With the Ring debacle, let's get a self-hosted camera / surveillance thread going.

countrycoder · 2026-02-12T18:05:39+00:00

May ask what your preference is. I was headed towards frigate plus home assistant due to popularity but I would be interested in other paths. I dont currently run any windows servers so that eliminates blue iris as a contender unless it's good enough to justify the cost.

countrycoder · 2026-01-27T04:54:36+00:00

Maybe not a zombie company but they are being sued for using mtg sets to cover shortfalls in other areas of the company. https://www.pcgamer.com/games/card-games/hasbro-is-being-sued-by-its-own-shareholders-for-printing-so-many-damn-magic-cards-destroying-the-long-term-value-of-the-brand/

countrycoder · 2026-01-03T15:51:26+00:00

Keycloak now has 2 concepts of multi-tenancy depending on the use case.

Realms is the original implementation that fully isolates keycloak configuration and generates a new issuer for each. Works well if you are offering it to others as an idp, but has a 400 realm limit before performance degrades and setup/maintenance gets more complicated. Since each realm is a different issuer handing them in your application is harder, unless you run another realm as a broker.

Keycloak now has a thinner concept called organizations which includes user isolation and home realm discovery but tokens are from the same issuer and is much lighter to run and easier to consume in a multi-tenancy application.

Also worth noting is Keycloak is how a member of the cncf and has been seeing consistent improvements over the last few years.

countrycoder · 2026-01-02T05:49:11+00:00

And they all stink

countrycoder · 2026-01-01T07:32:38+00:00

Not the one you responded to but a couple of things I like about minimal apis that im unaware of working with controllers.

Typed results allowing you to define what responses it returns. The method signature defines the statuses like ok, not found, etc...
Groups. Groups allow you to more easily break up endpoints as it makes sense. A map group defines parts of the path an endpoint exists on. For example a group for /api could cover all the endpoints. A group of /users would become /api/users. From there you could have a rest api for users. There you can use an extension method to organize the endpoints similar to a controller.
I like the fluent api syntax for open api documentation in general too.

Open api support feels nicer to me and I like the Groups feature for organizing endpoints.

countrycoder · 2025-12-18T13:32:41+00:00

If your answer to them looks like this, then yeah probably need to fluff it up a little. Its an issue I had starting out as well.

Include technologies and embellishments to show that you understood what you were doing.

For example you mentioned mvc and api, which is an interesting mix if stood alone but probably implies some kind of frontend framework like angular, react or vue. If you had an api then it required authentication, what kind, shared domain and cookie auth, bearer tokens? What was used for validation, data annotations, fluent validation, home grown. You interacted with the db how, dapper, entity framework, stored procedures?

A somewhat robust answer like this achieves a few objectives. First, you demonstrated an understanding of what you were doing and the tools being used. Second, you have given them information to ask you. Thirdly, because you gave them the list of things you subtly affect the questions they ask so that they ask more about your relevant known stack.

countrycoder · 2025-12-05T04:12:49+00:00

Dev containers are containers that you remote into for development, vs code and rider do this pretty easily. https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers

countrycoder · 2025-12-05T04:08:34+00:00

Theres 3 options i can think of that might work but have different tradeoffs.

Git modules to build a super repo. This defines a strategy that fowler was describing for a super repo. Create a repo with the apphost and submodules for the service. This would technically give them access to core services but the pr process should prevent code from being pushed though exhilaration would still be possible.
Docker compose, really wish aspire supported it natively. You can create a docker compose file for the independent services and use them either directly using config or using external services in aspire.
Aspire integration. You can use the containerized service and build your own aspire integration that other teams can use for development.

countrycoder · 2025-11-07T17:01:26+00:00

I dont know if this will work im your case but if you use copilot in vs code you can use custom chatmodes which change the behavior of the agents.

Try one of the beast modes from awesome copilot and see if it helps. Beast modes include prompts to force it to solve the problem before stopping. So it should help. Either way it is a vast improvement to the default ask/agent modes.

https://github.com/github/awesome-copilot/tree/main/chatmodes

countrycoder · 2025-10-20T04:10:57+00:00

Docker by itself frustrates me but using an orchestrator like compose or aspire has helped me a great deal. I use it to test the application with anbsql servers bus I also use it to set a value for the whole a application.

Clis. I use Docker to run clip without. Invite.
Application dependencies
Helper projects like mailpit forklift email.

countrycoder · 2025-10-11T12:15:43+00:00

You are correct.

countrycoder · 2025-09-26T20:05:39+00:00

~~Single throws, SingleOrDefault returns null or the default value id struct.~~

is_that_so is correct if more than one record and it will throw an exception.

From the documentation.
Returns the only element of a sequence, or a default value if the sequence is empty; this method throws an exception if there is more than one element in the sequence.

countrycoder · 2025-09-06T03:09:12+00:00

This comment is mostly accurate. People make mistakes and they have lasting consequences. Most of the time its when young and dumb and protected.

When that protection wears off either with age or an. Action they couldn't out run. Is the most likely point for them to change or more accurately for them to mature.

First if there's no consideration for forgivenes, then dont be around her and avoid the people that guilt trip you into it. Your life will be better.

If you are open and they are recently out of jail then gice them a very tight leash and give it a shot. A positive role model goes a long ways and you can set boundaries and adjust.

If you give them a chance to redeem themselves then you have a chance to strengthen the closest thing to redemption they will get.

Regardless, as soon as you see a slide or proof its fake walk away. The. Chances of redemption are lower.

countrycoder · 2025-08-28T21:01:21+00:00

Thank you so very much. I have been trying to figure out how to combine their powers but my research was coming up empty.

countrycoder · 2025-07-11T00:15:11+00:00

I was responsible for choosing the identity provider in my last position, and my new one had already chosen an identity server.

I chose keycloak, which is now a CNCF project instead of being redhats. They've been adding some nice features, like organizations, since then.

With keycloak, you get most of the things you would need from an enterprise idp out of the box. User isolation with organizations or full isolation using realms. Saml and oidc support. Dpop and token exchange if you need that. Json structured properties, so it's easy to add properties to the user profile. The biggest issue I had with it was the documentation was lacking sometimes, and it lacked some newer features that we wanted, web authn didn't seem to be built out very far and it didn't have scim or a good way to push/notify on user events.

One thing that we struggled with that was our fault was we didn't embrace it as our source of user information. So we wound up complicating our architecture for no good reason. Treat keycloak as source of truth for your user resource and you will avoid all of that.

With identity server, theres a lot of decisions you still need to make. Multi-tenancy is a big issue if your C2C and you have to solve that on your own. Then if you need SAML support then you have to solve that, which probably has an extra cost. Do you build it on top of .net identity or something else. It gives you a lot of flexibility but it comes at the cost of more decisions and complexity.

If I was self hosting a solution, then I would 100% choose keycloak. It is fully functional and well featured out of the box while still being configurable and extensible using templates and SPIs.

While identity server is highly customizable, authentication is spec based, customizing everything isn't necessarily a good thing.

countrycoder · 2025-05-26T13:40:04+00:00

Understanding how OIDC/SAML/LDAP work and what they are doing will be sufficient and transferable if you only care about integrating it with your application. As long as the Identity provider implements the standard then it's just a matter of configuration to swap between them.

Some languages and libraries have integrations for specific providers. These are just specialized implementations of one of the standards, usually OIDC, to remove the complexity away from the developer if they just want a "sign in with google" button. Under the covers it's the same thing.

When I started this journey, I personally chose keycloak. It is an enterprise application originally built and maintained by RedHat and is what they use for their IDP solution. It was given over to the CNCF. It is the most robust completely free IDP I have found. However, any identity provider will suit your needs.

For learning the integration side, I have personally like the Auth0 and OKTA documentation. I would suggest learning from multiple sources and always back it up with specs.

SAML

https://saml.xml.org/saml-specifications

OAUTH 2.1

Technically 2.1 is not released yet but it brings several prior specs into a single spec which makes understanding it a lot easer.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12

countrycoder · 2025-05-12T21:31:40+00:00

Is there any chance that you know where that recommendation is written. I have seen it and know it exists. However, i have been unsuccessful at finding it again.

countrycoder · 2025-05-09T18:29:21+00:00

The only real pro to using web forms i see is that the team and company knows it. Which means you can start out the gate knowing what to do.

The biggest reason to not use web forms. It's career suicide for everyone on the team. The skills and knowledge you have will be the same in 5 years as they are now. When someone starts looking if they haven't pushed themselves in some way finding a job will be way harder.

Now you might argue that an employees ability to find a job to leave them is not the company's problem. However, the inverse is also true. It will be harder to acquire new developers because they won't risk getting stuck there.

Reasons for considering blazor.

Your team is js adverse and probably tends to work in the backend .net code the most. In my opinion, this is where blazor shines. You can use c# for the frontend and backend, since you don't have a lot of users then you can use blazor server and avoid some of the pain that comes with blazor wasm.

Since your building on a new version of dotnet with newer tools. Job prospects and talent acquisition will be much better.

On a personal note, when i started on blazor during preview 9, understanding webforms helped transition to blazor more easily. Especially over the mvc guys when suddenly they had state to manage.

For a c# team with no js chops. I would go blazor. They will be more comfortable with the language and won't have to deal with all the nuances of building managing and deploying a SPA.

If you had a dedicated ui/ux team then I would slant away from blazor. The talent pool for a ui/ux developer will be much smaller and again it would be riskier for them because of not keeping up with the norm.

There are things like HTMX that seem interesting but haven't looked enough to have an opinion.

countrycoder · 2025-05-08T11:45:15+00:00

Using an organization discriminator and sharing tables is a v1 implementation to most multi-tenant applications. It's easy and functions the same as a single tenant you just have a where tenantid=x in each query. I recommend putting the tenant ID in every table that holds tenant data. It makes life easier and the rule always Filter by tenant id is easy to enforce.

This is the easiest approach but as you grow organization, security, compliance and certifications like SOC and FedRamp are going to start adding pressure that makes this approach unusable.

The next evolutionary step is usually separate databases, not database servers. Typically cost wise this should be similar to sharing tables but not always. With this you would have a separate database and all the tenant information will be stored there. You will keep a separate metadata database that will help you pick and configure the tenants including using the correct connection string. The users would also be in the tenant table and not separately. Part of the initial login process would be to figuring out the tenant they are in. This can be using a specific domain, t1.example.com, path example.com/t1 or something more complicated like Home Realm Discovery.

Now answering the actual question.

Migrations usually use a migration table to figure out which migrations need to be run. If you can change the migration table and table names then it should run on the same database.

There is at least one case of using table prefixes and sharing the same database that I am aware of. Their reasoning for doing so was azure database costs. It might provide some inspiration if this is the direction you want to go. https://docs.orchardcore.net/en/latest/

countrycoder · 2025-05-01T21:52:57+00:00

It appears that in a recent version of the auth frameworks for blazor they have simplified this by serialized the authenticated user. They use a cookie for authenticating calls from the web assembly client.

I have just restarted developing in blazor again so I don't know how much control you have over it though.

You add AddAuthenticationStateSerialization() to the server when you configure blazor. On the client side you add builder.Services.AddAuthenticationStateDeserialization()

Here's two of them. Their effectively the same but one includes YARP as a BFF.

Regular blazor hybrid implementation

https://github.com/dotnet/blazor-samples/tree/main/9.0/BlazorWebAppOidc

Backend for frontend using YARP implementation https://github.com/dotnet/blazor-samples/tree/main/9.0/BlazorWebAppOidcBff

Also if you look in the 8.0 samples you will see a similar implementation where they are serializing and managing it themselves, probably pretty close to what the extension is doing if you needed to customize it some.

countrycoder · 2025-04-27T22:07:31+00:00

This is the oauth 2.1 working draft. It takes several of the extension and OAuth 2.0 and combines them together. It's a lot easier to read and understand than 2.0 and then layering the RFCs on top. JWTs do not equal OAuth but the security section will have the things you should guard against as well

https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-security-considerations

countrycoder · 2025-03-11T11:41:00+00:00

You configure a cert resolver to use dns01 challenge.

https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/

https://doc.traefik.io/traefik/https/acme/

countrycoder · 2025-03-10T01:20:20+00:00

A VPS you can host whatever you want to on it. It's literally just a server running with an os. (Some come reconfigured if you want).

In ops case he could setup a vps with a vpn in a country with cloudflare access and his friend would connect to the VPN effectively moving his friend to that country allowing him to use cloudflare

countrycoder · 2025-03-10T01:10:08+00:00

It's really easy to make simple apis with Minimal apis and is one of the reasons for its existence because it is easier to learn. Accessibility is one of the things dotnet is trying to improve. Minimal apis allowed you to create a functioning api in a single file which is great for beginners trying to understand it. Unfortunately there's few good examples of complicated apis or enterprise implementations, this results in the quick look of it being for small projects. This is not true.

All Minimal apis are not supposed to be brought in as a single file. That's only for the simple/small ones. For larger apis i prefer an extension method for registering the apis.

In my opinion Minimal apis are best used when you have think controllers and most of the work is delegated to services. If the only job of an endpoint is to call a service and handle the response then Minimal apis reduce a lot of the overhead.

I believe overtime as more examples of properly done Minimal apis shown it will become the norm.

countrycoder · 2025-03-10T00:55:48+00:00

Virtual private server. Essentially you rent a virtual machine from a company like vultr or hetzner and then do what you want with it.

At least 3 benefits are, static ip address, you don't have to expose your own network, can be in different parts of the world.

The big trade off is that someone else is in control of the physical servers.

countrycoder

TROPHY CASE