all Technical posts

Out-of-the-box Request Tracking, Simplified HTTP Correlation & JWT Authorization in Arcus Web API v1.0

We've shipped Arcus Web API v1.0 which brings a couple of new features.
Come and take a look at what it has to offer!

Written by
1 July 2020
Stijn Moreels
Tom Kerkhove

Out-of-the-box Request tracking

This new version allows you to track incoming requests by using a new middleware component which is built on top of ILogger.LogRequest (👋 Arcus Observability).

 

public void Configure(IApplicationBuilder app, IWebHostEvironment env)
{
app.UseRequestTracking();
...
app.UseMvc();
}
view raw Blog.Arcus.WebApi.RequestTracking.cs hosted with ❤ by GitHub

 

By default, we do not track the request body but do include most HTTP headers. However, for security reasons we have a default set of headers to omit or obfuscate.

Example:

HTTP Request POST http://localhost:5000/weatherforecast completed with 200 in 00:00:00.0191554 at 03/23/2020 10:12:55 +00:00 - (Context: [Content-Type, application/json], [Body, {"today":"cloudy"}])

As always, we allow you to fully configure it to how you want it to behave by using our fluent options API for UseRequestTracking:

 

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseRequestTracking(options =>
{
// Whether or not the HTTP request body should be included in the request tracking logging emits.
// (default: `false`)
options.IncludeRequestBody = true;
// Whether or not the configured HTTP request headers should be included in the request tracking logging emits.
// (default: `true`)
options.IncludeRequestHeaders = true;
// All omitted HTTP request header names that should always be excluded from the request tracking logging emits.
// (default: `[ "Authentication", "X-Api-Key", "X-ARR-ClientCert" ]`)
options.OmittedRequestHeaderNames.Add("X-My-Secret-Header");
});
...
app.UseMvc();
}
view raw Blog.Arcus.WebApi.RequestTracking.Full.cs hosted with ❤ by GitHub

For more information, see the docs.

 

Making it easier to use HTTP correlation

Up until now it was a bit cumbersome to use HTTP correlation. We have now added an easier way to start using HTTP correlation with Serilog with the following extensions:

 

ublic void ConfigureServices(IServiceCollection services)
{
services.AddHttpCorrelation();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHttpCorrelation();
Log.Logger = new LoggerConfiguration()
.Enrich.WithHttpCorrelationInfo()
.WriteTo.Console()
.CreateLogger();
}
view raw Blog.Arcus.WebApi.HttpCorrelation.cs hosted with ❤ by GitHub

For more information on correlation, see the docs.

 

JWT authorization

As of v1.0, we have renamed our existing AzureManagedIdentityAuthorizationFilter into JwtTokenAuthorizationFilter because we feel it’s broader than just Managed Identity. This component provides a mechanism that uses JWT (JSON Web Tokens) to authorize requests access to the web application.

This authorization process consists of the following parts:

  • Find the OpenID server endpoint to request the correct access token
  • Determine the request header name you want to use where the access token should be available

 

public void ConfigureServices()
{
services.AddMvc(mvcOptions => mvcOptions.Filters.AddJwtTokenAuthorization());
}
view raw Blog.Arcus.WebApi.JwtTokenAuthorization.cs hosted with ❤ by GitHub

For more information, see the docs.

 

Breaking changes

Last but not least, we have simplified our package structure to make it easier to keep track of dependencies.

Here is an overview:

  • Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorization are now consolidated into Arcus.WebApi.Security
  • Arcus.WebApi.Correlation has been moved into Arcus.WebApi.Logging
  • Starting from this version, the different packages Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorizatio have been merged together in Arcus.WebApi.Security.
    The reason for this was that the functionality in both packages is mostly all the time used togehter and doesn’t have much meaning on its own.
  • Starting from this version, we have decided to merge the correlation and logging functionality into a single package: Arcus.WebApi.Logging.
    This for the very reason that both the functionality present in the correlation and logging packages is mostly all the time used together.

Thanks for reading!

Stijn & Tom

Subscribe to our RSS feed

Related articles

Announcing Arcus Observability

Empower your applications with a variety of observability essentials to run operable platforms.

Making Arcus Templates More Powerful

Get started easily for building Web APIs and Azure Service Bus message pumps with Arcus Templates.

Bringing All Updates Together in Arcus.Templates v2.0

The v2.0 release in the Templates library brings all the previously released updates together, making Arcus in its entirety .NET 8 compatible and ready for the future.

Hi there,
how can we help?

Got a project in mind?

Connect with us

Let's talk

Let's talk

Thanks, we'll be in touch soon!

Call us

+32 3 844 31 72 +31 3 0737 0867 +33 1 77 18 16 82 +356 9903 0186 +351 961 62 42 35 +44 12 5696 2260 +32 3 844 31 72

Send blog to my inbox

Invalid email address

Submit

Thanks, we've sent the link to your inbox

Invalid email address

Submit

Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address

Submit

Great you’re on the list!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Great you’re on the list!

Country

Language

Privacy Policy

Terms & Conditions

Whistleblower Policy