I wrote yet another asp.net core web API boiler plate code considering the best practices in mind to achieve optimal performance.
Some of the middleware or services used within the code may initially seem unnecessary but will prove useful when moving forward to production ready API state.
Disclaimer: Repository and data is about English Monarchs (preparing for life in the UK test now a days, so English Monarchy is on top of my head all the time)
Below is brief overview of structure of project:
- JSON web token (JWT)
To do the authorisation based on tokens, clients can generate tokens, some operations are admin based so for that has to create admin based token. It includes TokenGenerator, which shouldn’t be part of it but for ease i included.
For ease of testing, i kept GetAll method anonymously accessible
- Allowed Cross Region Resource sharing
To allow different origin requests
- Redis Distribution cache + E-Tags caching mechanism
download redis from herehttps://redis.io/download
Redis is in-memory database used for caching, super fast and reliable. I implemented that only for demo purpose.
- Add versioning
For having different versions of services, its necessary to know best practices
- Added Swagger support
For me its WSDL for REST full services
- Repository (json based database file)
some English monarchs tenures data (preparing for life in the uk test now a days, so monarchy is on top of my head all the time)
- Error handling middleware
Handle exception handling by logging problems only
- Response Compression
Preferably use Hosting server based compression like IIS, Apache, Nginx but useful if Hosting on Kestrel or HTTP.sys server
- Limiting Middleware
To restrict number of request to avoid basic level of DOS attacks and crawlers
for EU GDPR regulations
- Health checks
asp.net core offers built in health checks libraries
- Seri Logger File Rolling
.net core comes with built in logger but thats very limited, I used SeriLog library as its faster than others like NLog and Log4net and provides structured logs. logging is backbone of any production based APIs so has to be very careful with that what you choose.
1. Used service extension methods to enhance readability of code specially in Startup.cs 2. Used DI/IOC to register DAL based classes as service and utilized .net core IOC feature, so does ILogger and others 3. Async actions optimized to use max processor threads 4. Middleware to handle request of ErrorHandling, ETag, Limiting requests 5. Extension methods for versioning, swagger and JWT authentication 6. Redis-ETag cache helper 7. ApiConventionType .net core 2.2 feature which analyzes controller for differnt status code and help swagger like tool to generate 8. Global error handling 9. Attribute based Routing 10. Ilogger /Serilog 11. Using JWT to add authentication tokens to avoid unauthorized requests
Picture speaks a thousand words , i know i know its local host but still guys, its on my 5 year old laptop
I will add more stuff in it like using some enterprise service bus, docker deployments, CQRS, Event sourcing and etc so subscribe for more 🙂