Handcrafted, AI-free blog posts about DevOps, DevSecOps, application security, web development, Azure and similar topics
Last week I struggled (again) running ASP.NET Core integration tests for an ASP.NET Core Web API that uses DefaultAzureCredential in a Azure DevOps YAML pipeline. To avoid having to struggle again, I am writing down my findings here. The initial situation There was an existing ASP.NET Core (.NET 8) Web API project that uses DefaultAzureCredential... Continue Reading →
The blog post details the process of rotating secrets stored in Azure Key Vault with each application deployment, utilizing Infrastructure as Code (IaC) principles via Terraform. It emphasizes the importance of secret rotation to minimize risks from leaks. An ASP.NET Core Web API is demonstrated as the application example, alongside procedural GitHub Actions for deployment.
This blog post guides the configuration of Serilog for a .NET Core Web API running on an Azure App Service. It covers logging requirements and implementation, including Serilog setup in Program.cs and appsettings.json. It also provides instructions for querying logs in Azure Application Insights and streaming them using Log Stream in Azure App Service.
The blog post discusses transitioning from SQLite to Testcontainers for .NET to run integration tests for ASP.NET Core applications. The author encountered limitations with SQLite when running complex Linq queries. While alternatives like Mocking, EF Core In-Memory Database Provider, and LocalDB were considered, these were found to be wanting. Instead, Testcontainers was chosen for its simple setup, good documentation, and excellent integration with MSSQL servers. This approach does necessitate Docker being installed and operational on the local development environment.
The author discusses the importance of integration tests in ASP.NET Core Web APIs, citing benefits, such as real-life-like REST requests, serialization and deserialization, server application startup code execution, etc. Furthermore, the Microsoft.AspNetCore.Mvc.Testing library is highlighted. Despite challenges, the author promotes maintaining similarity to production during tests. The text then explores code bases and integration tests. Several sections cover API initialization, authentication configuration, running tests against a Sqlite database, and antiforgery subject. The article concludes by discussing alternative approaches found during the research.
The post discusses the implementation of a CSV export feature in an application with an ASP.NET Core Web API backend and a React frontend. The author used the CsvHelper library for creating the CSV file. The post details the construction and functions of various classes and methods, crucial for successful export. A key mention is the axios for requests and the correct setting of response type.
Recently I faced the following problem: a React (v18.2.0) frontend application that uses axios (v1.3.6) to fetch data from an ASP.NET Core Web API did not behave as expected when it comes to deserialization of JSON datetimes to Typescript type Date.
I recently implemented ASP.NET Core integration tests in a project I am working on. I have followed the official documentation, which was extremely helpful. The system under test (SUT) is an ASP.NET Core Web API (.NET 7) implementing backends for frontends (BFF) pattern. To follow security best practices we enabled HTTPS redirection in all stages... Continue Reading →
In a report of a penetration test, a finding was listed that criticized the disclosure of detailed error messages that provide information about the technology used for the implementation. Concretely, the finding was about error messages returned in responses from a .NET Core Web API to requests with an incorrect body. Due to the incorrect... Continue Reading →
Lately I faced the following challenge. I wanted to analyze the requests sent by a .NET Web API application to the underlying Cosmos DB to get insights about the RU consumption (RU = request units, for more details see here) of the different Cosmos DB operations. Whenever you call Cosmos DB via HTTP API -... Continue Reading →
blog.rufer.be 