EditForm comes with built-in anti-forgery token support. Blazor automatically secures the EditForm instances, saving you the hassle of explicitly handling CSRF protection.
Blazor WebAssembly apps run entirely in the browser and do not have a server-side processing pipeline where you would typically configure a middleware such as app.UseAntiforgery(). If your Blazor WebAssembly app interacts with server-side APIs, you should manage anti-forgery at the API level. However, if you already use token-based authentication to secure communication, anti-forgery tokens are generally not necessary. Token-based authentication, by its nature, mitigates the risks associated with CSRF, making additional anti-forgery tokens redundant.
Delegating handlers are like ASP.NET Core middleware. Except they work with the HttpClient. The ASP.NET Core request pipeline allows you to introduce custom behavior with middleware. You can solve many cross-cutting concerns using middleware — logging, tracing, validation, authentication, authorization, etc.
But, an important aspect here is that middleware works with incoming HTTP requests to your API. Delegating handlers work with outgoing requests.
This JSON is basically a serialization of our entity, with some built-in conventions such as;
CamelCase instead of PascalCase: We got levelName instead of LevelName and son, meaning that all our PascalCase .NET class names and properties will be automatically converted into camelCase when they are serialized to JSO,
No indentation and no line feed / carriage return (LF/CR): Everything is stacked within a single line of text.
These conventions are the default options set by .NET core when dealing with JSON outputs.
To change the default behavior for readability and no PascalCase to CamelCase switching, add these to Program.cs file;
builder.Services.AddControllersWithViews()
.AddJsonOptions(options =>
{
// set this option to TRUE to indent hte JSON output
options.JsonSerializerOptions.WriteIndented = true;
// set this option to NULL to use PascalCase instead of camelCase (default)
options.JsonSerializerOptions.PropertyNamingPolicy = null;
});
Let’s get our hands in some code. This web app will act as a monitoring and reporting service that will check the health status of a target server.
We are going to use Micorosft.AspNetCore.Diagnositcs.HealthChecks package, a built-in feature of the .NET Core framework. This package is meant to be used to allow a monitoring service to check the status of another running service.
Add app.UseHalthChecks middleware in Program.cs file;
This middleware will create a server-side route for the health checks. Note that we have added this middleware before Endpoints so that this new route won’t be overriden by the general-purpose Controller route pattern.
Keep in mind, when we run application it uses two ports; one for server side and second one for angular side (in our case it’s 7031). For angular it creates a proxy and re-direct users there (in this case 44488).
If we run our application, we can see our system is healthy.
The system is healthy because we haven’t defined any checks yet.
Let’s add an Internet Control Message Protocol (ICMP) AKA Ping. PING request is a basic way to check the presence and therefore availability, of a server that we know we should be able to reach within a LAN / WAN connection.
In a nutshell, it works in following way; the machine that performs the PING sends one or more ICMP echo request packets to the target host and waits for a reply; if it receives it, it reports the round-trip time of the whole task; otherwise, it time outs and reports a “host not reachable” error.
The “host not reachable” error can be due to a number of possible reasons;
The target host is not available
The target host is available, but actively refuses TCP/IP connections of any kind
The target host is available and accepts TCP/IP incoming conections, but it has been configured to explicitly refuse ICMP requests and/or not send ICMP echo replies back.
The target host is available and properly configured to accept ICMP requests and send echo replies back, but the connection is very slow or hindered by unknown reasons (performance, heavy load etc), so the round-trip time takes too long, or even times out.
So what could be the possible outcomes of our implementation;
Healthy: We can consider the host Healthy whenever the PING succeeded with no errors and timeouts.
Degraded: We can consider the host Degraded whenever the PING succeeded, but the round-trip takes too long.
Unhealthy: We can consider the host Unhealthy whenever the PING failed, that is, the check times out before any reply.
public class PingHealthCheck : IHealthCheck
{
private string Host = "www.does-not-exist.com";
private int Timeout = 300;
public async Task<HealthCheckResult> CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken = default)
{
try
{
using (var ping = new Ping())
{
var reply = await ping.SendPingAsync(Host);
switch (reply.Status)
{
case IPStatus.Success:
return (reply.RoundtripTime > Timeout) ? HealthCheckResult.Degraded() : HealthCheckResult.Healthy();
default:
return HealthCheckResult.Unhealthy();
}
}
}
catch (Exception ex)
{
return HealthCheckResult.Unhealthy();
}
}
}
Add PingHealthCheck to the pipeline by modifying Program.cs file;
So we are getting a response. that’s great, it works. Three are 3 major flaws;
Hardcoded values: The Host and the Timeout variables should be passed as parameters
Uninformative response: Healthy and Unhealthy are not that great, we should create a better output message
Untyped output: The current response is being sent in plain text, if we want to fetch it with Angular, a JSON content-type be better.
public class PingHealthCheck : IHealthCheck
{
private string Host { get; set; }
private int Timeout { get; set; }
public PingHealthCheck(string host, int timeout)
{
Host = host;
Timeout = timeout;
}
public async Task<HealthCheckResult> CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken = default)
{
try
{
using (var ping = new Ping())
{
var reply = await ping.SendPingAsync(Host);
switch (reply.Status)
{
case IPStatus.Success:
var msg = $"ICMP to {Host} took {reply.RoundtripTime} ms.";
return (reply.RoundtripTime > Timeout) ? HealthCheckResult.Degraded(msg) : HealthCheckResult.Healthy(msg);
default:
var err = $"ICMP to {Host} failed: {reply.Status}";
return HealthCheckResult.Unhealthy(err);
}
}
}
catch (Exception ex)
{
var err = $"ICMP to {Host} failed: {ex.Message}";
return HealthCheckResult.Unhealthy(err);
}
}
}
Update middleware in Program.cs file so that we can call it programmatically;
builder.Services.AddHealthChecks()
.AddCheck("PING_01", new PingHealthCheck("www.msn.com", 100))
.AddCheck("PING_02", new PingHealthCheck("www.google.com", 100))
.AddCheck("PING_03", new PingHealthCheck("www.does-not-exist.com", 100));
The reason is obvious, if one of them failed the whole stack will be failed. The last one in our example is failure. We can avoid this sum behavior by implementing the resolution of third flaw (as mentioned before): JSON-structured output message.
Add a new class in project root, CustomHealthCheckOptions;
public class CustomHealthCheckOptions : HealthCheckOptions
{
public CustomHealthCheckOptions() : base()
{
var jsonSerializerOptions = new JsonSerializerOptions()
{
WriteIndented = true
};
ResponseWriter = async (c, r) =>
{
c.Response.ContentType = MediaTypeNames.Application.Json;
c.Response.StatusCode = StatusCodes.Status200OK;
var result = JsonSerializer.Serialize(new
{
checks = r.Entries.Select(e => new
{
name = e.Key,
responseTime = e.Value.Duration.TotalMilliseconds,
status = e.Value.Status.ToString(),
description = e.Value.Description
}),
totalStatus = r.Status,
totalResponseTime = r.TotalDuration.TotalMilliseconds,
}, jsonSerializerOptions);
await c.Response.WriteAsync(result);
};
}
}
Modify Program.cs file;
app.UseHealthChecks("/hc", new CustomHealthCheckOptions());
Run the application and here is expected output;
{
"checks": [
{
"name": "PING_01",
"responseTime": 78.6889,
"status": "Healthy",
"description": "ICMP to www.msn.com took 12 ms."
},
{
"name": "PING_02",
"responseTime": 62.3402,
"status": "Healthy",
"description": "ICMP to www.google.com took 14 ms."
},
{
"name": "PING_03",
"responseTime": 144.9184,
"status": "Unhealthy",
"description": "ICMP to www.does-not-exist.com failed: An exception occurred during a Ping request."
}
],
"totalStatus": 0,
"totalResponseTime": 181.1726
}
Each and every check is properly documented, as well as the total outcome data, in a structured JSON object. This is just what we need to feed some Angular Components.
VLANs had me confused and running in circles for a while when I was first setting them up too. My understanding of things may not be entirely correct or the “right” way of doing things, but it worked for me. I don’t have experience setting up VLANS in the Unraid interface, but my experience getting VLANs working may help you notice something you overlooked.
I believe you need switches and a router that support VLANs, also known as 802.1q. The switches certainly need support for VLANs and I believe the router may need it to route traffic between VLANs (e.g. from VLAN 4 to VLAN 9), perform network management things like DHCP, and access the Internet. Many consumers routers and basic unmanaged switches don’t support VLANs. Third-party firmware like OpenWRT may be able to add VLAN support to consumer routers. I’m not sure what a “smart unmanaged” switch is, but if it doesn’t have some sort of an interface, be it Web, software, serial/RS-232, or ssh/telnet based, it isn’t smart enough to support VLANs; all VLAN configuration is performed on the device itself via some sort of interface. Check the spec sheets on your gear.
I ended up using Netgear GS108Tv2 and GSS116E switches with a pfSense router running on a Dell 780 SFF PC with a I350-T2V2 network adapter. The fancy network adapter isn’t required. The 116E switch has basic “port-based” configuration, but the 108T doesn’t, so I used “advanced” VLAN configurations.
The first major concept to understand is that network traffic doesn’t have VLAN tags until you turn on VLAN support. Traffic on VLANs has extra data added to it, (the 802.1q header), that requires routers and switches to understand VLAN-formatted traffic.
The second major concept to understand is the Port VLAN ID (PVID). It appears to be the default VLAN ID for a port.
The third major concept to understand is VLAN membership. A port is a member of a VLAN if it’s marked as “tagged” or “untagged” on a VLAN. Most devices, e.g. PCs, game consoles, iPads, etc., don’t understand VLANs and so their traffic does not contain a VLAN tag; their traffic is “untagged” when entering the network. “Untagged” ports assign the PVID of the port to the traffic, giving it the VLAN information needed to move on a VLAN network; traffic inherits the VLAN ID from the port. My networked devices are all “untagged” on once VLAN, making them a member of a single VLAN.
“Tagged” ports appear to be designed to move traffic that is is already tagged. This could theoretically come from a device that understand VLANs or be traffic from an “untagged” port that had a tag added by the switch. Cisco uses a technology called “trunk” ports for passing traffic between switches and routers that Netgear doesn’t have. I use “tagged” ports to accomplish this task. My “trunk” ports are tagged in all VLANs, making them a member of all VLANs and allowing them to communicate with all VLANs while passing traffic between switches and routers.
All my networked device are on “untagged” ports but they they inherit a VLAN ID from the port; they become “tagged” by the switch rather than the original device. Once the traffic from a device is tagged by the switch, it can communicate with any device on the same VLAN. Communicating with devices on a different network switch or communicating with devices on the Internet requires the “trunk” ports that are tagged in multiple VLANs.
I set up VLAN 1, 4, and 9; 1 is used for network management, 4 is for my PCs and such, 9 for my Unraid server.
My only experience is with the Netgear stuff, so some of the terminology may be different with other brands.
So if Port 1 connects the switch to the router, Port 1 would bet marked as tagged on VLAN 1, 4, and 9 in my setup, making it a member of VLAN 1, 4, and 9; this makes it something like a “trunk” port between the switch and router and allows all the traffic can get upstream to the router as needed. My “trunk” ports also got a PVID of 1; they always tagged traffic, so the PVID may not matter.
If Port 2 is connected to my desktop PC, it would get a PVID of 4 and is untagged on VLAN 4 only. This allows the port to only communicate with other devices on VLAN 4.
If Port 3 is connected to my laptop, it would get a PVID of 4 and is untagged on VLAN 4 only. This allows the port to only communicate with other devices on VLAN 4.
If Port 4 is connected to my Unraid server, it would get a PVID of 9 and is untagged on VLAN 9 only. This allows the port to only communicate with other devices on VLAN 9.
The fourth major concept is inter-VLAN routing. My PC and laptop in the example above can talk to each other because they’re both on VLAN 4 and can talk to the router via the trunk on port 1. The Unraid server can talk to the router. However, members of VLAN 4 can’t talk to members of VLAN 9. I remedied this with firewall rules in the router. These rules allow me to control which devices (IP addresses) and services (ports) on VLAN 4 can communicate with which devices and services on VLAN 9. I believe this is a reason why the router needs VLAN support – you’re routing between VLAN networks (e.g. 192.168.4.100 to 192.168.9.10). The router may also need to understand the VLAN-formatted packets so it can strip off the VLAN formatting before forwarding it to the Internet.
So I added firewall rules in pfSense to allow my PC and laptop to access the Unraid web UI, ssh, file sharing ports, Plex ports, etc. of my Unraid server.
