I wrote yet another asp.net boiler plate code considering the best practices in mind to achieve optimal performance.
Some of the middleware or services used within the code may initially seem unnecessary but
will prove useful when moving forward to production ready API state
- Json web token (JWT)
- To do the authorization based on tokens, clients can generate tokens, some operations are admin based so for that has to create admin based token. It includes TokenGenerator, which shouldn't be part of it but for ease purpose i included.
- Allowed Cross Region Resource sharing
- To allow different origin requests
- Redis Distribution cache + E-Tags caching mechanism
- Redis is in-memory database used for caching, super fast and reliable. I implemented that only for demo purpose.
- Add versioning
- For having different versions of services, its necessary to know best practices
- Added Swagger support
- For me its WSDL for REST full services
- Repository (json based database file)
- some English monarchs tenures data (preparing for life in the uk test now a days, so monarchy is on top of my head all the time)
- Error handling middleware
- Handle exception handling by logging problems only
- Response Compression
- Preferably use Hosting server based compression like IIS, Apache, Nginx but useful if Hosting on Kestrel or HTTP.sys server
- Limiting Middleware
- To restrict number of request to avoid basic level of DOS attacks and crawlers
- UseCookiePolicy
- for EU GDPR regulations
- Health checks
- asp.net core offers built in health checks libraries
- Seri Logger File Rolling
- .net core comes with built in logger but thats very limited, I used SeriLog library as its faster than others like NLog and Log4net and provides structured logs. logging is backbone of any production based APIs so has to be very careful with that what you choose.
1. Used service extension methods to enhance readability of code specially in Startup.cs
2. Used DI/IOC to register DAL based classes as service and utilized .net core IOC feature, so does ILogger and others
3. Async actions optimized to use max processor threads
3. Middleware to handle request of ErrorHandling, ETag, Limiting requests
4. Extension methods for versioning, swagger and JWT authentication
5. Redis-ETag cache helper
6. ApiConventionType .net core 2.2 feature which analyzes controller for differnt status code and help swagger like tool to generate
7. Global error handling
8. Attribute based Routing
9. Ilogger /Serilog
10. Using JWT to add authentication tokens to avoid unauthorized requests
I will add more stuff in it like using some enterprise service bus, docker deployments, CQRS, Event sourcing and etc. let me know if you feel like adding some cool stuff in it