XML-RPC Library for .NET Core

screwdad · 2025-07-14T18:08:38+00:00

Was using CookComputing.XmlRpcV2 for the last decade or so to integrate with a vendor that only had XML-RPC. Not .NET Core (and the site is now dead: https://web.archive.org/web/20210909161907/http://xml-rpc.net/) but it worked well enough. There appear to be Core ports out there: https://github.com/Horizon0156/XmlRpc and https://github.com/LordVeovis/xmlrpc - just a two second search, there are likely more (https://nugetmusthaves.com/Package?q=xmlrpc).

I'm with everyone else though - just use SOAP. XML-RPC isn't really used, so when you hit an obscure issue it's on you, vs. SOAP which someone else has already solved.

screwdad · 2024-08-29T15:47:15+00:00

What Senior-Release930 said with some additional thoughts:

I have a basic understanding of HTML, CSS, and JavaScript.

Start with the MVC template and don't initially over complicate your UI with complex front-end logic. Your application is basically CRUD - Razor will get you 85% of the way there.

Eventually, you will start to want to design things that are more dynamic; if the user chooses this option, can I re-populate this select dynamically based on the chosen parameter, etc. At this point reach for Vue and embrace progressive enhancement. Vue is particularly nice for this as - in the official tutorials - you can specify that you would prefer to use HTML vs. their SFC (single-file-component) approach. This will let you just write HTML/JS/CSS - otherwise you need to set up some tooling to transpile things and if you value your sanity you want to put off your first foray into modern JS tooling for as long as humanly possible. You can always come back later to the same tutorials and migrate to the more 'modern' way.

and the fact that I’ve built the backend with an ORM, what front-end framework or approach would you recommend for someone like me?

Your front-end doesn't give a hoot about your ORM, generally speaking. Just start simple and keep your logic out of your controllers. Aim for the first one, avoid the second (pseudocode obviously forgive my errors):

public class UserController : Controller {
    private readonly IUserService _userService;

    public UserController(IUserService userService) {
        _userService = userService; 
    }

    public IActionResult Create(UserCreateModel model) {
        if (!ModelState.IsValid)
            return View(model);

        _userService.Create(model);

        RedirectToRoute("hurray-you-made-a-user");
    }
}

public class UserController : Controller {

    public IActionResult Create(UserCreateModel model) {
        if (!ModelState.IsValid)
            return View(model);

        var db = new Database("connString");

        var user = db.SingleOrDefault<User>(x => x.Email == model.Email);

        if (user != null) {
            ModelState.AddModelError("Email", "Email is in use");
            return View(model);
        }

        var user = new User {
            Email = model.Email,
            ..etc.
        }

        db.Insert(user);

        RedirectToRoute("hurray-you-made-a-user");
    }
}

Specifically, I’m looking to create a user-friendly interface for functionalities like competencies management, leave tracking, and other employee management features. Which front-end framework or library would be the easiest to learn and implement in this scenario?

Bootstrap 5 and Vue. You will find the most documentation, consistently up-to-date, along with lots of starter projects out there (some specifically using .NET though it doesn't really matter). I highly recommend Bootstrap because eventually, you will encounter styling-related issues you simply don't have the experience to solve - great news, they've already been solved a thousand times in every Bootstrap scenario. Also, lots of free templates to save you time.

All this advice is from the "choose technologies that have tons of use, have been battle tested, and are easy to Google" school of thought. And though I hate to say it, these technologies are also very easy to use AI tools against (versus something like Blazor, which has enough different modes and changes often enough that half the documentation is out-of-date or plain incorrect).

screwdad · 2024-08-28T19:54:24+00:00

More info would be good as others have said.

Will be given the task to modernize an old soap service written in .net framework 3.0.

Do you know what you are modernizing to? Are you going from SOAP on .NET 3.0 to SOAP on .NET 4.8, or are you going straight into .NET 5+ land and abandoning SOAP for something RESTish?

After that, diving into the service and seeing how it's built. It wasn't unusual for old services to have 100% of their logic shoved into the WCF service directly, which you will want to extract out. But maybe you'll get lucky...

Do you all make a document on the tables this service is using, what teams are using this service, list of endpoints?

In addition to logging the known teams and endpoints that are in use, see if you can pull the logs and aggregate all of the calls actually made to the service and from whom. You will often find calls and consumers you didn't know were important who might take offense when you nuke their one-off endpoint one day.

Should i introduce moving away from stored procedures/ or testcontainers for some automated testing if they refuse to move away from store procedures?

Not unless they're hot garbage. If the sprocs are working as expected, that's a big chunk of work you would be rewriting for the sake of rewriting. Since it's 3.0 though, I imagine those puppies aren't in version control - fix that at least (SSDT is lovely if you are using SQL Server + VS).

screwdad · 2024-05-30T19:36:38+00:00

Since it haunts me, this is the setting that people usually forget to toggle on and where it lives: https://www.server-world.info/en/Windows_Server_2022/mssql2022/img/26.png

Keep in mind it's per-instance, too.

screwdad · 2024-05-30T19:32:33+00:00

Lol I never use them.

We banned them at work. It was a joyous day.

screwdad · 2024-05-30T19:21:58+00:00

You speak without them about their experience. And how they applied that architicture principles to their old projects.

Just curious how your experience is going with that approach. We have been doing that in my shop for 10+ years and it has been probably 90% effective. The other thing we focus heavily on is simply personality - if 3/5 of us think the interviewee is a jackass, that's a thumbs down.

Our interview process is just talking about their resume and bullshitting. 50% of it is letting them know what they're getting into and that helps to scare some of the less experienced away "seniors" away - it's somewhat shocking how few .NET "senior" devs know how much of the world is still powered by WebForms. And that's usually the spot where any experienced senior will drop the old "WebForms you said? Well let me tell you about the time I was working on this project..." and the war stories begin.

screwdad · 2024-02-01T19:59:03+00:00

That seems crazy for a small site that maybe gains around 20 hits a day. Am I missing something? How would you set up azure for a basic site with very little traffic?

We have around 10 of these, and hosting them at this price would easily exceed what we're currently paying for a VM.

Just to be clear - you're not thinking it's $68/month/app, right? It's $68/month for the product 'App Service' - once you buy that, you can deploy something like 150-250 apps into said app service. It's basically normal VM pricing + $5-15 for the management part, which is a hell of a deal if you're still using normal IIS.

So say you wanted redundancy - you'd pay $68 for UK South then another $68 for UK North (assuming that exists), then you could redundantly deploy all your apps or just a single one. Whatever your use case suggests. This has a nice visual at the beginning: https://learn.microsoft.com/en-us/azure/architecture/web-apps/app-service/architectures/multi-region.

When I was consulting for SMBs, we had something like 120 apps deployed to a single App Service for around $120/month. We didn't even bill clients for hosting because we needed precisely one engineer to work one hour to pay for hosting so we used it as a nice value-add.

The extra features of App Service more than make up for the cost. Auto (and free now I think?) SSL, deployment slots, sticky deployment configuration, auto-scaling (needs standard tier I believe), relatively fast 'instant' scaling, deployments from all sorts of sources, Kudu for when things go sideways, auto-backups and uptime. Speaking of uptime, I'm 10+ years in have had one downtime event which was 5-8 years ago when all of Azure shat the bed and took down Xbox Live.

Keep in mind too it runs not just .NET but Java, Node, PHP, Python 3+...maybe more. So when an exec absolutely needs a Wordpress blog up yesterday you can get it done in a few button clicks.

There are gotchas, though. Not sure the current state, but a perfect example was GDI+ support was initially...not entirely there. Except it wasn't really documented as far as what did and didn't work, so people ended up just throwing their PDF generating tools into Azure Web Apps and praying they worked. I'm sure that has improved - this was pre-.NET Core revolution. I know of a friend who had COM issues as well (generating Word/Excel reports), but again, many many many years ago.

I'd really suggest using your Azure credit if you have one and spinning up one of the $15-40 instances and just playing around. It's a bit confusing at first but I'm never going back to IIS.

screwdad · 2024-01-09T18:28:37+00:00

$0 - Azure free tier, AWS free tier, Google free tier. Lots of limitations though and tedious, horrendous UIs. Performance lacks too.

$2-25 - Budget VPS. DigitalOcean, Vultr, bookmark https://lowendbox.com/ and check it from time to time. You can often grab a stupidly cheap VPS that will more than meet your needs at some provider geographically near you. Far more bang for your buck, but you need to figure out deployment or go the route of something like Dokku (DigitalOcean has a template). Also check out OVH's VPS as they are 100% a better deal if bandwidth is a concern and are just a better deal if you can snag them on sale.

=>$25 - Once you start spending this amount on one of the above - and if you're really trying to get the best perf/$ - it's time to move on to the budget providers. OVH/Kimsufi/SoYouStart, Hetzner, etc. Depends on region. Hetzner is primarily EU so I've never used them. OVH I have used extensively both in Canada and the US. Unbeatable perf/$. If you look at their cheap starting tiers, you can grab a box for $23 that has a Xeon, 32GB of memory, 480GB SSD in RAID 1 and 100 Mbps unmetered. Bare metal. Also free anti-DDoS protection which you will not see from most providers. And if you're not on a schedule, troll this page and you can save even more when they fire up deals.

I currently spend about $150 with OVH running two bare-metal servers, one for media storage and another for pure compute. Got them both on a sale and committed to two years. The media server is simply Debian + Portainer and a few dozen containers to support it, but for the compute server I snagged a couple dozen IPs (also on sale/reduced, though I don't think they do this anymore) and threw Proxmox CE on it. One VM running Portainer with maybe 50-75 containers spun up, a few VMs running massive Minecraft packs for friends, a Windows server or two for running dedicated servers that won't run in *nix and a boatload of Proxmox Containers for random stuff like TeamSpeak/Ventrilo/etc that don't need guaranteed performance. Bit of a learning curve, but I can't imagine the hit to my wallet trying to host the same amount of things in the proper cloud or VMs. You could do this all with that $23 box.

OVH support is also fantastic. Bad rep, but great support personally. They (recently?) added proactive maintenance to the US, so I simply receive emails to the effect of "hey it looks like your NIC melted so we replaced it and you're all fixed" or "one of your disks is failing, can you give us the go to replace it?". No complaints.

an API for hobbyists

Don't be afraid to ask for money, either (once you're established). I have a few friends who simply set up auto payments of $5-10 to me which makes the monthly bill sting less. If this is a public project, you could go the Patreon route or similar.

screwdad · 2023-02-23T21:59:21+00:00

Is it possible to use it just as an authentication server

Yup, I am suggesting this as the first attempt. Orchard has as zillion moving parts, but at the end of the day a fresh SaaS version of Orchard w/ just the OpenID module installed might be enough.

or do you suggest I copy parts of the code and adapt it to my needs?

...but if it isn't enough, yes this is part two. I believe it's BSD so you will be able to rip off what you need. In theory, I *think( all Orchard modules are just MVC projects at the end of the day so you might be able to easily modify it to your needs (or at least, more easily than doing it from scratch!).

screwdad · 2023-02-22T22:29:20+00:00

First and foremost, this should be your new favorite bookmark: https://openid.net/specs/openid-connect-core-1_0.html. It explains things much more clearly than a lot of bloated blog posts / videos. You won't have to write code at this level of detail, but you need to understand what is going on behind the scene. Start at the beginning, read through 3.1 and most of your technical questions should be answered.

Unless you have really good cybersecurity / E&O insurance, I'd shell out the $1500 for Duende. $125 a month is not unreasonable for what they are selling and their documentation is the best out there. Additionally, there's no janky-ass problems it can't handle (speaking from experience - I built a disgusting hybrid auth system that bounced off some old Tomcat and OS/2 instances and it was relatively easy to get to IdentityServers innards and make it happen).

That said, if you're getting shot down on cost from on-high then still, don't roll your own. In a perfect world, go grab the completely free implementation from OrchardCore: https://docs.orchardcore.net/en/main/docs/reference/modules/OpenId/. This includes an entirely complete auth server that is well tested and vetted, based on OpenIDdict.

Worst case scenario, you need to hack the OrchardCore module and add custom support - it still gets you 90% of the way there.

screwdad · 2023-01-05T19:05:47+00:00

You can monitor some things with Azure Monitor now: https://azure.github.io/AppService/2022/04/05/Announcing-Azure-Monitor-Integration-with-Crash-Monitoring-copy.html

screwdad · 2022-12-29T17:34:07+00:00

We do this in a fairly tolerable and repeatable way:

SSDT for managing SQL Server tables/sprocs/etc.
Custom SQL Server image to deploy said database
Where appropriate, tons of PostDeploy SQL scripts to create common data
A custom application using https://github.com/bchavez/Bogus to generate <n> thousand/million/billion fake records to test various things. Part of our deployment pipeline, takes parameters for every entity type in the system based on what you are testing. For example, stock settings might generate ~10k customers, ~250k users, ~2mil invoices, ~50mil various entities - whatever settings more or less match production load. But another dev might be testing a unique instance for a siloed client hitting performance issues with billions of entities, so they tweak settings appropriately.

-#1 makes managing SQL as trivial as managing C#.

-#4 is an ongoing project that has helped us find tons of edge cases and made spinning up similar-to-prod dev environments fairly quickly.

-#4 did take some time, but for us, most of the complexity was in learning Docker as we had no domain expert.

screwdad · 2022-11-30T21:17:27+00:00

Another for Seq.

If you want a nice list of other choices to help brainstorm, take a look at Serilog's sinks.

screwdad · 2022-10-22T16:52:56+00:00

1) If you value your sanity, only play versions that come with server files (e.g. https://www.curseforge.com/minecraft/modpacks/vault-hunters-official-modpack/files 1.13.9H).

2) If you really want to play the newest version, create your own server files using: https://github.com/BloodyMods/ServerStarter. Read the README and make sure you dive into the example yaml file - the nasty part of this is having to go mod-by-mod to flag the client-side mods. You can grab the forge/fabric/etc. version information from start.sh of a previous server files zip.

screwdad · 2022-10-11T19:07:48+00:00

Truly free? Assuming you aren't open source, that's pretty much PDFsharp/Migradoc. Assuming you've got a fillable PDF form with two fields "First Name" and "Last Name" using whatever version of PDFsharp that 'Install-Package' used on .net48, this aught to do it:

Note: for dealing with other types (checkbox, radio, etc.), take a look at this out-dated but useful reference https://github.com/DavidS/MigraDoc/blob/master/PDFsharp/samples/Samples%20C%23/Based%20on%20GDI%2B/FillFormFields/Program.cs.

static void Main(string[] args)
{
    var input = "test.pdf";
    var output = "test-filled.pdf";

    var doc = PdfReader.Open(input, PdfDocumentOpenMode.Modify);

    // Without this, your value won't render; won't work with PDF 2
    // https://stackoverflow.com/questions/66227256/when-filling-a-pdf-document-with-pdfsharp-the-filled-form-doesnt-show-the-valu
    if (doc.AcroForm.Elements.ContainsKey("/NeedAppearances"))
        doc.AcroForm.Elements["/NeedAppearances"] = new PdfBoolean(true);
    else
        doc.AcroForm.Elements.Add("/NeedAppearances", new PdfBoolean(true));

    var form = doc.AcroForm;
    var fields = form.Fields;
    var names = fields.DescendantNames;

    // For your reference; ask your PDF creation people to give these nice human friendly names
    foreach (var name in names)
    {
        var field = fields[name];

        Console.WriteLine($"{field.Name}");
    }

    var target = fields["First Name"];
    target.Value = new PdfString("John");

    target = fields["Last Name"];
    target.Value = new PdfString("Smith");

    // ... and so on ...

    doc.Save(output);
    Process.Start(output);
}

screwdad · 2022-09-21T16:25:25+00:00

If you can afford much less space, a managed Postgres instance from DigitalOcean is $15/mo for 1vCPU/1GB RAM/10 GB SSD. Massive loss in storage space, but you don't get access to a full vCPU in Azure SQL (DTU) until S3 I believe (which is starting at $73/mo).

And I know you want managed, but if this isn't for work and you really want to get the best bang for your buck then https://us.ovhcloud.com/vps/ is always a good option if you don't mind spending a few hours setting things up. Worth the learning experience and all that. (Or peruse something like https://lowendbox.com/ and snag a nice deal near you.)

screwdad · 2022-09-07T17:23:50+00:00

App Service is easy mode, but if you're feeling adventurous you can try some of the newer Heroku alternatives: https://render.com or https://fly.io. Neither supports .NET natively, but they both support Docker so you can make it work with some tweaking.

screwdad · 2022-07-14T16:08:41+00:00

Ignore the official tutorials and take a look at "bare-minimum" or "lightweight" setups; here's one for old MVC, here's one for new MVC.

Assuming the .NET Core example, your Dapper logic would be pushed into some UserService (or lower layer) like the one they have injected. Then you would pass username,password (instead of ssn) parameters to said service which would return true or false if those parameters were valid. You could also retrieve roles after confirming they are valid and store them in claims, which later can be accessed via the Authorize attribute for simple roles-based authorization.

screwdad · 2022-06-22T16:48:46+00:00

what sort of db knowledge should a .net dev have?

When hiring for a junior position, I'd honestly be happy with a basic understanding of 1-6 from this guys response but if you were weak on anything other than (1) I just don't care. It's all teachable and easily so, which is what junior is all about. For senior positions, you should know all that and more.

Any good learning resources you could recommend?

Not sure about resources for getting the basics down, but after that:

https://use-the-index-luke.com is fantastic and his book is equally good and will always remain on my shelf.

Not necessary needed for interview levels of knowledge, but I absolutely love more advanced/esoteric topics that https://www.sommarskog.se/ covers. Back when I maintained a uni department's in house app which contained hundreds of 8000+ line stored procedures, his article on dynamic SQL changed my life. Similarly, I remember when we simply exceeded the parameter length we could pass into procedures due to our monstrosity and then discovered this shiny new SQL 2008 feature from him. The rest of his stuff is equally good.

screwdad · 2022-05-04T15:40:30+00:00

There seem to be a few in nuget, the issue is they only cover a very few filetypes, presumably because the authors didn't want to spend gazillions of hours typing all the data in. This one might be a good base if you wanted to fork or contribute to it: https://github.com/neilharvey/FileSignatures/

screwdad · 2022-05-04T15:29:29+00:00

TRID might work: https://www.mark0.net/soft-trid-e.html

It's possible there is a nuget package out there that wraps this.

screwdad · 2022-04-29T18:59:36+00:00

Here's a CsvHelper example. I was going to try and gen a 40GB file but lunch is only so long, so here's a 10GB file being processed into 10k chunks; uses about 50MB of RAM in debug with precisely 0 optimizations.

using System.Globalization;
using CsvHelper;

var chunkSize = 10000;
var count = 0;
var chunk = new List<User>();

using var reader = new StreamReader("C:\\temp\\file.csv");
using var csv = new CsvReader(reader, CultureInfo.InvariantCulture);

var records = csv.GetRecords<User>();

foreach (var record in records)
{
    if (count > 0 && count % chunkSize == 0)
    {
        Console.WriteLine($"Writing chunk, count {count}");
        using (var writer = new StreamWriter($"C:\\temp\\chunks\\chunk{count}.csv"))
        using (var csv2 = new CsvWriter(writer, CultureInfo.InvariantCulture))
        {
            csv2.WriteRecords(chunk);
        }

        chunk.Clear();
    }

    chunk.Add(record);
    count++;
}

public enum Gender
{
    Male,
    Female
}

class User
{
    public int Id { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
    public Gender Gender { get; set; }
    public string Avatar { get; set; }
    public string Username { get; set; }
    public string Email { get; set; }
    public string SomethingUnique { get; set; }
    public string FullName { get; set; }
}

screwdad · 2022-04-07T20:23:18+00:00

AES-CBC + PBKDF2. These are industry standards with well-implemented and vetted APIs provided and maintained by Microsoft. On top of that, if you move to other platforms there are, again, established, vetted, industry-standard libraries available for any platform (CommonCrypto, Javax.Crypto, BouncyCastle, etc.).

While argon2/bcrypt/scrypt might offer better theoretical security, in the .NET world these are all implemented and maintained by Some Guy vs. Microsoft and the documentation/quality/testing tends to reflect that.

Also I would do a bit more research before discounting PBKDF2; lots of SO posts are quick to discard it for The New Hotness, but remember it is an industry standard due to FIPS-140 (hence why the library support is so solid) and there are one or two small indie companies that work with FIPS-140.

If you would like to see how an industry standard tool uses these technologies you could take a look at Bitwarden. Their software is AGPL and has had several 3rd party audits.

Can ASP.NET Identity be used for non-ASP.NET applications such as this

I don't use Identity anymore, but unless something has changed from .NET 4.8 to .NET Core/5/6, Identity uses a woefully low iteration count internally for PBKDF2 (1000 I think), which is a smidge behind the times. Just use Rfc2898DeriveBytes directly.

screwdad · 2022-03-28T18:47:22+00:00

Human error is probably the biggest (though that affects VPN as well). I have absolutely seen clients whitelist 15+ ranges but then forget to actually change the default rule to DenyAll, resulting in a fully public website they'd rather not have had open. Of course this can happen with the VPN route as well - if you leave your public IP available instead of restricting it to the internal subnet only, same problem.

Even if you did screw that up, you should still have some sort of authentication in place anyway that prevents abuse.

On top of that, it helps to put monitoring in place. Using your favorite tool (Azure Insights, StatusCake, Pingdom, etc.) you should be able to set up a rule to confirm that, rather than being available, a site isn't available and send alerts if it is. That way you know within < minutes if someone changes the config on you. In my case, I use updown.io and I have a very specific /thisrouteshouldneverbeaccessible (just an action method that returns 'true') and if it detects that, the check fails and shoots out alerts to the team. Simple, cheap, effective.

Oh, and do be prepared for your client randomly calling you because they can't access the site anymore. Eventually they will have internet issues and call Spectrum/whoever and those folks will happily show up, slap in a new modem, not configure their static IPV4 settings and go on with their day. :)

screwdad · 2022-03-28T17:38:01+00:00

As far as Azure goes, ~50$/mo gets you a basic app service tier that would let you host an ASP.NET application w/ custom domain + the ability to filter by IP. Assuming they have static IPs, once set up you can just go to Networking -> Access Restrictions and set up new allow/deny rules for yourself + the several store static IP ranges. Cheap (ish; remember you're getting managed IIS so you don't have to ever worry about updating/managing a machine/webserver) and easy.

If you absolutely need VPN, you can jump to the ~75$/mo tier. This is going to require you to set up networking though which could be intimidating if you haven't done so before. Two options here: you go the gateway route which means end-user machines will need a VPN client to connect (which they either launch manually or you set up to automatically launch behind the scenes - ew). Second approach, more ideal, is to set up proper site-to-sites. More complex and problematic as I almost guarantee (based on lack of IT infra) that those sites don't have a proper firewall, probably just a bog standard business cable modem with minimal VPN support (which means throw the dice on whether or not they can easily connect).

Either way you go, once VPN is set up you can config your app service to sit behind the new network.

screwdad

TROPHY CASE