Application Security Testing: An Integral Part of DevOps
By Narendra Bhogavalli
Although Entity Framework (EF) code first provides good tooling for developers to apply migrations from the command line or Package Manager Console, there is no built-in way to monitor migration status directly from an ASP.NET Web site. Also, troubleshooting EF issues, such as context change exceptions, can require multiple steps. The EFMigrationsManagerUI NuGet package provides an easy way to understand a user interface that your deployment and administrative team can use to verify and apply pending migrations directly from your site. Included exception-handling features ensure that users are given a user-friendly maintenance message if migrations need to be applied, instead of the default ASP.NET error pages. Read on to learn how EFMigrationsManagerUI can help your EF migration workflow.
In this article, I'll describe the user interface to deploy and manage Entity Framework migrations for ASP.NET MVC applications.
These days, Entity Framework is most popular ORM in Microsoft technologies. Entity Framework code first provides an abundance of capabilities and advantages for Microsoft developers (I am not covering the Entity Framework advantages in this article). To deploy/rollback the Entity Framework migrations to a database, developers need to know about the Entity Framework commands like update-database. There is no simple built-in user interface to manage migrations such as these:
- Apply migrations
- Roll back migrations
- Find the
- Current migrations applied to database
- Pending migrations needs to apply to the database
- Not everyone on a development team is an expert on managing EF. For instance, some of the team members are experts in UI design or client-side technologies like Angular JS, jQuery, and so forth. If the Entity Framework migrations are not in sync with the database the application will throw a context change error, the Web application will not run in the local/development machine, and the UI designer (take an UI designer, as an example) is unable to work on the Web site until another team member(s) can help the designer to deploy the database.
EFMigrationsManagerUI NuGet Package
To handle the preceding cases, an open-source plug-in called EFMigrationsManagerUI was created to manage Entity Framework migrations through the user interface. This plug-in is hosted at Nuget.org under the MIT license, which will be very helpful to download and integrate in other ASP.NET MVC applications. This is the URL for the EFMigrationsManagerUI NuGet package.
This package source code is hosted in a GitHub repository.
Advantages of the EFMigrationsManagerUI
- With a simple user interface, it's easy to manage all pending migrations or roll back to a previous migration.
- Easy to integrate with ASP.NET MVC Web applications with Windows and forms authentication.
- This user interface is helpful for visually managing migrations, with a quick indication of pending migrations to be applied to the database.
- It is always helpful to test the Web application with a production database copy. As part of this process, QA/UAT/Stage databases will be restored periodically with production backups. Upon database restores, there is a chance that corresponding Web applications could break due to mismatched database context.
- With this tool, upon database restore, administrators can navigate to the Web application and publish the pending migrations with the simple user interface, without waiting for a developer to deploy the database migrations.
- It's easy to integrate database deployments with administrative processes. Upon successful deployment or swap of Stage/Production slots in Azure, navigation to the Web site will auto redirect to the database deployment page for admin users.
- Not everyone in the development team members have expertise on Entity Framework code-first migrations or the Package Manager Console to update/rollback migrations. For instance, some team members have expertise in client-side technologies. This user interface is helpful to development team members for managing migrations even when some of the development team member(s) have no expertise on Entity Framework code-first.
- There's no need to store the SQL connection string in multiple places like Web.config and VSTS build/release configurations for deployment purposes.
No need to share the connection string with different team members to deploy the database migrations in various builds(QA/uat/stage/prod).
Whereas, the EFMigrationManagerUI plug-in reads the connection string in either of the following ways:
- Pass the web.config connection string name
- Pass the connection string
Note: These connection strings can be managed from the Azure Web portal for Azure apps.
An MVC Web application can still use capabilities such as encrypted connection strings or read from Key Vault.
With this tool, the connection string can be maintained in one place such as web.config, Azure Portal, Key Vault, and so on.
EFMigrationsManagerUI Package: Process Flow
Upon successful deployment of the MVC Web application, an admin (administrative/QA/business) user will navigate to the Web application and smoke test the applications quickly or run the unit test cases.
If latest migration was not deployed to the database, depending on the user role, the user will see either one of the following pages.
For admin users (based on the AppSetting entry), the application will auto redirect to the database deployment page, as seen in Figure 1.
Figure 1: The database deployment page
For non-administrative users, the application will redirect to the database maintenance mode page, as seen in Figure 2.
Figure 2: DB maintenance mode
Note: The NuGet package will add the previous views (cshtml files) to the target MVC Project. The user interface look and feel can be changed according to the project standards.
AutoDetect Pending Migrations: Algorithm
By default, when installing the EFMigrationsManagerUI NuGet package, the AutoDetect feature is enabled (see Figure 3).
Figure 3: Checking for the AutoDetect feature
- On page load (OnActionExecuting), the application will verify that the "latest migration was applied to the database" or not.
- If the latest migration was applied, the application will render the content of the user requested page.
- If the latest migration was not applied, the application will check if logged-in user is admin or not.
- If logged-in user is admin, the application will redirect to the EF manage migrations page to update the database.
- If logged-in user is non-admin, the application will redirect to the database maintenance page.
User Interface Pages: Walkthrough
Deploy Pending Migrations Page:
If the "AutoDetect Pending Migration" check is enabled, the application will auto redirect to the following page when the latest migration was not deployed to the database, or the user can navigate to the page with following URL:
Navigation URL: EFMigrationsManager/Publish.
Figure 4: Updating the database
By default, the "Target Migration" drop-down will select the latest migration. Once the user selects the "Target Migration" and clicks the "Apply Migration(s)" button, the screen will show the confirmation message (see Figure 5) and display all the migrations to be applied to the database.
Figure 5: Selecting the target migration
Upon clicking the "Yes" button, the application will deploy the database with pending migration(s).
Clicking the "Show Previous Migration(s)" button will navigate to the "Rollback Migration(s)" page.
Rollback Migrations Page:
Database migration rollback can be done by clicking the "Show Previous Migrations" button on the "Deploy Pending Migrations" page or navigating to the following URL; this will give you will give the capability to roll back the database migration(s): Navigation URL: EFMigrationsManager/Publish?isRollback=True.
Figure 6: Restoring the migration
By default, the "Target Migration" drop-down will select the immediate previous migration before the current migration.
Using "Remove All Migrations" is useful in the following condition(s):
- When application is in the Initial migration state and you want to roll back the current initial migration.
- When you need to roll back all migrations from the database.
Figure 7: Removing all migrations
Clicking Apply Migration(s) will display the confirmation box shown in Figure 8, with a data loss warning message.
Figure 8: Restoring a migration
Clicking the "Yes" button will roll back the selected migration(s). In some cases, there is a chance for data loss when rolling back migrations.
Database Maintenance Page:
This is the static page that will display when the following two conditions are satisfied:
- Entity Framework migrations are not up to date with the database.
- Logged-in user is non-administrator.
Note: If the target MVC application has an existing maintenance page, requests can be redirected to the existing maintenance page from the controller action shown in Figure 9.
In this first article, I've focused mainly on the EFMigrationsManagerUI NuGet package, user interface behaviors, and advantages of the plug-in. In the next article, we'll cover the download and integration of the EFMigrationsManagerUI NuGet package with an ASP.NET MVC Web application and see demos with Windows and forms authentication.
- Entity Framework Code-first to a New Database
- Entity Framework Code-first to an Existing Database
- ASP.NET MVC
- Filtering in ASP.NET MVC
- Integrating applications with Azure Active Directory
- NuGet Package Manager in Visual Studio
- Azure Key Vault
# # #
This article was contributed. ©Codeguru.com. All Rights Reserved