Tag

webapi

ASP.NET Core, C#, WebApi

Securing ASP.NET Core WebApi with an API Key

I read the article from Aram Tchekrekjian, which he goes in great length about techniques to secure a Web API, that is, using a Middleware and using an attribute that uses the IAsyncActionFilter. I would like to add another technique to this list using also an attribute, but one that uses the IAsyncAuthorizationFilter instead. This filter is called earlier in the chain of filters and can stop early a bad request using an invalid API Key. To learn more about filters, check out the documentation. I will use the starter ASP.NET Core 3 API template that comes with dotnet. You can create it through Visual Studio or using the command line dotnet new webapi <ProjectName>. In my scenario, I will use a combination…

Read more
September 13, 2020 | by Dominique St-Amand | 1 Comment
Debugging, Tools

Changing requests status codes to test your front-end behaviors

A developer I work with came across an interesting problem where he needed to test the error handling on the front-end side of a SPA without adding extra “hacks” in the APIs that were consumed by the front-end. I helped him with this task, without adding “hacks”, by using Fiddler. Setup Download yourself a copy of Fiddler. Once installed, you need to configure Fiddler to intercept and decrypt HTTPS requests (as I hope your APIs are chatting on HTTPS). To do so, go in Tools -> Options and under the HTTPS tab, check Capture HTTPS CONNECTs and Decrypt HTTPS traffic and select …from browsers only. Accept all the dialogs that come after checking all of those. You will see that…

Read more
May 12, 2020 | by Dominique St-Amand | Leave a comment
C#, WebApi

Testing SignalR in ASP.NET Core with Integration Tests

As promised in my last post, I’m following up on how to test your SignalR hubs in an end to end manner using TestServer. This post is a build up on my last post so if you haven’t read it, go do so now! Setup I have a Hub named ChatHub that has the following method:

My clients all are connected to (listen to) a method to receive messages called  OnMessageReceived. Tests In my test class, I created a method to help me start my connection. If you plan on testing multiple hubs, you may want to move this method to a helper class.

Dom, my Hubs are protected with a Jwt Token… No worries, you can pass your…

Read more
November 4, 2018 | by Dominique St-Amand | 1 Comment
C#, WebApi

Testing a WebAPI in .NET Core with Integration tests

NOTE: This posts targets ASP.NET Core 2.X. If you are looking for ASP.NET Core 3.1, see my repository. I’ve also made a NuGet package for easier consumption. You finished developing your API, and you are ready and eager to push it to production. You then realize that you are missing some tests to make it a real production ready API. Lucky for you, ASP.NET Core 2.X provides us with an In-Memory HTTP Server (TestServer) to help us achieve this. This post aims to help you write end to end tests (e2e) using ASP.NET Core 2.1 (and possibly future versions!) in order to test the flow of your API. Remember that having tests in place, whether they are unit or end to end,…

Read more
October 28, 2018 | by Dominique St-Amand | 6 Comments
C#, Software Architecture, WebApi

Web APIs: The real existential questions

The real existential questions I was talking to my buddy Alexandre about Web APIs and we had a great general discussion on the subject. What he made me realize and what I want to bring up with you guys is that building APIs goes beyond the technical implementation. Sometimes you have to look at things from a higher point of view. He shared with me with the following questions that I found very interesting. How do you project your backend API? How do you protect your core business systems? How do you enforce your IT and business policies? How do you engage with developers? How do you reduce the time-to-first API call? How do you measure their use and impact? Before…

Read more
September 20, 2017 | by Dominique St-Amand | 2 Comments
C#, Web, WebApi

Web APIs: what you should not forget

In today’s day and age, you probably have heard of (REST) Web APIs as the way to consume data over the web. This is especially true with the emergence of microservices. You are probably building, have built or thinking of building a/some Web API(s). You are or may be planning to consume a/some Web API(s). In this post, I want to highlight certain things not to forget, on a technical stand point, when consuming and building Web APIs. Remember that those are just a start. There are multiple resources on the internet to help you adopt good practices. A good one that I recommend is the Microsoft API Implementation guide. TL;DR In building APIs: Versioning Verbs to nouns Status codes overload…

Read more
September 6, 2017 | by Dominique St-Amand | 1 Comment