a similar environment than replacing in the exising ones, I did a couple of benchmarks of Dapper Versus EntityFramework and the following are the observations.

Method Job Jit Mean Error StdDev Median
GetClientDetailFromDapperDAL_Async LegacyJitX64 LegacyJit 243.2 us 4.817 us 5.354 us 243.8 us
GetClientDetailFromEFDAL_Async LegacyJitX64 LegacyJit 465.5 us 9.258 us 24.390 us 457.1 us
GetClientDetailFromDapperDAL_Async RyuJitX64 RyuJit 237.6 us 2.447 us 2.169 us 237.6 us
GetClientDetailFromEFDAL_Async RyuJitX64 RyuJit 465.6 us 9.022 us 12.940 us 465.1 us

The source code for this analysis will be posted shortly.

Getting started with aspnet Core 1.0

Getting Started with ASP.Net Core 1.0

Today, I got started with the core 1.0. I have been using the .net version 4.6.1. Since, the official release is out, I thought that it may help me in learning and getting accustomed to this model so that I can migrate the code that I work day in and day out to reflect the latest

The following are the steps that I did

1. Downloaded the core 1.0 for windows [Not visual studio one, though I have VS 2015]
2. Installed the Visual Studio Code
3. created a new folder as per mentioned in the microsoft document
mkdir aspnetcore
cd aspnetcore
dotnet new

4. The step3 was completed with a couple of files like project.json and program.cs etc
5. I added the Kestrel Web Server and then registered the same in json file
“Microsoft.AspNetCore.Server.Kestrel”: “1.0.0”,
6. I created a new dummy middleware to test out the OWIN pipeline
app.Run(context =>
return context.Response.WriteAsync(“Hello from ASP.NET Core!”);

7. now i called dotnet build from the same command prompt
8. Then, I need to call dotnet run so that the source code is built and run in a port, typically port # 5000.
9. Things went well. I thought, it was enough for a hello world
10. I had to really create a WebApi and test. I created a new Folder for storing the models, controllers
11. Once the code for the above are done, I am still using VSCode, as expected, there will be build errors when running “dotnet build”
12. I had to add MVC somehow to the project, I guessed it should be within the project.json file, so googled and added
13. Then it seemed that I had to add MVC to the request pipeline so that I can access the above built in Api
14. I tried app.UseMvc() within startup > Configuration as I usually do in the previous versions [No googling done so far]
15. I got the message that AddMvc should be within ConfigureServices and as part of the IServiceCollection
16. Added that and the routes as well
17. Built and ran the app, viola, things were working fine!!!

Got a good start with ASP.Net Core 1.0

Source Code URL :

High-Order functions in Scala

I am posting the code snippet that progressively shows how the higher order functions can be written in Scala programming language

I will detail the steps a bit later, code for now.

class intSum {

def sum(a: Int, b : Int) :Int = {
if(a > b) 0;
else a + sum(a+1,b)

def multiSum(addend: Int, a: Int, b: Int) : Int = {
if(a > b) 0;
else add(a,addend) + multiSum(addend, a+1,b)

def prodSum(prodend: Int, a: Int, b: Int) : Int = {
if(a > b) 0;
else multiply(a,prodend) + prodSum(prodend,a+1,b)

def add(base: Int, no: Int) : Int = {

def multiply(base: Int, multiplicand: Int) : Int = {
base * multiplicand

def multiSumWithFunc(f :Int=>Int, a: Int, b: Int) : Int = {
if(a > b) 0
else f(a) + multiSumWithFunc(f, a+1, b)

def prodsumWithFunc(g: Int=> Int, a: Int, b: Int) : Int = {
if(a > b) 0
else g(a) + prodsumWithFunc(g,a+1,b)

def addWithFunc(f: Int=>Int)(a: Int, b: Int) : Int = {
if(a > b) 0
else f(a) + addWithFunc(f)(a+1, b)

object intSumApp{
def main(args: Array[String]){
var is = new intSum()
println(” The value of multisum is ” +is.multiSum(1,1,5))
println(“The value of prodsum is “+is.prodSum(2,1,6))
println(” The value of multisum with func is ” +is.multiSumWithFunc(x=> x+1,1,5))
println(“The value of prodsum with func is “+is.prodsumWithFunc(x=>x*2,1,6))
println(” The value of multisum is ” +is.addWithFunc(x=>x+1) (1,5))
var addf = is.addWithFunc(x=>x+1) _;
println(” The value of multisum is ” +addf(1,5))

Preventing iFrame injection in web app

There is an issue that an malicious attacker can inject iframes within the app so that the iframe can have a source to an external application that is outside of the parent app’s domain.

Ex: Lets consider the app to be hosted at The attacker could inject an iframe that will contain a source to

In this case, we have to prevent any iFrames injected in our app that can point to a domain that is different from ours. To fix this issue, add the following header in the response for each request

X-Frame-Options : SAMEORIGIN

This is done by the following ways in MVC

web.config file




<add name=”X-Frame-Options” value=”SAMEORIGIN” /> </customHeaders> </httpProtocol>


Application Start in Global.asax.cs

protected void Application_Start()
    AntiForgeryConfig.SuppressXFrameOptionsHeader = true;