Tag Archives: DDD EA

OWIN, Katana and ASP.NET vNext: eliminating the pain of IIS

I gave a talk at DDD EA!

Download OWIN, Katana and ASP.NET vNext: eliminating the pain of IIS slides View OWIN, Katana and ASP.NET vNext: eliminating the pain of IIS slides.

Abstract:
I first encountered OWIN when I added SignalR to a legacy ASP.NET MVC app, and had to write a piece of OWIN middleware to get SignalR to play nicely with our legacy authentication.

It was a thoroughly impressive experience, so I built my next greenfield project on OWIN & Katana as a single-page app using static files & Web API, finally ditching IIS for good. The glad tidings continue for Microsoft web developers, with ASP.NET vNext promising even more goodness on the horizon.

There’s a lot of changes coming for those of us working on the .NET web stack, so this talk will show you what things look like today:

  • What are OWIN & Katana, and why you should care
  • What middleware is, as well as why and how you write it
  • The advantages this brings for testing
  • How Helios lets you host on IIS (if you really really really want to)

As well as what’s changing in ASP.NET vNext:

  • How Roslyn comes into play
  • The what and the why of the K runtime
  • Why you should care about the Core CLR
  • What’s shiny about ASP.NET MVC 6

There’s a lot to cover, so we’ll move fast. You’ll come away knowing why and how you should start using this on your own projects.

An Introduction to Security for web apps

I gave a talk at DDD EA!

Abstract:
Designing secure systems is hard. Soon, more and more of us will be working on web apps, and software as a service, so knowing about this stuff matters.

Red Gate is in the process of growing from purely standalone desktop apps into the world of writing software as a service offerings in the cloud.

As part of that journey we’ve been making mistakes and learning as we go.

This session is a nice introduction to security with lots of examples from things that we’ve learnt along our way. It’ll cover the basics of thinking like an attacker, things you might expect your framework to do for you automatically but actually it doesn’t like CSRF vulnerabilities, to proposed “features” that might make the software easier to use and more awesome, but also makes an attacker’s job much easier as well.

Download An Introduction to Security for web apps slides View An Introduction to Security for web apps slides.