DEV Community: neophyte

How to handle global exception in .NET Core

neophyte — Sun, 27 Aug 2023 12:04:05 +0000

In ASP.NET Core, you can handle global exceptions using middleware. Middleware is a component that sits in the request pipeline and can perform tasks before or after the request reaches your controller actions. Handling global exceptions through middleware allows you to centralize error handling and provide consistent behavior for your application.

Here's how you can create middleware to handle global exceptions in .NET Core:

Create a Middleware Class:

Create a new class for your middleware. This class should have a constructor that takes in RequestDelegate, which represents the next delegate in the pipeline. Inside the class, you can catch and handle exceptions.

public sealed class GlobalErrorHandlingMiddleware
{
    private readonly ILogger<GlobalErrorHandlingMiddleware> _logger;
    private readonly RequestDelegate _next;

    public GlobalErrorHandlingMiddleware(ILogger<GlobalErrorHandlingMiddleware> logger, RequestDelegate next)
    {
        _logger = logger;
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        try
        {

            await _next(context);
        }
        catch(Exception ex)
        {
            _logger.LogError(ex, ex.Message);
            context.Response.ContentType = "application/json";
            context.Response.StatusCode = StatusCodes.Status500InternalServerError;
            await context.Response.WriteAsync("An error occurred.");
        }
    }
}

Register Middleware: In your program.cs class, add the middleware, GlobalExceptionMiddleware before registering MVC or routing middleware. This ensures that the exception handling middleware is executed for all requests.

app.UseMiddleware<GlobalErrorHandlingMiddleware>();

By placing the UseMiddleware() call in the appropriate position, you ensure that any unhandled exceptions thrown within the pipeline will be caught by your custom middleware and handled according to your logic.

Thanks for reading.

Immutability with Init-Only Properties in C#

neophyte — Thu, 17 Aug 2023 17:33:01 +0000

In C#, immutability refers to the property of an object that once it is created, its state cannot be changed. This is typically achieved by making sure that the object's properties cannot be modified after the object is instantiated. One way to achieve immutability in C# is by using init-only properties, introduced in C# 9.0.

Init-only properties allow you to set the initial values of properties when an object is created, but they cannot be modified afterwards. This ensures that the object's state remains constant after it's been constructed. Here's how you can achieve immutability using init-only properties:

public class Person
{
    public string FirstName { get; init; }
    public string LastName { get; init; }

    public Person(string firstName, string lastName)
    {
        FirstName = firstName;
        LastName = lastName;
    }
}

In this example, the FirstName and LastName properties are declared as init-only properties using the init accessor. The constructor initializes these properties, and once the object is created, their values cannot be changed.

Here's how you can use this Person class:

var person = new Person("John", "Doe");

// This will result in a compilation error because init-only properties cannot be modified after initialization.
// person.FirstName = "Jane";

Console.WriteLine($"{person.FirstName} {person.LastName}");

Attempting to modify the FirstName property after initialization will result in a compilation error, enforcing the immutability of the object's state.

Init-only properties provide a convenient way to create immutable objects without the need to write custom getter methods and private setters, as was required in previous versions of C#. They improve code readability and maintainability by clearly indicating which properties are intended to be set only during object initialization.

Keep in mind that while init-only properties prevent you from directly modifying the property values, they do not make the entire object deeply immutable. If the properties themselves hold reference types (e.g., collections or other objects), those internal objects might still be mutable. If you want to ensure complete immutability, you need to ensure that the entire object graph is immutable.

Here is one more example which is mostly use in Domain Driven style codebase.

public abstract class Entity
{
    protected Entity(Guid id) => Id = id;

    protected Entity() { }

    public Guid Id { get; private init; }
}

Thanks for reading.

Where ViewModel should be placed in clean architecture?

neophyte — Fri, 11 Aug 2023 07:17:12 +0000

One of my friends asked me that where ViewModel should be placed in clean architecture?

Here was my answer:

As a professional .NET developer following the Clean Architecture principles, View Models should be placed in the Presentation Layer. In the context of Clean Architecture, the Presentation Layer is responsible for handling user interfaces, user interactions, and adapting the data from the Domain Layer into a format suitable for the views.

The Presentation Layer is the outermost layer of the application, and it depends on the Application Layer, which in turn depends on the Domain Layer. The View Models act as an intermediary between the Presentation Layer and the Application Layer, providing the necessary data and behavior to be displayed in the user interface.

To summarize, View Models belong to the Presentation Layer, which is part of the outer ring of the Clean Architecture. Placing them in this layer helps ensure a clear separation of concerns, maintainability, and testability of the application.

10 tips to prevent cross-site attack in .NET.

neophyte — Thu, 10 Aug 2023 14:59:59 +0000

Preventing Cross-Site Scripting (XSS) attacks in a .NET Core project involves implementing proper input validation, output encoding, and security configurations.
Here are some steps to help you prevent XSS in your .NET Core project.

1. Validate Input Data:
Valiate and sanitize all user inputs, including query parameters, form data, and cookies. Reject or sanitize any input that doesn't meet the expected format or content.

2. Use Parameterized Queries:
When interacting with databases, use parameterized queries or an Object-Relational Mapping (ORM) library that automatically escapes input values. This prevents SQL injection attacks, which can lead to XSS vulnerabilities.

3. Output Encoding
Always encode dynamic data before displaying it in the HTML. .NET core provides HTML encoding functions that you should use when rendering data in views. For example, in Razor views, use @Html.Raw to output content as raw HTML, and use @Html.Encode to HTML-encode content.

4. Content Security Policy (CSP):
Implement a Content Security Policy to restrict the sources from which your application can load content (e.g., scripts, styles, images). This can mitigate the impact of malicious scripts injected into your pages.

5. Use Razor Views Property:
Be careful with Razor Views. Avoid using @Html.Raw unless you're certain the content is safe. Use Razor's automatic HTML encoding by default.

6. Avoid Dangerous APIs:
Be cautious when using potentially dangerous APIs that can execute scripts. For example, when using innerHTML in javascript or the @Html.Raw method in Razor views, ensure that you're not inadvertently executing scripts.

7. Sanitize Rich Content:
If your application allows users to enter rich content (e.g., comments, descriptions), consider using a trusted and well-maintained HTML sanitizer library to sanitize the content before rendering it.

using Ganss.XSS;

string unsafeHtml = "<script>alert('XSS!');</script><p>This is safe.</p>";
var sanitizer = new HtmlSanitizer();
string safeHtml = sanitizer.Sanitize(unsafeHtml);

// Now, the safeHtml variable contains sanitized HTML
// that can be safely displayed.

8. Ragular Security Updates:
Keep your .NET core framework and packages up-to-date. Updates may include security patches that address known vulnerabilities.

9. Security Headers:
Use appropriate HTTP security headers, such as X-XSS-Protection, to instruct browsers to prevent or mitigate XSS attacks.

10. Security Testing:
Conduct regular security testing, including automated and manual security assessments, to identify and fix potential vulnerabilities, including XSS.

By following these best practices, you can significantly reduce the risk of XSS attacks in your .NET Core project. Stay informed about the latest security updates and practices to keep your application secure.

Simple steps to publish nuget package

neophyte — Sat, 03 Dec 2022 16:39:21 +0000

TL;DR;

Create and publish nuget package through dotnet cli

Publish nuget package through GITHUB Actions

name: Publish nuget package

on:
  push:
    branches: ["main"]
  workflow_dispatch:

permissions:
  contents: read

jobs:
    build:
      runs-on: windows-latest

      steps:
        - uses: actions/checkout@v3

        - name: Setup .NET core
          uses: actions/setup-dotnet@v2
          with:
            dotnet-version: 6.0.*

        - name: Build application
          run: dotnet build SecurityCode.Validator --configuration release

        - name: package
          run: dotnet pack SecurityCode.Validator --configuration release --output package

        - name: publish
          run: dotnet nuget push package\*.nupkg --api-key ${{secrets.NUGET_KEY}} --source https://api.nuget.org/v3/index.json

Happy Coding!!!