all Technical posts

Out-of-the-box Request Tracking, Simplified HTTP Correlation & JWT Authorization in Arcus Web API v1.0

We've shipped Arcus Web API v1.0 which brings a couple of new features.
Come and take a look at what it has to offer!

Out-of-the-box Request tracking

This new version allows you to track incoming requests by using a new middleware component which is built on top of ILogger.LogRequest (👋 Arcus Observability).

 

 

By default, we do not track the request body but do include most HTTP headers. However, for security reasons we have a default set of headers to omit or obfuscate.

Example:

HTTP Request POST http://localhost:5000/weatherforecast completed with 200 in 00:00:00.0191554 at 03/23/2020 10:12:55 +00:00 - (Context: [Content-Type, application/json], [Body, {"today":"cloudy"}])

As always, we allow you to fully configure it to how you want it to behave by using our fluent options API for UseRequestTracking:

 

For more information, see the docs.

 

Making it easier to use HTTP correlation

Up until now it was a bit cumbersome to use HTTP correlation. We have now added an easier way to start using HTTP correlation with Serilog with the following extensions:

 

For more information on correlation, see the docs.

 

JWT authorization

As of v1.0, we have renamed our existing AzureManagedIdentityAuthorizationFilter into JwtTokenAuthorizationFilter because we feel it’s broader than just Managed Identity. This component provides a mechanism that uses JWT (JSON Web Tokens) to authorize requests access to the web application.

This authorization process consists of the following parts:

  • Find the OpenID server endpoint to request the correct access token
  • Determine the request header name you want to use where the access token should be available

 

For more information, see the docs.

 

Breaking changes

Last but not least, we have simplified our package structure to make it easier to keep track of dependencies.

Here is an overview:

  • Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorization are now consolidated into Arcus.WebApi.Security
  • Arcus.WebApi.Correlation has been moved into Arcus.WebApi.Logging
  • Starting from this version, the different packages Arcus.WebApi.Security.Authentication and Arcus.WebApi.Security.Authorizatio have been merged together in Arcus.WebApi.Security.
    The reason for this was that the functionality in both packages is mostly all the time used togehter and doesn’t have much meaning on its own.
  • Starting from this version, we have decided to merge the correlation and logging functionality into a single package: Arcus.WebApi.Logging.
    This for the very reason that both the functionality present in the correlation and logging packages is mostly all the time used together.

Thanks for reading!

Stijn & Tom

Subscribe to our RSS feed

Let's talk, what's your first name?

Press Enter

Press Enter

Hi , what's on your mind?

Press Enter

Great! Leave your email and we'll be in touch
Submit
Thanks, we’ll be in touch soon!