profile

Kristijan Kralj

The deadliest sin a .NET developer can make

Published 7 months ago • 2 min read

2 weeks ago, I went to sleep at the same time as my 2 kids.
It sounded good on paper:

  1. Fall asleep before 9 PM.
  2. Wake up in the morning full of energy like a young bull.

But in reality?

I couldn’t sleep.

I was tossing and turning in bed like a fish out of water.
I resisted the temptation of using my phone until 10 PM. But then I started to scroll on Reddit.

As I was scrolling, I found this question:

“What are some of the craziest security vulnerabilities you've uncovered?”

And this in particular stood out:

“I can manually create a dummy client that shares the target's email address and … I can use the switch account feature to jump into the target account. From there, the billing information is easily accessible, with the full card number shown and everything.”

Sigh.

Of all the sins a .NET developer can commit, neglecting security is the deadliest.

But it's even worse if you implement everything on your own.

Why?

Because it can hurt the most.

Every mistake you make while building a custom security solution can lead to:

  • Data breaches
  • Financial losses
  • Reputation damage
  • Legal consequences
  • Intellectual property theft

Depending on a company's size, a screw-up related to security can cost the company millions of dollars.

Security is hard. But it’s bloody important.

My recommendation?

Use existing authentication libraries. ASP.NET Identity, Auth0, Azure AD…

Some of the biggest companies and many developers continuously maintain, test, and upgrade them. Those libraries also come with built-in protections against common security attacks.

You benefit in a few ways:

  • Security - Teams who specialize in security develop these libraries.
  • Time - You don’t have to spend weeks building something and covering all edge cases.
  • Compliance - Auth libraries often follow the latest security and compliance standards.
  • Scalability - They can support a growing number of users with little or no issues.

Using proven solutions means you can focus on delivering real business value.

Instead of battling complex security problems.

Enjoy your weekend.

Kristijan


P.S.

The only downside of picking an existing solution?

There are so many of them. And the whole implementation process can be overwhelming.

But even when you turn to Microsoft internal solutions, the documentation doesn’t show you all the steps in an easy, clear, and organized way.

That’s why security is one of the main pillars of the Backend Brilliance: Architect and Build Professional .NET Applications course I’ve recently published.

In fact, there is a whole module dedicated to the Web API security.

Throughout the course, you will gradually build an e-commerce app with the following features:

  • Enhanced product functionality
  • Shopping cart functionality
  • Order checkout
  • User registration and login

But I also cover in the above-mentioned module 3:

  • What is the simplest, and yet feature-powerful auth library you can pick?
  • How to implement authentication and authorization?
  • How to write API tests for protected endpoints that require user registration and login?
  • How to manage user roles and restrict access based on them?
  • What is the easiest and most effective way to prevent one user from accessing another user’s sensitive information?

Read more about the course here: https://www.backendbrilliance.net/


Kristijan Kralj

Helping .NET developers advance their careers by mastering cutting-edge technologies and industry best practices.

Weekly newsletter packed with code-improving tips, tools, and strategies to become a better .NET developer.

Read more from Kristijan Kralj

Lately, I’ve been paying more attention to what’s happening in the AI space. Maybe because of all the hype that surrounds it. Maybe because of the anxiety of whether AI will take my software development job. That's why I’ve decided to spend some spare time during the Xmas holiday to explore the state of AI software development tools. This email combines: My 1+ years of experience using a paid version of GitHub Copilot. 5+ hours of YouTube videos I’ve consumed in the last 2 weeks. So, let’s...

5 months ago • 4 min read

Today's issue is brought to you by the C# 13 and .NET 9 – Modern Cross-Platform Development Fundamentals. Build confidence in creating professional and high-performance web applications using the latest technologies in C# 13 and .NET 9 by Mark Price. Find out more here: C# 13 and .NET 9 Yesterday, We had a company Xmas party. Before dinner at a restaurant, we went to the escape room event. If you are unfamiliar with escape rooms, they're interactive puzzle experiences where you and your...

5 months ago • 4 min read

2 weeks ago, .NET 9 was released. If you haven’t had time to read the official release docs, don’t worry. I spent 1 hour investigating what's new in .NET 9. So you don't have to. Here are the top 10 improvements for C#, ASP.NET Core, and EF Core. 1. LINQ Index LINQ has always been an extremely useful tool for .NET developers. However, with .NET 9, LINQ comes with 3 new methods. Let's begin with the LINQ Index. The Index method places every collection element against its position within that...

6 months ago • 3 min read