We will discuss ASP.NET Core IAuthorizationFilter in this article.

What is the Authorization Filter?
The Authorization Filter allows us to apply authorization rules to controllers and actions within our application. Authorization Filters in ASP.NET Core are responsible for checking whether a user is allowed to perform an action or access a resource. These filters run before the action method is executed, ensuring the user has permission to access the method.

Authorization filters are executed after the routing but before model binding and other action filters. If the authorization fails (e.g., the user does not have the required permissions), the filter short-circuits the request, and the action method does not execute.
IAuthorizationFilter

In ASP.NET Core, IAuthorizationFilter is an interface that allows you to perform authorization checks on an action or a controller before the action executes. Implementing this interface gives you the ability to enforce security and authorization rules within your application.

Advantages of IAuthorizationFilter

• Centralized Authorization Logic: By using filters, you can centralize your authorization logic, making it easier to maintain and manage. You can apply the same filter to multiple controllers or actions.
• Separation of Concerns: Filters support the separation of concerns in your application. They promote clean architecture by isolating authorization logic from business logic.
• Flexibility: Since filters can be applied at the action or controller level, you have the flexibility to handle different authorization requirements for different endpoints easily.
• Access to Action Context: The `IAuthorizationFilter` provides access to the `ActionExecutingContext`, which contains information about the current request, the action is executed, and route data. This allows for dynamic authorization checks based on the context.
• Built-in to ASP.NET Core: It is part of the ASP.NET Core framework, which means it is well-integrated with the rest of the framework and benefits from the built-in dependency injection features.
• Chain of Responsibility: Multiple filters can be applied to a single action. This allows for a chain of responsibility pattern, where different filters can be called in a defined order.

Disadvantages of IAuthorizationFilter

• Performance Impact: If your authorization logic involves heavy or synchronous operations (like database calls), it can slow down request processing. This is critical if the logic is not optimized or you make external calls during authorization checks.
• Complexity in Conditional Logic: Complex authorization requirements that depend on various conditions may lead to complicated filter implementations, making it harder to read and maintain.
• Limited to Action Execution: Authorization filters are only executed before the action method is called. You cannot use them to enforce rules after action execution, such as in the response pipeline.
• Difficulty in Testing: If your authorization logic is embedded within the filters, unit testing may become more complex since you'll need to mock the entire filter environment.

Example

public class CustomAuthorizationFilter : IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        // Implement your authorization logic here
        var user = context.HttpContext.User;

        if (!user.Identity.IsAuthenticated)
        {
            // User is not authenticated, return a 403 Forbidden response
            context.Result = new ForbidResult();
        }
    }
}

// Register the filter in Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllers(options =>
    {
        options.Filters.Add<CustomAuthorizationFilter>();
    });
}

// Above .net 6

builder.Services.AddScoped<CustomAuthorizationFilter>();

[ApiController]
[Route("[controller]")]
[ServiceFilter(typeof(CustomAuthorizationFilter))]
public class HomeController : ControllerBase
{
    [HttpGet]
    public IActionResult GetAuthorized()
    {
        return Ok("You are authorized!");
    }
}

Serialization is the process of transforming an item into a format (XML, JSON, SOAP, or binary) that is suitable for easy storage or transmission. The opposite procedure, known as deserialization, transforms the serialized data back into an object.

Types of Serialization Process

• XML Serialization
• JSON Serialization
• Binary Serialization
• SOAP Serialization

1. XML Serialization
XML serialization in .NET involves the process of transforming an object into an XML format, which facilitates easy storage, transfer, or sharing across different systems. In contrast to binary or SOAP serialization, XML serialization primarily focuses on the public fields and properties of an object, thereby providing a more straightforward and transparent method for data representation.

Features

• Transform an object into XML format.
• The predominant form of serialization is utilized for interoperability.
• Public properties and fields undergo serialization, while private ones remain excluded.
• Frequently employed in web services, configuration files, and for storage that is easily readable by humans.

Step 1. Create a class for XML serialization like the one below.
EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the class EmployeeDetails.cs and save it according to the specified path.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the XML file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location
    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }
    private void XmlSerialization_Click(object sender, RoutedEventArgs e)
    {
        // Create the XmlSerializer for the EmployeeDetails type
        XmlSerializer serializer = new XmlSerializer(typeof(EmployeeDetails));
        // Serialize the object to the specified location
        using (StreamWriter writer = new StreamWriter(Path.Combine(filePath, "Employee.xml")))
        {
            serializer.Serialize(writer, employee);
        }
    }
}Step 3. DeSerialize the class EmployeeDetails.cs like below.
private void XmlDESerialization_Click(object sender, RoutedEventArgs e)
{
    XmlSerializer serializer = new XmlSerializer(typeof(EmployeeDetails));
    using (StreamReader reader = new StreamReader(Path.Combine(filePath, "Employee.xml")))
    {
        EmployeeDetails employeeDetails = (EmployeeDetails)serializer.Deserialize(reader);
        MessageBox.Show($"Name: {employeeDetails.Name}, Age: {employeeDetails.Age}, Address: {employeeDetails.Address}, EmployeeType: {employeeDetails.EmployeeType}, Hobbies: {employeeDetails.Hobbies}");
    }
}

2. JSON Serialization
In C#, JSON serialization is the process of transforming an object into a JSON string, while deserialization involves converting a JSON string back into an object. The System.Text.Json or Newtonsoft.Json libraries can be utilized for these operations.Features

• Transform an object into JSON format.
• It is commonly utilized for web APIs, configuration files, and efficient data storage.
• JSON serialization is supported by both the System.Text.Json and Newtonsoft.Json libraries.

Step 1. Create a class for JSON serialization like the one below.
EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the EmployeeDetails.cs class into JSON format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the json file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location

    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }

    private void JsonSerialization_Click(object sender, RoutedEventArgs e)
    {
        string jsonString = JsonConvert.SerializeObject(employee, Formatting.Indented);
        File.WriteAllText(Path.Combine(filePath, "Employee.json"), jsonString);
        Debug.WriteLine("Object serialized to employee.json");
    }

    private void JsonDESerialization_Click(object sender, RoutedEventArgs e)
    {
        string jsonString = File.ReadAllText(Path.Combine(filePath, "Employee.json"));
        EmployeeDetails employee = JsonConvert.DeserializeObject<EmployeeDetails>(jsonString);
        MessageBox.Show($"Name: {employee.Name}, Age: {employee.Age}, Address: {employee.Address}, EmployeeType: {employee.EmployeeType}, Hobbies: {employee.Hobbies}");
    }
}

3. Binary Serialization
Binary serialization refers to the method of transforming an object into a binary format, enabling it to be saved in a file, transmitted across a network, or exchanged between applications. After the object has been serialized into binary, it can subsequently be deserialized, restoring it to its original state.

Features

• Transform an object into a binary representation.
• Optimized for size, though not easily interpretable by humans.
• It necessitates that the object is annotated with the [Serializable] attribute.
• Frequently employed for saving objects to storage or for communication between applications.

Step 1. Create a class for Binary serialization like the one below.EmployeeDetails.cs
[Serializable]
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 2. Serialize the EmployeeDetails.cs class in binary format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;

    // Specify the file path where the Binary file will be saved
    string filePath = @"C:\Users\Peter\Desktop\Peter\SerailizedPath\";  // Change this to your desired location

    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }

    [Obsolete]
    private void BinarySerialization_Click(object sender, RoutedEventArgs e)
    {
        BinaryFormatter formatter = new BinaryFormatter();

        using (FileStream stream = new FileStream(Path.Combine(filePath, "Employee.dat"), FileMode.Create))
        {
            formatter.Serialize(stream, employee);
        }

        Debug.WriteLine("Object serialized to employee.dat");
    }
}

Step 3. DeSerialize the class EmployeeDetails.cs like below.
[Obsolete]
private void BinaryDESerialization_Click(object sender, RoutedEventArgs e)
{
    BinaryFormatter formatter = new BinaryFormatter();
    using (FileStream stream = new FileStream(Path.Combine(filePath, "employee.dat"), FileMode.Open))
    {
        EmployeeDetails person = (EmployeeDetails)formatter.Deserialize(stream);
        MessageBox.Show($"Name: {person.Name}, Age: {person.Age}, Address: {person.Address}, EmployeeType: {person.EmployeeType}, Hobbies: {person.Hobbies}");
    }
}

4. SOAP Serialization
It refers to the method of transforming an object into the XML format defined by the Simple Object Access Protocol (SOAP), facilitating its transmission across a network, particularly within web services. While SOAP was widely utilized in earlier web service architectures, its prevalence has diminished in recent years, largely due to the increasing adoption of RESTful APIs and JSON serialization.

Features

• Utilizes the SOAP (Simple Object Access Protocol) format.
• Traditionally employed in web services.

Step 1. Add the “SoapFormatter” Nuget package as shown below.

Step 2. Create a class for soap serialization like the one below.

EmployeeDetails.cs
public class EmployeeDetails
{
    public string Name { get; set; }
    public int Age { get; set; }
    public string Address { get; set; }
    public string Hobbies { get; set; }
    public string EmployeeType { get; set; }
}

Step 3. Serialize the EmployeeDetails.cs class into Soap format and save it to the specified location based on your requirements.
public partial class MainWindow : Window
{
    EmployeeDetails employee;
    // Specify the file path where the Soap file will be saved
    string filePath = @"C:\Users\peter\Desktop\Peter\SerailizedPath\"; // Change this to your desired location
    public MainWindow()
    {
        InitializeComponent();
        employee = new EmployeeDetails
        {
            Name = "Peter",
            Age = 30,
            Address = "London",
            EmployeeType = "Permanent",
            Hobbies = "Cricket"
        };
    }
    private void SoapSerialization_Click(object sender, RoutedEventArgs e)
    {
        SoapFormatter formatter = new SoapFormatter();
        using (FileStream stream = new FileStream(Path.Combine(filePath, "Employee.soap"), FileMode.Create))
        {
            formatter.Serialize(stream, employee);
        }
        Debug.WriteLine("Object serialized to employee.soap");
    }
}

Step 4. DeSerialize the class EmployeeDetails.cs like below.
private void SoapDESerialization_Click(object sender, RoutedEventArgs e)
{
    SoapFormatter formatter = new SoapFormatter();
    using (FileStream stream = new FileStream(Path.Combine(filePath, "employee.soap"), FileMode.Open))
    {
        EmployeeDetails person = (EmployeeDetails)formatter.Deserialize(stream);
        MessageBox.Show($"Name: {person.Name}, Age: {person.Age}, Address: {person.Address}, EmployeeType: {person.EmployeeType}, Hobbies: {person.Hobbies}");
    }
}

Note. The results of all the aforementioned formats can be observed by executing the application as demonstrated below. Various serialization methods cater to distinct use cases influenced by requirements for performance, interoperability, and readability.

Serialization methods

We'll be using SQL SMO(SQL Management Objects).

First of All, you need to add a reference to the Microsoft.SqlServer.smo.dll file which is located in.

• For 64-bit Windows 7:[Your drive]:\Program Files (x86)\Microsoft SQL Server\100\SDK\Assemblies\Microsoft.SqlServer.Smo.dll.
• For 32-bit Windows 7:[Your drive]:\Program Files\Microsoft SQL Server\100\SDK\Assemblies\Microsoft.SqlServer.Smo.dll.

Now that we've added it to our project, we can start coding!

Add a ListBox control to your project.
DataTable dataTable = SmoApplication.EnumAvailableSqlServers(true);
listBox1.ValueMember = "Name";
listBox1.DataSource = dataTable;

By running this code alone,you'll get all the available sql servers inside your listbox control.

Ok, let's develop it further. Let's see what databases our instances have. So to do this, you need to add another ListBox.Then in your listbox1's selectedindexchanged event, you need to check which server selected. So you need to create a server object first.

After this, you'll iterate through this server to populate all the databases in the newly created Listbox.

Here is the code to do that.
listBox2.Items.Clear();
if (listBox1.SelectedIndex != -1) {
    string serverName = listBox1.SelectedValue.ToString();
    Server server = new Server(serverName);
    try {
        foreach (Database database in server.Databases) {
            listBox2.Items.Add(database.Name);
        }
    } catch (Exception ex) {
        string exception = ex.Message;
    }
}

After we run the project we'll be getting our Databases.

Hope it helps!

We'll attempt to use custom middleware to alter HttpResponse in this post. After developing custom middleware, we will alter the response. The middleware will alter the HttpResponse each time the request is returned to the client.

public class CustomResponseMiddleWare
{
    private readonly RequestDelegate _next;
    public CustomResponseMiddleWare(RequestDelegate next)
    {
        _next = next;
    }
    public async Task InvokeAsync(HttpContext context)
    {
        context.Response.Headers["CustomHeader"] = "This middleware added by Peter";
        await _next(context);
    }
}

We have created custom middleware and added a new header at the invoke method.

Program.cs
using SampleHttpResponseModify;

var builder = WebApplication.CreateBuilder(args);
// Add services to the container
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Use custom middleware
app.UseMiddleware<CustomResponseMiddleWare>();
// Configure the HTTP request pipeline
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();

Register middleware at the program. cs.
app.UseMiddleware<CustomResponseMiddleWare>();

When we ran the application and inspected it, we found a custom-added header in the response.Now let us try to modify the Http header when a particular API is called.
Consider i want to add an extra header when we call weather API only then do we have to add condition on middleware like below.
public class CustomResponseMiddleWare
{
    private readonly RequestDelegate _next;
    public CustomResponseMiddleWare(RequestDelegate next)
    {
        _next = next;
    }
    public async Task InvokeAsync(HttpContext context)
    {
        context.Response.Headers["CustomHeader"] = "This middleware added by Peter";
        if (context.Request.Path.Value == "/WeatherForecast")
        {
            context.Response.Headers["CustomeHeadernparticularRequest"] = "This is header added when this path found";
        }
        await _next(context);
    }
}

We have added the below condition only, so if the below path is found then only add an extra header.
if (context.Request.Path.Value == "/WeatherForecast")
{
    context.Response.Headers["CustomeHeadernparticularRequest"] = "This is header added when this path found";
}

Response on WeatherForcast API. We can see the additional header is coming.

Another learning point here is a sequence of middleware in the program.cs. If we move the position of UseMiddleware then we will find that this middleware is not calling due to incorrect positions or order of middleware.

Conclusion
We have learned about how to modify http headers using custom middleware. Keep learning and Keep Enjoying.

Load balancing is essential in distributed systems and web applications to ensure that traffic is efficiently distributed across multiple servers or resources.

Reverse Proxy
A reverse proxy is a server that sits between client devices (e.g., browsers) and the backend servers, forwarding client requests to the appropriate server and then returning the server's response to the client.

Sticky Sessions
Sticky sessions (also known as Session Affinity) in YARP is a feature that ensures requests from a particular client are always routed to the same backend server. This is particularly important for applications that rely on server-side session data, such as when storing user state or authentication information in memory on specific servers.

YARP(Yet Another Reverse Proxy) Setup
create a new ASP.NET Core web appliLoad balancing is essential in distributed systems and web applications to ensure that traffic is efficiently distributed across multiple servers or resources.

Reverse Proxy
A reverse proxy is a server that sits between client devices (e.g., browsers) and the backend servers, forwarding client requests to the appropriate server and then returning the server's response to the client.

Sticky Sessions
Sticky sessions (also known as Session Affinity) in YARP is a feature that ensures requests from a particular client are always routed to the same backend server. This is particularly important for applications that rely on server-side session data, such as when storing user state or authentication information in memory on specific servers.

YARP(Yet Another Reverse Proxy) Setup

• create a new ASP.NET Core web application
• Install the Yarp.ReverseProxy NuGet package

Program.cs
var builder = WebApplication.CreateBuilder(args);

builder.Services.AddReverseProxy().LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));

var app = builder.Build();
app.MapReverseProxy();

app.Run();

appsettings.json
{
  "ReverseProxy": {
    "Routes": {
      "api-route": {
        "ClusterId": "api-cluster",
        "Match": {
          "Path": "{**catch-all}"
        },
        "Transforms": [
          { "PathPattern": "{**catch-all}" }
        ]
      }
    },
    "Clusters": {
      "api-cluster": {
        "SessionAffinity": {
          "Enabled": "true",
          "AffinityKeyName": "Key1",
          "Cookie": {
            "Domain": "localhost",
            "Expiration": "03:00:00",
            "IsEssential": true,
            "MaxAge": "1.00:00:00",
            "SameSite": "Strict",
            "SecurePolicy": "Always"
          }
        },
          "LoadBalancingPolicy": "RoundRobin",
          "Destinations": {
            "destination1": {
              "Address": "https://localhost:7106"
            },
            "destination2": {
              "Address": "https://localhost:7107"
            }
          }
        }
      }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Destination Address: The destination address should point to the base URL of your hosted web application.

Output
Here is the console output of round-robin policy.

Load balancer

Summary
Load balancing helps in improving the scalability, performance, availability, and security of web applications and services.

Web pages are prohibited from sending requests to a domain other than the one that provided them thanks to a security feature called Cross-Origin Resource Sharing, or CORS. Building safe and useful apps in modern web development requires knowing how to properly implement CORS, especially when utilizing Angular as a front-end framework and.NET Core 8 as a backend. The best practices and typical pitfalls for configuring CORS in a.NET Core 8 environment are described in this article.

Assume you have a friend who lives next door (another website) and a toy box at home (your website). Your mom (the browser) has a rule that states your friend can only play with their own toys. Your friend wants to play with your toys (data) in your toy box. This is to ensure that everything is secure and safe. Assume that your friend's website is funfriend.com and that yours is mycooltoys.com. CORS checks are performed if funfriend.com requests to borrow a toy from mycooltoys.com.

• Is funfriend.com allowed to borrow toys from mycooltoys.com?
• Did they follow the rules about how to ask?
• If everything is good, then your friend can borrow the toy!

Setting Up CORS in .NET Core 8

• Install Necessary Packages: If you haven't already, ensure you have the required .NET Core packages installed. In most cases, the default setup will suffice, but you can install any specific CORS libraries if needed.
• Configure CORS in Startup: In .NET Core 8, the configuration of CORS is typically done in the Program.cs file. Here’s a simple setup.

    var builder = WebApplication.CreateBuilder(args);
    // Add CORS services
    builder.Services.AddCors(options =>
    {
        options.AddPolicy("AllowAngularApp",
            builder => builder.WithOrigins("https://your-angular-app.com")
                              .AllowAnyMethod()
                              .AllowAnyHeader()
                              .AllowCredentials());
    });
    var app = builder.Build();
    // Use CORS policy
    app.UseCors("AllowAngularApp");
    app.MapControllers();
    app.Run();

• Allowing Specific Origins: For production environments, it’s crucial to specify the exact origin rather than using AllowAnyOrigin(), which is a common pitfall. Limiting allowed origins enhances security.

options.AddPolicy("AllowAngularApp",
    builder => builder.WithOrigins("https://your-angular-app.com")
                      .AllowAnyMethod()
                      .AllowAnyHeader());

• Handling Preflight Requests: Ensure your server can handle preflight requests. These are OPTIONS requests sent by browsers to check permissions. By enabling CORS and handling these requests, you ensure that your application can respond correctly.
• Allow Credentials: If your Angular application needs to send cookies or HTTP authentication information, you need to set AllowCredentials() in your CORS policy. Be cautious with this feature, as it requires that the origin is explicitly specified and cannot be set to AllowAnyOrigin().

Advanced CORS Configuration

• Customizing Allowed Methods: You can customize allowed methods if your API uses specific HTTP methods.

    options.AddPolicy("AllowAngularApp",
        builder => builder.WithOrigins("https://your-angular-app.com")
                          .WithMethods("GET", "POST", "PUT", "DELETE")
                          .AllowAnyHeader()
                          .AllowCredentials());

Setting Exposed Headers: If your API returns custom headers that the client needs to access, specify these using WithExposedHeaders.

options.AddPolicy("AllowAngularApp",
    builder => builder.WithOrigins("https://your-angular-app.com")
                      .AllowAnyMethod()
                      .AllowAnyHeader()
                      .WithExposedHeaders("X-Custom-Header")
                      .AllowCredentials());

Logging CORS Requests: For debugging purposes, you can log CORS requests to track any issues that arise. Here’s a simple logging middleware.
app.Use(async (context, next) =>
{
    if (context.Request.Headers.ContainsKey("Origin"))
    {
        var origin = context.Request.Headers["Origin"];
        Console.WriteLine($"CORS request from: {origin}");
    }
    await next();
});

Best Practices

• Limit Origins: Always specify the exact origins that are permitted to interact with your API. Avoid using wildcards (*) as they expose your API to potential security risks.
• Use HTTPS: Ensure both your .NET Core backend and Angular frontend are served over HTTPS. This secures data in transit and enhances trustworthiness.
• Regularly Review CORS Policies: As your application grows and evolves, periodically review your CORS configurations to ensure they align with current security requirements.
• Test CORS Configurations: Use tools like Postman or browser developer tools to test your CORS setup. Check for errors and ensure your API is returning the expected headers.
• Document Your API: Clearly document the CORS policies and allowed origins in your API documentation. This helps other developers understand how to interact with your API correctly.

Common Pitfalls

• Misconfigured Allowed Origins: One of the most frequent mistakes is misconfiguring allowed origins. Double-check the exact URLs, including the protocol (HTTP vs. HTTPS) and any potential trailing slashes.
• Forgetting to Apply CORS Middleware: Ensure that the UseCors middleware is applied before any endpoints are mapped. Placing it after endpoint mapping can lead to unexpected behaviors.
• AllowAnyOrigin with AllowCredentials: This combination is not allowed and will cause CORS requests to fail. If you need credentials, specify the exact origins.
• Not Handling OPTIONS Requests: Ignoring the preflight OPTIONS requests can lead to issues when your API is accessed from different origins. Ensure your server can properly handle these requests.

Example
Default

Allowing Specific Origins

Conclusion
Implementing CORS in .NET Core 8 for Angular applications is crucial for creating a secure and functional web application. By following best practices and being aware of common pitfalls, you can ensure that your CORS setup is both effective and secure. Regularly revisiting your CORS configuration as your application evolves will help maintain security and functionality in the long run.

Happy Coding!