The .NET Stacks #49: 🌟 Is reflection really that bad?
Let's talk about reflection and source generators, IdentityServer template news, and more.
NOTE: This is the web version of my weekly newsletter, which was released on May 10, 2021. To get the issues right away, subscribe at dotnetstacks.com or at the bottom of this post.
Happy Monday! I hope you have a good week. Here's what we have this week:
- Is reflection still valuable?
- IdentityServer templates shipping with .NET 6
- Last week in the .NET world
Is reflection still valuable?
Last Monday, Marc Gravell asked: is the era of reflection-heavy C# libraries at an end? As C# source generators get more popular, developers might be wondering if it might someday replace the idea of reflection (for the unfamiliar, reflection is a way of discovering types at runtime).
Today, unless we're library authors, a lot of reflection is provided to us without us having to care:
This provides a pretty reasonable experience for the consumer; their code just works, and - sure, the library does a lot of work behind the scenes, but the library authors usually invest a decent amount of time into trying to minimize that so you aren’t paying the reflection costs every time.
As the industry has evolved, we've seen how reflection impacts modern applications. For example, we see increased demands on parallel code (async/await), AOT platforms, runtime error discovery, and more. If you're thinking of the cloud, runtime performance matters (especially if you're paying for serverless and execution times).
Imagine you could take your reflection-based analysis code, and inject it way earlier - in the build pipe, so when your library consumer is building their code ... you get given the compiler’s view of the code ... and at that point you had the chance to add your own code ... and have our additional code included in the build ... This solves most of the problems we’ve discussed.
This doesn't mean reflection doesn't have its use cases, and it's so pervasive in the .NET ecosystem it isn't going anywhere anytime soon. Source generators are great for resolving performance headaches with certain reflection use cases like with
GetTypes(). Should we go all-in on source generators, though? Is it worth moving code into a user's app and build processes over developers enjoying the separation?
Here's another consideration: is reflection just getting a bad rap? It can be slow for sure, but the .NET team has noted that performance is improving, and there's a prototype they're working on making 10x faster.
It'll be interesting to see how far the .NET platform pushes on source generators over improving reflection performance. I'm guessing we'll see a little in Column A and a little in Column B. Everything is a tradeoff. Still, it's promising to see source generators shake up decades of thinking reflection is the only way to inspect types dynamically.
IdentityServer templates shipping with .NET 6
Last December, IdentityServer introduced a licensing model (and we talked about it back in issue #20). You'll need to buy a license if your organization makes more than 1M USD/year (I know I have a global audience but believe me, you don't want me converting currency).
This week, Barry Dorrans announced that .NET 6 will continue to ship these templates (using the new RPL-licensed version). I personally applaud Microsoft's decision to continue to support IdentityServer, which is getting pushback from the blog's comments and a super-spicy GitHub issue. A lot of the pushback comes from folks accusing IdentityServer of a "bait and switch"—as if profiting off free open-source software for a decade wasn't enough—and that Microsoft should build it themselves.
As Microsoft has said a bunch of times, and bears repeating:
As stated we are not authentication experts, we have no expertise in writing or maintaining an authentication server. We have a team at Microsoft dedicated to that, and they produce AAD. The .NET team will not be writing production ready authentication servers, both because of the cost in that and because in doing so it's likely we'll cannibalize users from existing open source projects, something the community was very vocal in wanting us not to do when the initial discussions around IdentityServer inclusion was started.
🌎 Last week in the .NET world
We have a lot of great community posts this week.
🔥 The Top 4
- Marc Gravell asks: is the era of reflection-heavy C# libraries at an end?
- Thomas Ardal adds CAPTCHA on form posts with ASP.NET Core.
- Charlin Agramonte wires up a clearable time picker.
- Christopher Gill announces README NuGet package support.
📅 Community and events
- The .NET Foundation provides its March/April update.
- JetBrains .NET Days Online is happening this week.
- The .NET Docs Show talks to Greg Cannon about using .NET to build an e-ink dashboard for home automation.
- In community standups: ASP.NET talks about minimal APIs, Entity Framework discusses triggers, and Xamarin talks single-project architecture.
🕸 Web development
- Michael Shpilt writes about ASP.NET server problems and solutions.
- Khalid Abuhakmeh introduces Razor introduces Razor.
- Chinedu Imoh introduces JSON Web Tokens.
- Kristján Oddsson writes how GitHub uses Web Components.
- The Code Maze blog uses the ProblemDetails class in ASP.NET Core Web API.
- Damien Bowden creates an OIDC credential issuer with Mattr and ASP.NET Core.
- Jan Tattermusch talks about grpc-dotnet.
🥅 The .NET platform
- The Packt blog writes about upgrading existing .NET Apps to .NET 5.
- Maarten Balliauw builds a supply chain attack with .NET, NuGet, DNS, source generators, and more.
⛅ The cloud
- AWS announces the end of support for AWS SDK for .NET version 2 (v2).
- Lily Ma writes about Azure Event Grid, Event Hubs, and Service Bus Library Improvements.
- Daniel Krzyczkowski continues writing about Azure Identity.
- Abhijit Jana gets started with the Azure Web PubSub Service, then creates a messaging app using Azure Web PubSub Service and C#.
- Ian Russell uses alternate ways of creating single-case discriminated unions in F#.
- Peter Vogel writes about value objects in C# 9.
- Patrick Smacchia writes about covariance and contravariance in C#.
- Anthony Giretti makes C# synchronous delegates asynchronous.
- Andrew Lock creates a simple moving average calculator.
- Abhijit Jana writes about Visual Studio going 64-bit.
- Ali Ok writes about Kubernetes configuration patterns.
- Anthony Giretti generates an installation command for VS Code installed extensions, and also writes about Thunder Client, a way for you to work with APIs right in VS Code.
- Sam Basu provides his weekly MAUI update.
- Craig Dunn creates dual-screen apps.
🏗 Design, testing, and best practices
- Derek Comartin unpacks the “event” term.
- Pieter Humphrey writes about the value of serverless data APIs.
- Jon P. Smith writes about evolving modular monoliths.
- On the Software Engineering Podcast, Daniel Roth talks about Blazor.
- Serverless Chats talks about multi-cloud.
- The Azure Podcast talks to David Giard about Azure Media Services.
- Azure Friday talks about the Azure Resource Mover.
- The Xamarin Show builds accessible mobile apps.
- The Visual Studio Toolbox talks about EF Core.
- The DevOps Lab talks about cloud security.
- The On .NET Show talks about tuple pattern matching C#, uses Azure managed identities, and adds machine learning to .NET apps with ML.NET.