There are many legitimate reasons why you'd want to allow your application to share data with other sites, but we don't want to do it in such a way that it allows wide-open access to your API or controller surface area. Often, we have a set of resources we want to share, with a set of origins that we trust to use our site appropriately.

Browsers today do not allow Cross Origin Resource Sharing by default, but because of the way the request-response works, you can enable it on the server where the resource is located. In this video, Monster James explains how to relax the default server policy and enable CORS for trusted origins.

For more information on the security vulnerabilites avoided by disabling CORS by default in the browser, please check out this entry in Wikipedia.

Follow @aspnetmonsters

If you've already got a built-in data store and want to extend your API to a third party service, chances are you'll need a way to let those users call into your application in a secure way. 

In this episode, Monster James dives into a mechanism to create per-user tokens that can easily be revoked or invalidated, while still providing a straightforward way for callers to self-generate the access artifacts they need to use your API.

Note that in broader scenarios something more akin to IdentityServer might be more suitable, allowing different scopes and sets of claims for users who log in through different contexts (web versus API, for example). You can find out more about IdentityServer on GitHub and in a future episode of the Monsters.

Follow @aspnetmonsters

One of the best things about .NET Core is that it is portable to other platform not just for deployment but for development. If you're running on Linux or OSX then you won't have access to the full version of Visual Studio. That might be good or it might be bad depending on your point of view. There are tools in place, however, to help you out if you don't use Visual Studio. One of these tools is Yeoman. 

Yeoman is a templating tool which allows you to generate whole projects or just individual files from templates. Similar to the way you right click add and select a template in visual studio Yeoman is cross platform and it is great.

If you're interested in more information about Yeoman check out these links: 

• http://yeoman.io/ - Home page for Yeoman
• https://github.com/omnisharp/generator-aspnet - Github page for OmniSharp's Yeoman templates

Follow @aspnetmonsters

Have you ever wanted to change the default Bootstrap colors and styling but weren't sure how to do that without making Bootstrap upgrades difficult to manage?

In today's episode, Monster Dave shows us how easy it is to customize Bootstrap and compile it from source using Less and Gulp.

Show Links:

LESS plugin for Gulp -> https://www.npmjs.com/package/gulp-less

Bootstrap -> http://getbootstrap.com/

Follow @aspnetmonsters

The anxiously awaited ASP.NET Core RC2 has finally landed and with it we have a shiny new tag helper to explorer.

In today's video, monster Dave takes us through the new Distributed Cache tag helper and how it differs from the Cache tag helper we explored in Episode 21.

More details available here: http://aspnetmonsters.com/2016/05/2016-05-22-ASP-NET-Core-Distributed-Cache-Tag-Helper/

 Follow @aspnetmonsters

The anxiously awaited ASP.NET Core RC2 has finally landed and with it we have a shiny new tag helper to explorer. In this post we will explore the new Distributed Cache tag helper and how it differs from the already existing Cache tag helper.

In episode 34 the blue monster, Simon, discusses the basics of routing

• Where are routes defined?
• What's the default route?
• How can you add additional parameters to be extracted from the route

For more information about routing  you can checkout 

http://www.codethinked.com/exploring-systemwebrouting

and the soon to be added https://docs.asp.net/en/latest/mvc/controllers/routing.html

Follow @aspnetmonsters

It finally happened! The long awaited ASP.NET Core RC2 has arrived. In today's episode, monsters Simon and Dave discuss RC2 and changes to the File - New Project templage. We also weigh in on the project.json controversy and talk about why some bits are still labeled as "Preview 1".

Follow @aspnetmonsters

When you don't want to make a trip to the database or an external service on each request, caching provides a mechanism to help improve performance and make your site hum along nicely.

In this episode, Monster James configures a simple caching scenario in an ASP.NET Core MVC application and demonstrates how to configure sliding and absolute expiry, along with setting options for cache priority.

Some other videos to help you along with features mentioned in this video:

• Configuration in ASP.NET Core (and this one)
• Logging in ASP.NET Core
• Using the Cache Tag Helper

 Follow @aspnetmonsters

The process for referencing and updating client side packages has changed in ASP.NET Core. Instead of using Nuget for packages like jQuery and Bootstrap, the default project template uses the Bower package manager.

Join Monster Dave as he walks us through using Bower to update to the latest alpha bits Bootstrap 4. We'll cover the Visual Studio tooling and the new Tag Helpers related to referencing JS and CSS files. 

Related Links:

http://bower.io/

http://blog.getbootstrap.com/2015/08/19/bootstrap-4-alpha/

Follow @aspnetmonsters