C#, .NET, Azure, IaC, DevOps, DevSecOps
This blog post guides the configuration of Serilog for a .NET Core Web API running on an Azure App Service. It covers logging requirements and implementation, including Serilog setup in Program.cs and appsettings.json. It also provides instructions for querying logs in Azure Application Insights and streaming them using Log Stream in Azure App Service.
The author was tasked with setting up a CI/CD process for a Blazor application using JetBrains Space. They had experience with other tools like Azure DevOps and GitHub Actions but found implementing pipelines in Space challenging. They struggled with creating the necessary automation scripts and host parameters. Despite good documentation, they found the CI/CD features lacking in predefined steps and tasks for standard cases, leading to unnecessary effort. They were also concerned about the exposure of project-wide secrets as plain text in runtime parameters.
The blog post discusses transitioning from SQLite to Testcontainers for .NET to run integration tests for ASP.NET Core applications. The author encountered limitations with SQLite when running complex Linq queries. While alternatives like Mocking, EF Core In-Memory Database Provider, and LocalDB were considered, these were found to be wanting. Instead, Testcontainers was chosen for its simple setup, good documentation, and excellent integration with MSSQL servers. This approach does necessitate Docker being installed and operational on the local development environment.
The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.
The article discusses how the author implemented middleware to verify payload signatures for webhook calls from Enode, an energy device connection and management platform, using the .NET Azure Functions isolated worker model. The author created a middleware that validates the Enode signature and an Azure Function that consumes the webhook, returning an unauthorized status code if the signature is invalid. The author also noted limitations with .NET integration testing for isolated model .NET Azure Functions.
The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.
This post is about the integration of SonarCloud analysis in Azure DevOps YAML pipelines starting from a basic scenario that analyzes a repository containing a .NET Core 7 solution and ending up with a more complex scenario that analyzes a repository that additionally contains a React application and Terraform files.
I recently implemented ASP.NET Core integration tests in a project I am working on. I have followed the official documentation, which was extremely helpful. The system under test (SUT) is an ASP.NET Core Web API (.NET 7) implementing backends for frontends (BFF) pattern. To follow security best practices we enabled HTTPS redirection in all stages... Continue Reading →
In a report of a penetration test, a finding was listed that criticized the disclosure of detailed error messages that provide information about the technology used for the implementation. Concretely, the finding was about error messages returned in responses from a .NET Core Web API to requests with an incorrect body. Due to the incorrect... Continue Reading →
Lately I faced the following challenge. I wanted to analyze the requests sent by a .NET Web API application to the underlying Cosmos DB to get insights about the RU consumption (RU = request units, for more details see here) of the different Cosmos DB operations. Whenever you call Cosmos DB via HTTP API -... Continue Reading →
blog.rufer.be 