.NET R&D Digest (February, 2020)

This year we have one extra day in February, so why not spend it to read some interesting blog posts? Here is a new issue of .NET R&D Digest! Which, besides .NET related topics includes bits of security, software development practices and tooling.

Enjoy your reading!

Software Development Practices

  1. On Pair Programming (by Birgitta Böckeler and Nina Siessegger)
    I think probable all of us have heard about pair programming and … never tried it 🙂 I am not sure why but I think it could be because programming is associated with focus and it may sounds hard to focus when someone sits next to you and pushes buttons on YOUR keyboard 🙂 However this isn’t really a true and in this article Birgitta Böckeler and Nina Siessegger provide a very comprehensive guide of how to do pair programming (styles, planning, physical setup, …, etc.), what benefits you get from (knowledge sharing, …, etc.) it and what challenges you could face. So if you’ve never tried it because you don’t know how to start – this article should definitely help you.

Visual Studio

  1. Decompilation of C# code made easy with Visual Studio (by Mark Downie)
    Getting things done right usually depends on our ability to understand what each part of the system does. That is why an ability to decompile code is so important and being able to do it right in the IDE is super cool (I personally use JetBrains ReSharper for this). In this post Mark Downie explains how new version of Visual Studio will implement decompilation process (you can try it live in latest Visual Studio 2019 Preview).


  1. Policy-based Authorization in ASP.NET Core – A Deep Dive (by Joydip Kanjilal)
    Role based authorization is a well proven authorization approach which perfectly fits into many cases, however sometimes besides a role, we also need to make sure user satisfies addition requirements. In ASP.NET Core this could be achieved with help of policy-based authorization. In this post Joydip Kanjilal explains how policy-based authorization works, how it is differ from role based authorization and what each authorization component (i.e. requirement, …, etc.) is responsible for.
  2. Inserting middleware between UseRouting() and UseEndpoints() as a library author (Part 1, Part 2) (by Andrew Lock)
    As library author you usually want to make sure user will do everything right. Sometimes it is all about creating friendly facade or making your classes easy to use but sometimes you ask user to do something which is critical to be done right. In this small series Andrew Lock investigates how you as library author can control where to place your middleware inside the middleware pipeline without any additional help from a user.
  3. The design and implementation of a better ThreadLocal<T> (by Oren Eini)
    It is always a best practice to use classes and components provided by a framework rather than writing your own. However sometimes they simply don’t feat our concrete use case and here is where custom implementation becomes necessary and beneficial. In this post Oren Eini shares a custom implementation of ThreadLocal<T> which is intended to reduce memory and GC pressure (implementation is available on GitHub). The need for this implementation comes from an implementation details of ThreadLocal<T> class (see this post-mortem analysis) which resulted in huge memory consumption and GC pauses (if you are interesting in some more details you can check this GitHub issue).
  4. Debugging Wednesday at Criteo — Cancel this task! (by Christophe Nasarre and Kevin Gosse)
    Integration Test isn’t working as expected… and only a debugging team can shred some light upon the root cause 🙂 This post is a debugging story by Christophe Nasarre and Kevin Gosse with a twisting plot and handful tricks. Have a nice read!
  5. Another way to use your debugging tools (by Kevin Gosse)
    As developers we are used to debug apps we write or support. However, when it comes to apps we simply use we simply comply to their bugs (or report them), but … there is another way! In this “friday fun” post Kevin Gosse uses his developer’s powers to improve existing application behavior 🙂
  6. Some performance tricks with .NET strings (by Gérald Barré)
    In this post Gérald Barré shares a story of his .NET Core contribution (2x performance speedup) and describes a few interesting string related performance tricks which he learned during the PR review.
  7. “Vulnerabilities” series (by Gérald Barré)
    Each post in this series by Gérald Barré describes one security vulnerability in terms of: general description, code sample (C# / .NET) and how to change your code to protect against it. The first post in the series is dated back to 2012 but don’t be confused by this – the information here is still current.
  8. “Routing” series (by Matthew Jones)
    In this series (five posts at time of publication) Matthew Jones describes different approaches to configure routing in ASP.NET Core 3.0 application including: conventional and attribute routing and routing in Razor Pages. Each post has a detailed description of the approach, route matching examples and a sample project on GitHub.


  1. DebuggingExtensions (by Christophe Nasarre)
    This repository contains several tools (created by Christophe Nasarre and other talented developers at Criteo) for post-mortem analysis of .NET application  in a various ways (starting from WinForms application right to WinDbg extension and dotnet global tools).
  2. TimeZoneConverter (by Matt Johnson-Pint)
    Time zones are tricky and they become even more trickier when it comes to cross platform compatibility. Why? It is simple – time zones are managed by OS and each OS has it’s own “view” on how these time zones should be named or identified. This package by Matt Johnson-Pint implements conversion between IANA, Windows, and Rails time zone names. It also allows you to get instance of TimeZoneInfo in a cross platform way providing time zone identifier in any of the supported formats.
  3. Video.js
    Nowadays HTML5 <video/> tag made it easy to add video player on the web page. However, sometimes you may need more control over the player: skins, video information, localization, …, etc. Video.js is an open source project which supports HTML5 and Flash video, as well as YouTube and Vimeo (through plugins) and works on desktops and mobile devices.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s