all Technical posts

Out-of-the-box Request Tracking, Simplified HTTP Correlation & JWT Authorization in Arcus Web API v1.0

We've shipped Arcus Web API v1.0 which brings a couple of new features.
Come and take a look at what it has to offer!

Written by
1 July 2020
Stijn Moreels
Tom Kerkhove

Out-of-the-box Request tracking

This new version allows you to track incoming requests by using a new middleware component which is built on top of ILogger.LogRequest (👋 Arcus Observability).

 

 

By default, we do not track the request body but do include most HTTP headers. However, for security reasons we have a default set of headers to omit or obfuscate.

Example:

HTTP Request POST http://localhost:5000/weatherforecast completed with 200 in 00:00:00.0191554 at 03/23/2020 10:12:55 +00:00 - (Context: [Content-Type, application/json], [Body, {"today":"cloudy"}])

As always, we allow you to fully configure it to how you want it to behave by using our fluent options API for UseRequestTracking:

 

For more information, see the docs.

 

Making it easier to use HTTP correlation

Up until now it was a bit cumbersome to use HTTP correlation. We have now added an easier way to start using HTTP correlation with Serilog with the following extensions:

 

For more information on correlation, see the docs.

 

JWT authorization

As of v1.0, we have renamed our existing AzureManagedIdentityAuthorizationFilter into JwtTokenAuthorizationFilter because we feel it’s broader than just Managed Identity. This component provides a mechanism that uses JWT (JSON Web Tokens) to authorize requests access to the web application.

This authorization process consists of the following parts:

  • Find the OpenID server endpoint to request the correct access token
  • Determine the request header name you want to use where the access token should be available

 

For more information, see the docs.

 

Breaking changes

Last but not least, we have simplified our package structure to make it easier to keep track of dependencies.

Here is an overview:

  • Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorization are now consolidated into Arcus.WebApi.Security
  • Arcus.WebApi.Correlation has been moved into Arcus.WebApi.Logging
  • Starting from this version, the different packages Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorizatio have been merged together in Arcus.WebApi.Security.
    The reason for this was that the functionality in both packages is mostly all the time used togehter and doesn’t have much meaning on its own.
  • Starting from this version, we have decided to merge the correlation and logging functionality into a single package: Arcus.WebApi.Logging.
    This for the very reason that both the functionality present in the correlation and logging packages is mostly all the time used together.

Thanks for reading!

Stijn & Tom

Subscribe to our RSS feed

Related articles

Announcing Arcus Observability

Empower your applications with a variety of observability essentials to run operable platforms.

Making Arcus Templates More Powerful

Get started easily for building Web APIs and Azure Service Bus message pumps with Arcus Templates.

Arcus Security v2.0, the Catalyst Release That Sets the Record Straight

The Arcus Security v2.0 release makes use of the required .NET 8 update in order to make small changes which will have a big impact.

Send blog to my inbox

Invalid email address

Submit

Thanks, we've sent the link to your inbox

Invalid email address

Submit

Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Keep up to date with industry trends, events and the latest customer stories

Invalid email address

Submit

Great you’re on the list!