First OSS Pull-Request Accepted

I am very happy to announce that my first OSS pull-request has been accepted by Microsoft ­čÖé


Entity Framework Versus Dapper

Comparison of Dapper Versus EntityFramework

Being authored an authorization server for Multi-Tenant SaaS Applications, one fine day, I was doing application profiling and noticed in profiler, that the context loading was taking more time, rather than rewriting the same in ADO.Net for critical requests that are required to handle data faster, I thought I would opt for Dapper.

Dapper had a simple wrapper over the SQL Connection that takes the Query and the paramters [SQL Paramters for parameterized Query]. I found dapper simple and interesting. Deciding to try out Dapper in a similar environment than replacing in the exising ones, I did a couple of benchmarks of Dapper Versus EntityFramework and the following are the observations.

Method Job Jit Mean Error StdDev Median
GetClientDetailFromDapperDAL_Async LegacyJitX64 LegacyJit 243.2 us 4.817 us 5.354 us 243.8 us
GetClientDetailFromEFDAL_Async LegacyJitX64 LegacyJit 465.5 us 9.258 us 24.390 us 457.1 us
GetClientDetailFromDapperDAL_Async RyuJitX64 RyuJit 237.6 us 2.447 us 2.169 us 237.6 us
GetClientDetailFromEFDAL_Async RyuJitX64 RyuJit 465.6 us 9.022 us 12.940 us 465.1 us

The source code for this analysis will be posted shortly.

Getting started with aspnet Core 1.0

Getting Started with ASP.Net Core 1.0

Today, I got started with the core 1.0. I have been using the .net version 4.6.1. Since, the official release is out, I thought that it may help me in learning and getting accustomed to this model so that I can migrate the code that I work day in and day out to reflect the latest

The following are the steps that I did

1. Downloaded the core 1.0 for windows [Not visual studio one, though I have VS 2015]
2. Installed the Visual Studio Code
3. created a new folder as per mentioned in the microsoft document
mkdir aspnetcore
cd aspnetcore
dotnet new

4. The step3 was completed with a couple of files like project.json and program.cs etc
5. I added the Kestrel Web Server and then registered the same in json file
“Microsoft.AspNetCore.Server.Kestrel”: “1.0.0”,
6. I created a new dummy middleware to test out the OWIN pipeline
app.Run(context =>
return context.Response.WriteAsync(“Hello from ASP.NET Core!”);

7. now i called dotnet build from the same command prompt
8. Then, I need to call dotnet run so that the source code is built and run in a port, typically port # 5000.
9. Things went well. I thought, it was enough for a hello world
10. I had to really create a WebApi and test. I created a new Folder for storing the models, controllers
11. Once the code for the above are done, I am still using VSCode, as expected, there will be build errors when running “dotnet build”
12. I had to add MVC somehow to the project, I guessed it should be within the project.json file, so googled and added
13. Then it seemed that I had to add MVC to the request pipeline so that I can access the above built in Api
14. I tried app.UseMvc() within startup > Configuration as I usually do in the previous versions [No googling done so far]
15. I got the message that AddMvc should be within ConfigureServices and as part of the IServiceCollection
16. Added that and the routes as well
17. Built and ran the app, viola, things were working fine!!!

Got a good start with ASP.Net Core 1.0

Source Code URL :

Preventing iFrame injection in web app

There is an issue that an malicious attacker can inject iframes within the app so that the iframe can have a source to an external application that is outside of the parent app’s domain.

Ex: Lets consider the app to be hosted at The attacker could inject an iframe that will contain a source to

In this case, we have to prevent any iFrames injected in our app that can point to a domain that is different from ours. To fix this issue, add the following header in the response for each request

X-Frame-Options : SAMEORIGIN

This is done by the following ways in MVC

web.config file




<add name=”X-Frame-Options” value=”SAMEORIGIN” /> </customHeaders> </httpProtocol>


Application Start in Global.asax.cs

protected void Application_Start()
    AntiForgeryConfig.SuppressXFrameOptionsHeader = true;

Encrypting parts of web.config file in

In order to encrypt the parts of web.config file, esp: connectionStrings section the following command can be executed

Note down the name of the site in the IIS Web Server [Ex: ConnectionStringEncryptionTest]

Open windows command prompt as an administrator,

Execute the following command

C:\Windows\system32>%systemroot%\system32\inetsrv\APPCMD list site “ConnectionSt
SITE “ConnectionStringEncryptionTest” (id:4,bindings:http/*:99:,state:Started)

CD to the directory where the source code resides, and then execute the following command from a Visual Studio command prompt, again running as “Administrator”

aspnet_regiis.exe -pe "connectionStrings" -app "/" -site "4"

In case of the site being hosted in the default web site, we can use the “-app” parameter alone instead of the -site parameter.





Encryption Note 1


Azure Active Directory OAuth 2.0 Endpoints

The following are the endpoints that will be required for doing authentication using Windows Azure Active Directory