This blog post guides the configuration of Serilog for a .NET Core Web API running on an Azure App Service. It covers logging requirements and implementation, including Serilog setup in Program.cs and appsettings.json. It also provides instructions for querying logs in Azure Application Insights and streaming them using Log Stream in Azure App Service.
Continuous Integration and Continuous Deployment with JetBrains Space
The author was tasked with setting up a CI/CD process for a Blazor application using JetBrains Space. They had experience with other tools like Azure DevOps and GitHub Actions but found implementing pipelines in Space challenging. They struggled with creating the necessary automation scripts and host parameters. Despite good documentation, they found the CI/CD features lacking in predefined steps and tasks for standard cases, leading to unnecessary effort. They were also concerned about the exposure of project-wide secrets as plain text in runtime parameters.
[FollowUp] Using Testcontainers in integration tests for ASP.NET Core Web API
The blog post discusses transitioning from SQLite to Testcontainers for .NET to run integration tests for ASP.NET Core applications. The author encountered limitations with SQLite when running complex Linq queries. While alternatives like Mocking, EF Core In-Memory Database Provider, and LocalDB were considered, these were found to be wanting. Instead, Testcontainers was chosen for its simple setup, good documentation, and excellent integration with MSSQL servers. This approach does necessitate Docker being installed and operational on the local development environment.
[HOWTO] Implement integration tests for ASP.NET Core Web API with AntiForgery token validation
The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.
[HOWTO] Implement Azure Functions middleware for authentication purposes
The article discusses how the author implemented middleware to verify payload signatures for webhook calls from Enode, an energy device connection and management platform, using the .NET Azure Functions isolated worker model. The author created a middleware that validates the Enode signature and an Azure Function that consumes the webhook, returning an unauthorized status code if the signature is invalid. The author also noted limitations with .NET integration testing for isolated model .NET Azure Functions.
Serve data as CSV with a ASP.NET Core Web API and consume it in a React application using Axios
The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.
[HOWTO] Integrate SonarCloud analysis in an Azure DevOps YAML pipeline
This post is about the integration of SonarCloud analysis in Azure DevOps YAML pipelines starting from a basic scenario that analyzes a repository containing a .NET Core 7 solution and ending up with a more complex scenario that analyzes a repository that additionally contains a React application and Terraform files.
[NoBrainer] Avoid HTTPS redirection warnings in integration test logs
I recently implemented ASP.NET Core integration tests in a project I am working on. I have followed the official documentation, which was extremely helpful. The system under test (SUT) is an ASP.NET Core Web API (.NET 7) implementing backends for frontends (BFF) pattern. To follow security best practices we enabled HTTPS redirection in all stages... Continue Reading →
[NoBrainer] Avoid detailed JSON deserialization error messages in Web API responses
In a report of a penetration test, a finding was listed that criticized the disclosure of detailed error messages that provide information about the technology used for the implementation. Concretely, the finding was about error messages returned in responses from a .NET Core Web API to requests with an incorrect body. Due to the incorrect... Continue Reading →
[HOWTO] Capture outgoing HTTP requests of .NET 6 Web API using Fiddler Classic
Lately I faced the following challenge. I wanted to analyze the requests sent by a .NET Web API application to the underlying Cosmos DB to get insights about the RU consumption (RU = request units, for more details see here) of the different Cosmos DB operations. Whenever you call Cosmos DB via HTTP API -... Continue Reading →