[HOWTO] Implement integration tests for ASP.NET Core Web API with AntiForgery token validation

A magnifying glass that enlarges a section of a computer monitor showing a bug

The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.

2023-11-13 0

[HOWTO] Implement Azure Functions middleware for authentication purposes

The article discusses how the author implemented middleware to verify payload signatures for webhook calls from Enode, an energy device connection and management platform, using the .NET Azure Functions isolated worker model. The author created a middleware that validates the Enode signature and an Azure Function that consumes the webhook, returning an unauthorized status code if the signature is invalid. The author also noted limitations with .NET integration testing for isolated model .NET Azure Functions.

2023-10-25 1

Serve data as CSV with a ASP.NET Core Web API and consume it in a React application using Axios

The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.

2023-10-11 0

[HOWTO] Integrate SonarCloud analysis in an Azure DevOps YAML pipeline

This post is about the integration of SonarCloud analysis in Azure DevOps YAML pipelines starting from a basic scenario that analyzes a repository containing a .NET Core 7 solution and ending up with a more complex scenario that analyzes a repository that additionally contains a React application and Terraform files.

2023-10-06 3

[NoBrainer] Avoid HTTPS redirection warnings in integration test logs

I recently implemented ASP.NET Core integration tests in a project I am working on. I have followed the official documentation, which was extremely helpful. The system under test (SUT) is an ASP.NET Core Web API (.NET 7) implementing backends for frontends (BFF) pattern. To follow security best practices we enabled HTTPS redirection in all stages... Continue Reading →

2023-06-21 0

[NoBrainer] Avoid detailed JSON deserialization error messages in Web API responses

In a report of a penetration test, a finding was listed that criticized the disclosure of detailed error messages that provide information about the technology used for the implementation. Concretely, the finding was about error messages returned in responses from a .NET Core Web API to requests with an incorrect body. Due to the incorrect... Continue Reading →

2023-06-08 0

[HOWTO] Capture outgoing HTTP requests of .NET 6 Web API using Fiddler Classic

Lately I faced the following challenge. I wanted to analyze the requests sent by a .NET Web API application to the underlying Cosmos DB to get insights about the RU consumption (RU = request units, for more details see here) of the different Cosmos DB operations. Whenever you call Cosmos DB via HTTP API -... Continue Reading →

2023-02-05 0

Website Powered by WordPress.com.

Up ↑

Category: .NET