Hey folks, this is a short but crucial blog post for anyone writing custom middleware for ASP.NET. In this post, we’ll see how we can correctly add headers to an HTTP response and avoid the dreaded System.InvalidOperationException error.
When setting up a custom WebApplicationFactory to allow for testing a REST based API end point you may have the requirement of always needing to send a specific header in with the request. This can be in relation to a specific user agent or an api key etc. depending on the implementation. Adding this into the client in every test can get repeatative so in this post I will show you a way of reducing code duplication.
This post shows how Azure Key Vault certificates can be used with Microsoft.Identity.Web in an ASP.NET Core application which requires a downstream “access_as_user” API. The Azure AD App Registrations requires a certificate instead of a client secret.
如题，今天为大家分享一种基于ASP.NET Core 3.x的端点路由(Endpoint Routing)实现控制器(Controller)和操作(Action)分离的接口服务方案。为什么写这篇文章？为什么控制器(Controller)和操作(Action)分离？这来源由Github上的一个开源ASP.NET Core项目—Ardalis.ApiEndpoints，其中的Readme中描述了为什么要控制器和操作分离，为什么有ApiEndpoints这个项目的出现，引用并总结如下：常规的MVC模式本质上是一种反模式，这种模式集合了许多但...
In this article, we are going to cover how to develop and publish Angular with an ASP.NET Core backend. Single-Page Application (SPA) frameworks like Angular can be configured with ASP.NET Core to facilitate the development and publishing process. This is particularly useful when there is the need to serve the SPA from the .NET Core backend to allow the flexibility for server-side rendering or server-side prerendering.
Reading headers is a standard operation in ASP.NET Core and has been around for ages. I even wrote a post summarizing all methods of passing parameters: ASP.NET Core in .NET 5 – pass parameters to actions. ASP.NET Core introduced handy attributes to handle parameters in controller methods, like [FromQuery] or [FromHeader]. But is there a way to use those attributes and read headers as a custom object? Let’s see.
Up until now, we have learned how to integrate the Angular application with IdentityServer4 and how to retrieve different tokens after successful login action. From these previous articles, we know that the id token is important for the client application because it contains information about the end-user, while the access token is important for the Web API application because we use it to secure calls to the Web API from the client application. That said, in this article, we are going to learn how to use the access token to secure communication between the client application (Angular application) and the Web API application to enable consuming protected resources from the Web API.
Every once in a while you need to add meta functionality without actually changing the business logic code. This might be reporting telemetry, logging, or adding metrics. While necessary, writing this code along with the business logic feels kind of wrong. There's no separation of concerns, it makes the business logic harder to read, and it's prone to bugs.
In the last post, we explored a jumpstart guide to working with a user’s request culture. While localization works out of the box, there seems to be a caveat when it comes to remembering the culture a user prefers. When using the RequestLocalizationMiddleware, we have access to three default providers: Headers, Cookies, and Query String. All of these work as read-only mechanisms, and do not store/remember a user’s language for the duration of their session. In this post, we’ll see what it takes to persist someone’s culture throughout their visit and the steps required to make it work.
Language is a core component of the human condition. According to the Washington Post, at least 50% of the world’s population is bilingual. That’s a fantastic statistic, that means every second user to our application could be bilingual. Sadly, most app implementations do not support multiple languages and could be missing serving an audience. In this post, we’ll be covering the quick steps necessary to localize an ASP.NET Core application to target multiple cultures.
This post falls into the category of stupid developer mistakes that are difficult to track down. In this post I'll discuss a nasty bug I ran into with my code, and which I totally misdiagnosed at first. It refers to an intermittent failure of HTTP requests in a custom middleware component where I would get HTTP errors even though the actual response apparently was received properly.
An introduction to deploying applications with Helm: Deploying ASP.NET Core applications to Kubernetes - Part 3
In this post, I'll show one approach to deploying those resources to a Kubernetes cluster. Most tutorials on Kubernetes show how to deploy resources by passing YAML files to the the kubectl command line tool. This is fine when you're initially getting started with Kubernetes, but it's less useful when you come to deploy your apps in practice. Instead, in this post I describe Helm and discuss some of the benefits it can provide for managing and deploying your applications.
In the several years that I've been developing and teaching Vue, I've tried a lot of different ways to make ASP.NET Core and Vue play nice with each other. One of the strategies that I've seen employed (especially with Angular and React) is the Spa Framework Extensions out of Microsoft. Because Vue didn't work out of the box (or have a template) I dismissed this approach for a long time. Now that the platform has matured and there is an open source extension for Vue, I thought I'd revisit it. Though I still think it's not exactly the right approach. Let's see why.
We’ve come to the most important part of this series – securing sensitive data when working with the configuration in ASP.NET Core. As software developers, we are responsible for the security of the applications we create, and it should be on top of our priorities list all the time. If working in a big team or on a big project, handling sensitive information becomes even more important because we can cause problems for other developers in their development environment. We’ll see a scenario of a potential problem that can happen really easily.
.NET 5 Release Candidate 1 (RC1) is now available and is ready for evaluation. To get started with ASP.NET Core in .NET 5 RC1 install the .NET 5 SDK. .NET RC1 also is included with Visual Studio 2019 16.8 Preview 3.
I read the article from Aram Tchekrekjian, which he goes in great length about techniques to secure a Web API, that is, using a Middleware and using an attribute that uses the IAsyncActionFilter. I would like to add another technique to this list using also an attribute, but one that uses the IAsyncAuthorizationFilter instead. This filter is called earlier in the chain of filters and can stop early a bad request using an invalid API Key. To learn more about filters, check out the documentation. I will use the starter ASP.NET Core 3 API template that comes with dotnet. You can create it through Visual Studio or using the command line dotnet new webapi
In this article, we are going to create a custom configuration provider that reads our configuration from the database. We’ve seen how the default configuration providers work, and now we’re going to implement our own. For the custom configuration provider, we’ll use Entity Framework Core, coupled with the SQLServer database.