Hacker News new | ask | show | jobs
by fm200 1902 days ago
I have to say it, but asp.net and microsoft in general fits very well into my idea of zero-trust per se.

Jokes aside, i dont know that much how is it today, but years ago i had to run some asp.net apps in production, it was a nightmare...
2 comments
gregmac 1902 days ago
There's good and bad apps, like most platforms, and it is comparable to PHP from that perspective. Having worked extensively in both, I'd say the general problem with PHP is it's really easy for a beginner to get started, and just easy to grow a small, simple app into a large, functional-but-awful monstrosity.

ASP.NET is really just a foundation layer for a whole bunch of different web frameworks including WebAPI, MVC, RazorPages, Blazor, WCF and WebForms. I'd blame WebForms in particular for a lot of the bad apps: it basically tries to make the web act like stateful Windows Forms apps (literally with controls that have "server-side events" and maintain state across several HTTP requests). As a result, lots of Windows Forms developers could build apps without actually understanding a lot of the complexity of the web and especially its security implications.

link
TriNetra 1901 days ago
Perfectly put. Btw, ASPSecurityKit supports MVC/web API/ASP.NET Core/ServiceStack, but not web forms!

More info here: https://aspsecuritykit.net/docs/article/introduction/#suppor...

link
thrower123 1902 days ago
I wonder how many WebForms sites have been built new in the past decade?

Probably more than I'd think...

link
abgr-y 1901 days ago
exactly ASP.Net is a much more mature framework right now and web forms seems to be the least preferred option to build apps
link
TriNetra 1902 days ago
Not sure what was the particular issue you faced, but ASP.NET Core has come a long way – you can run .NET Core apps on Linux as well, not to mention the whole thing is open source under DotNet Foundation [0].

0: https://dotnetfoundation.org/

link
sbehlasp 1902 days ago
Is the source code for ASPSecurityKit available for review? Generally enterprises prefer that when it comes to using a security component in a critical production system.
link
TriNetra 1902 days ago
Yes, under business/enterprise plan [0], you'll get access to the complete source code on our private GitHub repository.

0: https://ASPSecurityKit.net/pricing/#enterprise

link