Rokstep

I modernize .NET backends without rewriting them.

Most modernizations stall because the alternative to "rewrite from scratch" isn't obvious. I help engineering teams find the seams in their existing .NET code where new patterns can land — incrementally, in production, without big-bang risk.

Book a triage call

Your app compiled clean in Visual Studio 2019. In VS 2022 / .NET 8 it doesn't. Migration looks "obvious in theory" but every dev says "not it." That's where I come in.

What I do

1. I read your codebase and tell you what's blocking the migration.

2-3 weeks, fixed scope, fixed price (quoted after a 30-minute triage call).

You get a written Migration Readiness Review: a 15-25 page report covering dependency inventory with risk-graded migration path per dependency, build system migration plan (packages.config → PackageReference, MSBuild cleanup), code-level blockers with RKS#### diagnostic IDs where Rokstep migration shims apply, effort estimate per component in engineer-weeks, recommended migration sequencing, and one free 60-minute follow-up Q&A call within 30 days of delivery.

2. I do the actual migration.

1-6 months, scoped engagement, hourly billing or fixed-price-per-component.

WCF → gRPC. EF6 → EF Core. ASP.NET MVC → Minimal APIs (or stay on classic if there's a reason). Custom DI containers (Ninject, Castle Windsor, StructureMap, Unity) → Microsoft.Extensions.DependencyInjection. .NET Framework 4.x → .NET 8 (or 9, depending on your timeline). Containerization (Dockerfile + multi-stage build) and CI/CD wiring are included. I commit code to your repo on a branch I own; you review and merge.

3. I do the migration AND clean up the security debt.

Same duration as Tier 2 + 20-30%, scope-priced after assessment.

Every .NET FW 4.x app has 5+ years of accumulated security debt: hardcoded connection strings, expired auth flows (Forms auth, ASP.NET Membership), missing HTTPS enforcement, weak crypto (DES/MD5/SHA-1), unsafe deserialization, SQL injection patterns, missing security headers, vulnerable transitive dependencies. The migration is the right moment to fix all of it. I bundle modern auth (MSAL, OIDC), secrets in Azure Key Vault or AWS Secrets Manager (never in web.config), HTTPS / HSTS / security headers baseline, modern crypto primitives (AES-GCM), dependency vulnerability triage, and security header configuration into the migration engagement. Not compliance certification work (NIS2 / CRA / ISO 27001 / SOC 2 / GDPR DPO) — that's a different specialty I'll happily refer you to. I do the engineering work that makes a future audit pass; I don't do the audit itself.

Book a triage call