Edit, Compile and Debug .NET on Linux using VS Code

One of the best features of Visual Studio is the ability to launch and debug an application from within the IDE. This is not an uncommon feature nowadays. When running .NET on Linux, however, you can’t use Visual Studio as your IDE. What to do?

The answer is Visual Studio Code, a free IDE that will allow you to edit, compile, launch, and debug your application from within your IDE. This post will guide you through this cycle.

Note: I’m using Red Hat Enterprise Linux (RHEL) as my Linux of choice. You can grab your own free developer’s edition of RHEL and run it in a Virtual Machine (VM) on your Windows box (I’m using Oracle’s VirtualBox).

I’ll also be using the sample application, Music Store, which you can grab from GitHub if you wish to follow along. Of course, this blog is applicable to your own code as well.

If you do follow along with the Music Store app, keep in mind that the .NET Core tooling is currently going through a transition from the project.json/xproj standard to MSBuild/csproj, and the Music Store sample is already updated to the new standard. The tooling version from the official .NET website right now is the 1.0.0-preview2, which is still in the old standard. Therefore, in order to run the sample, you should checkout the branch called rel/1.1.0-preview1, which contains the project.json-based version.

Installing Visual Studio Code (VSCode) is simple; for RHEL, simply download the .rpm file, choose the installation option and follow the prompts.

vscode_installation

Once VSCode is installed, the easiest, and arguably best, way to launch your IDE is to move into the directory with your source code and use the

code .

command.
vscode_launch_IDE

This will open the entire folder, which will appear in a treeview on the left side of your IDE, such as the following. From there you can open any file with one click.

vscode_treeview

Before you go any further, head over to your project.json file and comment out line 61. This line specifies .NET 4.5.1 as a target framework. This version of the framework is Windows-only, and trying to run your project against it on Linux will cause your build/debug process to fail.

You will be prompted to resolve the dependencies listed in your project.json file. Click on ‘Restore’ and the process should only take a few seconds (or minutes, depending on your internet speed).

You will also be prompted to add some assets to your project. Two files, “launch.json” and “tasks.json” need to be added in order to support being able to launch and debug your code. Choose the option to install these assets, and you’re on your way.

vscode_required_assets_prompt

Now that the project is loaded and you’ve added the necessary assets, you can go ahead and launch the web app. To do this, click on the debug icon, then the green arrow to start. Notice the launch configuration selected by default is “.NET Core Launch (web)”, meaning the IDE will open the integrated console window and start the web server.

You should start seeing some feedback from the debugger. Symbols will be loaded and your web server will start logging information back to you. When everything is ready to go, you should see these lines appear on your console:

And a browser window should be launched:

By now, we can set our breakpoints and see the debugger in full action. Click on your project files icon, open up the folder Controllers and the file HomeController.cs. Set a breakpoint on line 28, inside the Index action, and let’s simulate a debugging session on the home page. Now, open up the browser window and refresh the home page to see the breakpoint being hit. Your variables and call stack windows will also light up.

To stop the session, just click on to the red stop icon (or press Shift+F5).

Pretty cool, huh? Happy debugging for you all!


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Getting started with OpenShift Java S2I

Introduction

The OpenShift Java S2I image, which allows you to automatically build and deploy your Java microservices, has just been released and is now publicly available. This article describes how to get started with the Java S2I container image, but first let’s discuss why having a Java S2I image is so important.

Continue reading “Getting started with OpenShift Java S2I”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 


For more information about Red Hat OpenShift and other related topics, visit: OpenShift, OpenShift Online.

OpenShift for Developers: Set Up a Full Cluster in Under 30 Minutes

One of the common questions I get asked by developers is how they can use OpenShift locally for their own development. Luckily, we have a lot of different options and selecting one depends on the specific development environment that you prefer to work with.

For example, if you prefer to have things working in a virtual machine without having to worry too much about the installation, the all-in-one or official CDK is probably what you are after. These two options utilize Vagrant and VirtualBox with a major difference being that the all-in-one uses the open source Origin project and the CDK uses the enterprise version called OpenShift Container Platform.

One of my favorite ways of using OpenShift locally is to use oc cluster up. This is a fantastic tool that I use on a daily basis but I suggest you also take a look at the oc cluster wrapper project that my team codes and supports. The oc cluster wrapper project was created to help developers out a bit further by automating a lot of tasks such as profile management and persistent volumes.

After you play around with OpenShift locally, you will come to the realization that you would enjoy having a 24/7 install of OpenShift that you can publicly host your projects on. This is where a lot of Developers stumble because they aren’t system administrators. For that reason, I took some time to create a video that shows how to install OpenShift Origin 1.4 from start to finish. This means that I create a bare virtual machine, install the operating system, install dependencies (like docker), and then use ansible to install OpenShift. After the install, I then show how to setup wildcard DNS for a public hostname. All in under 30 minutes.

I hope you enjoy the video and using OpenShift Origin 1.4!


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS

Introduction

Enabling SSL/TLS in a Fabric is slightly more complex than securing a jetty in a standalone Karaf container. In the following article, we are providing feedback on the overall process. For clarity and simplification, the article will be divided into two parts.

 

Part1: The Management Console

Part2: Securing Web Service:including gateway-http

 

For the purpose of this PoC, the following environment will be used.

Continue reading “Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS”


Download and learn more about Red Hat JBoss Fuse, an innovative modular, cloud-ready architecture, powerful management and automation, and world class developer productivity. It is Java™ EE 7 certified and features powerful, enterprise-grade features such as high availability clustering, distributed caching, messaging, transactions, and a full web services stack.


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Deliver support for new languages in Eclipse IDE faster with Generic Editor and Language Servers

If you’re a regular on this blog, you’re probably well aware of Red Hat’s efforts in improving the Eclipse IDE and of the rise of Language Servers Protocol to develop common developer tools. Red Hat fully jumped on this opportunity to better factorize and share language-specific logic which is very likely to benefit to multiple editors, IDEs and languages at once. It also better separates the concerns of what an editor or IDE is supposed to do (text edition, integration with SCM, debug and deployment workflows…) with the target language itself. With this approach, a single language server can enable language features to multiple development tools at once, and a single development tool can be made more generic to support new languages for free, just by binding to the language server through the protocol.

Continue reading “Deliver support for new languages in Eclipse IDE faster with Generic Editor and Language Servers”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Working with OpenShift secrets for ASP.NET Core

If you want to use secret configuration which you don’t want to store the code repository during developing ASP.NET Core app, what will you do? ASP.NET Core provides Secret Manager tool. Then how about developing on OpenShift? I’d like to talk about Secret Manager tool and working OpenShift secrets for ASP.NET Core in this blog.

Continue reading “Working with OpenShift secrets for ASP.NET Core”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 


For more information about Red Hat OpenShift and other related topics, visit: OpenShift, OpenShift Online.

November 2016 GNU Toolchain Update

The GNU Toolchain is a collection of  programming tools produced by the GNU Project. The tools are often packaged together due to their common use for developing software applications, operating systems, and low level software for embedded systems.

This blog is part of a regular series covering the latest changes and improvements in the components that make up this Toolchain.  Apart from the announcement of new releases however, the features described here are at the very bleeding edge of software development in the tools.  This does mean that it may be a while before they make it into production releases, although interested parties can always build their own copies of the toolchain in order to try them out.

Continue reading “November 2016 GNU Toolchain Update”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Take advantage of your Red Hat Developers membership and download RHEL today at no cost.

How To Setup Integration & SOA Tooling For JBoss Developer Studio 10

 The release of the latest JBoss Developer Studio (JBDS) brings with it the questions around how to get started with the various JBoss Integration and BPM product tool sets that are not installed out of the box.

In this series of articles we will outline for you how to install each set of tools and explain which products they are supporting. This should help you in making an informed decision about what tooling you might want to install before embarking on your next JBoss integration project.

There are four different software packs that offer tooling for various JBoss integration products:

  1. JBoss Integration and SOA Development
  2. JBoss Data Virtualization Development
  3. JBoss Business Process and Rules Development

    Tooling is available under software updates with early access enabled.
  4. JBoss Fuse Development

This article will outline how to get started with the JBoss integration and SOA development tooling and any of the JBDS 10 series of releases.

Continue reading “How To Setup Integration & SOA Tooling For JBoss Developer Studio 10”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

What is mobile security? What is the mobile security ecosystem?

I was recently introduced to a published draft by the National Institute of Standards and Technology (NIST) from the U.S. Department of Commerce which talks about assessing the threats to mobile devices & infrastructure. The document discusses the Mobile Threat Catalogue which describes, identifies and structures the threats posed to mobile information systems.   This blog summarizes the 50-page document with added context and commentary based on my experience in the mobile industry helping organizations building mobile apps.

More than ever before in today’s connected world, the security and protection of our information has the highest priority. Recent Distributed Denial of Service (DDoS) attacks that brought down the internet were generated with the unauthorized use of the Internet of Things (IoT) devices, proving yet again that security breaches can be crippling. The use of mobile devices continues to grow globally and most organizations now have mobile apps that access mission critical information.   It is then important to have a broader view of the entire mobile security ecosystem and understand everything that involves mobile security. As they say, “information is the most powerful weapon”  – in this case to protect our mobile solutions.

The NIST document outlines a catalog of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security solutions to better protect enterprise information technology (IT). Smartphones and tablets running modern mobile operating systems are the primary targets in this analysis, not IoT devices.

Mobile devices contain integrated hardware components to support a variety of I/O mechanisms and while some of the communication mechanisms are wireless (i.e., cellular, WiFi, Bluetooth, GPS, NFC), they also include physical connectors (i.e., power and synchronization cable, SD cards, SIM cards, etc.). Wireless and wired device communication mechanisms expose the mobile device to a distinct set of threats and must be secured or the overall security of the device or app may be compromised.  [1]

What do we secure?

Since mobile devices can store a lot of data, personal and enterprise data becomes a target, from sensitive information like home address, telephone number, medical information and credit card numbers to authentication information (users & passwords).   Protecting data also means protecting identity as identity theft can be used to gain unauthorized access to information that can then be compromised or stolen.

Mobile Security Ecosystem

Here the Mobile Security Ecosystem relates to general threat categories that need to be reviewed and understood.

Threats to mobile apps can be classified in 2 groups:

  1. Software vulnerabilities to exploit data residing within the mobile app running on the mobile operating system, and
  2. Malicious or privacy-invasive apps that identify malware based threats to damage your device and/or mobile service.

There are different types of authentication mechanisms for mobile apps; authentication access to devices, to remote services, to remote networks, and to enterprise systems. Vulnerabilities in the mobile apps represent a very high risk of compromising sensitive personal or enterprise data. In summary,  mobile app security is about data protection in the mobile app itself.  

Checklist for Securing Mobile Applications

While building mobile apps, the architecture, and design of the app becomes a critical first step for security,  decisions need to be made and best practices need to be followed.  

Here’s a checklist of considerations for the architecture design.

  • Data transfer encryption
  • Data-at-Rest encryption
  • Store on device and/or store on the cloud
  • Data input validation
  • Use of tokens or keys
  • Hashing and salting passwords
  • Authentication and corporate Identity Management Integration
  • Security policies with an Enterprise Mobility Management system (EMM)
  • Need for VPN connectivity
  • Backend integrations (legacy, web services, RESTful APIs, etc.), use only the data you need, do not transfer everything
  • Secure storage in the cloud and on-premise
  • Files permissions
  • Log files and auditing information
  • Plan for penetration tests
  • Government or regulatory compliance
  • Choice of Mobile Application Development Platform features

More information about mobile app development security best practices by major players in the space:

Enterprise Mobility Management

EMM systems are a common way of managing employee mobile devices in an enterprise. They include a combination of mobile device management (MDM) and mobile application management (MAM) functionality. MDM focuses securing and monitoring mobile devices, while MAM focuses on app distribution and controlling user access to apps. The key feature for EMM systems is to deliver mobile policies, such as only allowing a whitelisted set of applications to run, remote data wipe, ensuring a lock screen and disabling certain device peripherals (e.g., camera).  Different vendors offer different sets of policies, it is important to compare and review differences.  These are implemented via SDKs developers have to use while building apps or by a “wrapper” mechanism on built mobile app binaries.

Other sources of vulnerabilities in the mobile ecosystem

Mobile Operating Systems

Vulnerabilities found at mobile operating systems level which are typically addressed by the platform vendors in a form of patch or new release (Android, iOS, Windows). An example of vulnerabilities is Android 2.3 Gingerbread which is no longer supported by Google and has been considered one of the mobile operating system versions with the most malware attacks.

Device Drivers

Plugins provide access to device hardware and other peripheral device functionality that is ordinarily unavailable to web-based apps (i.e.. camera, geolocation, device motion, accelerometer, vibration, battery status).  Apache Cordova plugins are an example of mobile apps using device functionality and a potential security risk, especially when developers create their own plugins or identify a vulnerability on Cordova. Just like the mobile operating systems, Cordova, and similar products report and address security issue, for example, a critical issue identify on Apache Cordova for Android 4.0.2 and 3.7.2 releases.

SD Cards

SD cards are removable memory used to expand the storage capacity of mobile devices to store data such as photos, videos, music, and application data. Similar other media devices in the Laptop/Desktop world,  SD cards can be source of malware and spyware.

SIM Card

This removable hardware is a chip housing the International mobile subscriber identity (IMSI) needed to obtain access to cellular networks, pre-shared cryptographic keys,  the phone number and even contact information.  Every mobile device has a SIM card (3G & 4G) making it the most widely used security token in the world,  still hackers can send properly signed binary SMS (text messages), which downloads Java applets onto the SIM that can access phone number and identity information.  Use of modern SIM cards with the latest cryptography an SMS firewall for selection of binary SMS to trust are recommended to secure SIM Cards.

Mobile carrier infrastructure and interoperability

This relates to the Mobile Operator and includes threats to the base stations, network backhaul, cellular network cores and signaling threats associated with the widely used Signaling System No. 7 (SS7) networks in the mobile networks.  With 4 Generation (4G) mobile networks the move from proprietary networks and protocols to IP-based networks brought a lot of changes, many of the positive from the operation side, but at the same time brought new security risks never seen by Mobile Operators.    There is not much either a mobile app developer or an organization can do at the network infrastructure level to tackle such vulnerabilities, but it is important to be aware of the risks at infrastructure and interoperability level.

There are many more details, a lot more things to learn with regards to mobile app security, an understanding of the ecosystem and the security threats is a good first step to take on building your secured mobile solutions.

[1] http://csrc.nist.gov/publications/drafts/nistir-8144/nistir8144_draft.pdf

Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 

Red Hat Summit, DevNation, and an Application Development call for papers

Red Hat Summit has always catered to multiple user roles and this year will be no different.  What will be different in 2017 is an expanded focus on professional application developers much like DevNation has done in recent years.  As such, we will not be hosting a separate DevNation event alongside Summit 2017. Instead, Summit will include more advanced Application Development sessions, CodeStarters, labs, birds of a feathers, a new “Developer Zone” in the expo area, and much more.
What does this mean for you?
  • Attendees:  Every attendee can now access everything that’s developer-related and at no extra cost.
  • Speakers:  You now have a larger audience to share your application development story, plus you and co-presenters get access to the entire Summit event.
Speakers:  submit your Application Development proposals today!

Continue reading “Red Hat Summit, DevNation, and an Application Development call for papers”


Join Red Hat Developers, a developer program for you to learn, share, and code faster – and get access to Red Hat software for your development.  The developer program and software are both free!

 


More about DevNation:  DevNation 2014 was our inaugural open source, polyglot conference for application developers and maintainers. View some of the DevNation 2015 session recordings here.  DevNation 2016 will be in San Francisco, USA, the week of June 26.  Be sure to follow its status and register at www.devnation.org.