Request Validation in Minimal APIs is a .NET 9 application that demonstrates the use of minimal APIs in ASP.NET Core. This project includes various features such as global exception handling, CORS, HTTPS redirection, health checks, OpenAPI documentation, and more. It also showcases the use of middleware for handling exceptions and anti-forgery tokens, as well as the integration of Swagger UI with custom styles and dark mode support.
- Features
- Blog Post Endpoints
- Health Check Endpoint
- Exception Endpoint
- Anti-Forgery Token Endpoint
- Getting Started
- Examples
- License
- Contact
- Contributing
- Thanks to Contributors:
- Global Exception Handling: Middleware to handle unhandled exceptions and return a standardized error response.
- Static Assets: Serve static assets like CSS, JS, and images.
- Status Code Pages: Provide better error responses with status code pages.
- CORS: Enable Cross-Origin Resource Sharing (CORS) for secure API access.
- HTTPS Redirection: Redirect HTTP requests to HTTPS in non-development environments.
- Health Checks: Implement health checks to monitor the application's health status.
- OpenAPI Documentation: Generate OpenAPI documentation for API endpoints.
- Swagger UI: Integrate Swagger UI with custom styles and dark mode support.
- Rate Limiting: Enable rate limiting to control the number of requests.
- Anti-Forgery Tokens: Use anti-forgery tokens to protect against CSRF attacks.
- Hybrid Cache: Use Hybrid Cache to cache data and improve performance.
- Serilog: Integrate Serilog for structured logging and better log management.
- Minimal APIs: Demonstrate the use of minimal APIs for creating HTTP endpoints.
- Endpoint:
GET /posts - Description: This endpoint returns all the blog posts from the database. The data will be cached using Hybrid Cache, and the response header
X-Data-Sourcewill indicate whether the data is coming from the Database or Cache. - Responses:
200 OK: Returns a list of blog posts.204 No Content: No blog posts found.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
GET /posts/{id:Guid} - Description: This endpoint returns a single blog post based on the blog post Id you provide. The data will be cached using Hybrid Cache, and the response header
X-Data-Sourcewill indicate whether the data is coming from the Database or Cache. - Responses:
200 OK: Returns the blog post.404 Not Found: Blog post not found.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
POST /posts - Description: This endpoint creates a new blog post based on the values you provide. The cache will be invalidated to ensure the new post is reflected in subsequent requests.
- Request Body:
application/json: A JSON object containing the title and content of the blog post.
- Responses:
201 Created: Returns the Id of the created blog post.400 Bad Request: Invalid request data or missing anti-forgery token.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
PUT /posts - Description: This endpoint updates an existing blog post based on the values you provide. The cache will be invalidated to ensure the updated post is reflected in subsequent requests.
- Request Body:
application/json: A JSON object containing the Id, title, and content of the blog post.
- Responses:
200 OK: Blog post updated successfully.404 Not Found: Blog post not found.400 Bad Request: Invalid request data or missing anti-forgery token.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
DELETE /posts/{id:Guid} - Description: This endpoint deletes an existing blog post based on the blog post Id you provide. The cache will be invalidated to ensure the deleted post is not reflected in subsequent requests.
- Responses:
200 OK: Blog post deleted successfully.404 Not Found: Blog post not found.400 Bad Request: Missing anti-forgery token.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
GET /health - Description: This endpoint returns the health status of the application along with it's database.
- Responses:
200 OK: Returns the health status of the application.204 No Content: The named HttpClient service is missing, the endpoint response is not 200 OK, or the health report is null.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- Endpoint:
GET /exception - Description: This endpoint triggers an unhandled exception to demonstrate global exception handling.
- Responses:
200 OK: Returns the argument value if the Name parameter is not null.500 Internal Server Error: Returns a standardized error response with details of the exception. All unhandled exception(s) are caught by the middleware.
- Endpoint:
GET /AFT - Description: This endpoint returns the Anti-Forgery Token. The token is required for POST, PUT, and DELETE requests to prevent Cross-Site Request Forgery (CSRF) attacks. This endpoint will not be visible in the Swagger UI.
- Responses:
200 OK: Returns the Anti-Forgery Token.500 Internal Server Error: Exception occurs. All unhandled exception(s) are caught by the middleware.
- .NET 9 SDK
- Compatible IDE
- Clone the repository:
git clone https://github.com/JitenShahani/RequestValidationInMinimalAPIs.git
cd RequestValidationInMinimalAPIs
- Build the project:
dotnet build
- Run the application:
dotnet run --project .\RequestValidationInMinimalAPIs\RequestValidationInMinimalAPIs.csproj
or, use the watch command to automatically restart the application when changes are detected:
dotnet watch --project .\RequestValidationInMinimalAPIs\RequestValidationInMinimalAPIs.csproj
- Open your browser and navigate to
https://localhost:7036/swagger/index.htmlto view the Swagger UI.
Ensure your appsettings.json file contains the required configuration settings for CORS origins, cache keys, and anti-forgery tokens.
To see global exception handling in action, you can trigger an unhandled exception by accessing /exception endpoint that throws an ArgumentNull exception. The middleware will catch the exception and return a standardized error response.
To test CORS, try making a request to the API from a different origin. The CORS policy will allow or deny the request based on the configured origins.
To test HTTPS redirection, try accessing the application using HTTP. The application will automatically redirect the request to HTTPS provided the environment is not development.
To check the health status of the application, navigate to the /health endpoint. The application will return the health status of various components.
To view the OpenAPI documentation, navigate to the /swagger endpoint. The Swagger UI will display the API documentation with custom styles and dark mode support.
To test rate limiting, make multiple requests to the API within a short period. The rate limiter will enforce the configured limits and return a 429 Too Many Requests response if the limit is exceeded.
To test anti-forgery tokens, try making a POST, PUT, or DELETE request without including the anti-forgery token in the header. The request will be rejected to protect against Cross-Site Request Forgery (CSRF) attacks.
To see Hybrid Cache in action, navigate to the /posts or /posts/{id:Guid} endpoints. The data will be cached for 5 minutes, and the response header X-Data-Source will indicate whether the data is coming from the Database or Cache.
To see minimal APIs in action, navigate to the various endpoints defined in the application. The minimal APIs provide a simple and efficient way to create HTTP endpoints.
This project is licensed under the MIT License. See the LICENSE file for more details.
For questions or support, please open an issue on the GitHub repository.
Contributions are welcome! Please feel free to submit a pull request or open an issue to discuss any changes or improvements.