Kevin Rich

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (IsSwagger(request) . . .

Read More

December 05, 2016

AutoMapper / ReSharper Configuration

Fixing the cause of a ridiculous slowdown

The Challenge

While working on a project, I noticed that Visual Studio ground to a halt while I was working on a rather in-depth AutoMapper profile. Something clicked in the back of my head, remembering a similar issue I experience about a year ago. Both times I had experienced this issue, the slowdown happened while editing an AutoMapper . . .

Read More

November 20, 2016

Dealing with XML

A quick guide to the XmlSerializer

I don't work with XML Serialization much, but every now and again I find myself working on something that requires a little XML love. I recently answered a StackOverflow question regarding the subject.

What's covered

  • Understanding the parts of an XML document
  • Setting up a POCO class to mirror an XML document
  • Deserialization of an XML . . .

Read More

November 06, 2016

Configuring Swashbuckle for API key Authentication

A followup to adding Authentication Filters


Recently, I wrote about adding custom authentication filters to a .NET MVC project. As a user of Swashbuckle, I needed to factor the filter into my swagger specs.To do this,we need to configure the Swagger configuration to include the api-key requirement information and configure the SwaggerUI configuration to inject some JavaScript. . . .

Read More

July 19, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter


I have an API that I wish to lock down via an API key the user will embed in the request header. We will accomplish this using the WebApi.AuthenticationFilter NuGet package to create a custom AuthenticationFilterAttribute which will check the incoming request header for an "api-key" key and related value.

Project . . .

Read More

July 19, 2016

WebApi JSON Serialization

Circular References FTL

The Challenge

I was building a standard ASP.NET EntityFramework / WebApi / Swagger project. Attempting something a bit new, I decided my controller would return a CreatedAtRoute HttpActionResult. The code goes something a little like this:

[HttpPut] public IHttpActionResult AddMyObject([FromBody] MyObject newObject) { // validation stuff // . . .

Read More

July 13, 2016

Reading Embedded Files

Unit Testing a Stream (Part 1)


There are several cases in which reading text from a file is more is more convenient than writing a string in the middle of my code. I've done this occasionally for SQL statements, text templates, and unit testing sample XML or JSON. For my money, it keeps the code looking cleaner and easier to read, as well as having the added . . .

Read More

June 01, 2016


Cover image credit: