Understanding ASP.NET Middleware

Understanding ASP.NET Middleware

In ASP.NET Core, middleware is the term used for components that form the Request Pipeline.

The pipeline request is similar to a chain; it can contain multiple middleware. These components will handle the request in sequence; each component will inspect the request and decide whether it should be passed to the next middleware or just generate a response interrupting the chain.

Once the request has been handled, a response will be generated and send back to the client passing along the chain.

Execution Order

Middleware’s will execute in the same order they are registered when handling requests and in the reverse order when handling responses.

Check the example below:

How to create a Middleware

Middleware components don’t implement interfaces or derive from classes, It simply has a constructor that takes RequestDelegate as parameter and implements the Invoke Method.

The RequestDelegate represents the next Middleware component of the chain and the Invoke method is called when the component receives a request.

For example:

Creating Content-Generating Middleware

The most important type of middleware generates content for clients, and it is this category to which MVC belongs.

This kind of middleware is used when you want to generate some content and send it back to the client without the need of dealing with all the MVC complexity.



Creating Short-Circuiting Middleware

Short-Circuiting Middleware Components are used when you want to inspect the request and decide if the request should be passed to the next component.

For example, the below process is checking if the request contains the User-Id header, if not the middleware will break the chain and return a 401-Unauthorized response to the client.


Creating Request-Editing Middleware

The next type of middleware component examined doesn’t generate a response. Instead, it changes requests before they reach other components later in the chain. This kind of middleware is mainly used for platform integration to enrich the ASP.NET Core representation of an HTTP request with platform-specific features.

The example below is to demonstrate the check that if the request contains a blank User-Id in the header; if yes it will be removed.



Interacting with another Middleware

Middleware components can interact with each other, let’s consider that RequestEditMiddleware is executed before the ShortCircuitMiddleware.

In that case if a request contains blank User-Id Header the RequestEditMiddleware will remove that header from the request and call the next component, which is the ShortCircuitMiddleware, the ShortCircuitMiddleware won’t find the header User-Id and will break the chain returning a 401 response to the client.

Registering a Middleware

Now that we already know how to create our own custom components, how do we use it?

It’s simple, in the Startup class there is a method called Configured which is responsible to setup how the application will handle requests.

This method has a parameter of type IApplicationBuilder, that is the object we use to register our components.

See example below:

However, there is a more efficient way to register the components, for that we need to create some extension methods.

See below:

After creating the extension methods all we have to do is register the components using it.


ASP.NET Core and Docker for Beginners


Docker is an open, lightweight platform for developing, shipping and running applications using container technology. Docker provides container solutions for developers, architects, DevOps, and IT People. It can run on Linux, Windows, Mac OS and most the cloud providers like AWS, Azure, Google etc..

What is Docker?

Docker is all about running a single program inside separated environments. It is an open source platform with can be used to package, distribute and run applications in different environments.

Let start understanding by an example,

Applications 1 & 3 will stop working because they need a different framework to run. What can be done now? The above diagram shows, we have three applications running; however, all of the application use the same framework. What will happen if App 1 required different Framework version like 1.0, app 2 needs v2.0, app 3 needs v.3.0. As a result only App 2 will work because our framework installed is v2.0.

One way is to use three different systems for all three applications, but it will be very expensive and maintening them will also be very difficult.

This is how “DOCKER” comes into play. Docker will make sure each application has its own facilities rather than common facilities.

Docker will do something like this.

Build the ASP.Net Core and Docker Packages

Docker will create a package that can run in different environments.

To build an app in Docker, first we need an app to Dockerize.

Docker allows you to build an application in pretty much the same way you would create an application to run on your local machine.

When we create application make sure enable the Docker support and also make sure you have it installed by going to:


Note: Make sure Docker is installed .Otherwise you’ll get the below error:

Installing this (mac or pc) will run docker and allow you to create and host docker containers. Microsoft Visual Studio will use Docker Desktop to host your app inside of during development to allow you to develop or test in.

The trick is to get a new item in your launchSettings.json:

This, in conjunction with a docker file in your project (just called “Dockerfile” without an extension) that builds a container, hosts it, and allows you to debug it remotely.

Writing a Dockerfile:

What is Dockerfile?

In short, Dockerfile contains a series of instructions which define how to construct an image:

Below are the common commands:


This command specifies the base image, eg: Microsoft/aspnetcore:2.0


Changes the working directory for subsequent instructions in the Dockerfile


Copies files from source to destination


Executes a command directly in the container


Sets a specific port internally to the container


Usually, it is used to map a physical directory on our machine to the logical directory in the container instead.


Specifies which application will run in the container created from the image.

To use some of the commands, First create Dockerfile in your application:

Then write Dockerfile for ASP.NET Core app, you must first know if you want to use the Development Environment or the Production Environment.

In development environment you need an image that contains a compiler and allows compiling directly in the container, and for that, use Microsoft/aspnetcore-build directly from the DockerHub (Docker Repository).

In Production environment you do not need a compiler because it will have to build the application externally from the image, integrate all built files in the image, and just use a lightweight image containing the .NET Core Runtime Microsoft/aspnetcore to execute your application.

The Dockerfile is pretty simple (if you’re familiar with Docker) though it’s very automated, so you don’t have to know how it works:

It creates a container from a slim image with ASP.NET Core 2.2 , builds the project and publishes to get a copy of the project in a container. To test/debug with docker, just pick the ‘Docker’ option in the debugging dropdown:

After that, in cmd type:

docker build. –t rootandadmin/DockerApp –f Dockerfile

Now, you have your image and check the type:

docker images

You have your image rootandadmin/DockerApp but as this image is dead so you have to make it alive. For this you will need to create a container. There is a big difference between Image and Container; a container is a process that contains an image and executes it.

Then to create containers from our image type this.

docker create command –p 555:80 –name rootandadmin/DockerApp01 rootandadmin/DockerApp

docker start rootandadmin/ DockerApp01

You can try to access your DockeApp in the browser using the following address.

localhost://555/ DockerApp/Home

RESTful API Designing Guidelines

Your introduction for everything REST and how to understand it.

What is REST?

Representational state transfer (REST) is a software architectural style that defines a set of constraints to
be used for creating Web services. Web services that conform to the REST architectural style, called
RESTful Web services, provide interoperability between computer systems on the Internet.


The following are the most important terms related to REST APIs:

Resource is an object or representation of something, which has some associated data with it and
can be set methods to operate on it.
E.G Company

Collections are a set of resources.
E.G Companies is the collection of the Company Resource.

URL (Uniform Resource Locator) is a path through which a resource can be located and actions can
be performed on it.

API Endpoint
In simple terms, an API endpoint is the point of entry in a communication channel where two systems are
interacting. It refers to a touch point of communication between an API and the server.
The location where the API sends a request and where the response emanates is what is known as an

API vs Endpoint
An API refers to a set of protocols and tools that allow interaction between two different applications. It is a technique that enables third-party vendors to write programs that can easily interface with each other. On the other hand, an endpoint is the place of interaction between applications. API refers to the whole set of protocols that allows communication between two systems while an endpoint is a URL that enables the API to gain access to resources on a server.

Web Api Endpoint Naming Convention

Methods Naming Convention
In OOP methods are named with verbs to make it easier to identify what operation that method will
perform, for example the method GetEmployees(int departmentID) will return all the employees that
belongs to a department.

Should we use the same naming convention when designing web Api’s endpoints?
The answer is NO.
Web Api endpoints must be names with NOUNS instead of verbs and it should contain the plural form of
the Resource the api will perform operations on.

Example: https://www.estradaci.com/apis/v1/Employees

If the URL can’t contain verbs, how do we know which action will be performed?
HTTP Verbs will be responsible for telling which action the WEB API should perform.
Let’s look at the most used HTTP Verbs used while creating WEB APIs.


Use GET requests to retrieve resource representation/information only – and not to modify it in any
way. As GET requests do not change the state of the resource, these are said to be safe methods.
Additionally, GET APIs should be idempotent, which means that making multiple identical requests must
produce the same result every time until another API (POST or PUT) has changed the state of the
resource on the server.

 GET https://www.estradaci.com/apis/v1/Employees
 GET https://www.estradaci.com/apis/v1/Employees/1
 GET https://www.estradaci.com/apis/v1/Employees?name=Jeff
All the endpoints above will fetch employees but using different inputs to query the employees.

Use POST APIs to create new subordinate resources, e.g. a file is subordinate to a directory containing it
or a row is subordinate to a database table. Talking strictly in terms of REST, POST methods are used to
create a new resource into the collection of resources.
 POST https://www.estradaci.com/apis/v1/Employees
 POST https://www.estradaci.com/apis/v1/Employees/Address

Both endpoints above will insert data in the database, the first one will create a new employee and the
second one will create an address for an employee.

Use PUT APIs primarily to update existing resource (if the resource does not exist then API may decide to
create a new resource or not). If a new resource has been created by the PUT API, the origin server
MUST inform the user agent via the HTTP response code 201 (Created) response and if an existing
resource is modified, either the 200 (OK) or 204 (No Content) response codes SHOULD be sent to
indicate successful completion of the request.
 PUT https://www.estradaci.com/apis/v1/Employees
 PUT https://www.estradaci.com/apis/v1/Employees/Address

Both endpoints above will update data in the database, the first one will update an employee and the
second one will update the employee`s address.

As the name applies, DELETE APIs are used to delete resources (identified by the Request-URI).
 DELETE https://www.estradaci.com/apis/v1/Employees
 DELETE https://www.estradaci.com/apis/v1/Employees/Address

Both endpoints above will delete data from the database, the first one will delete an employee and the
second one will delete the employee`s address.
As we can see the same URL can perform different actions when requested with different HTTP Verbs.

For example the https://www.estradaci.com/apis/v1/Employees can Get, Create, Update and Delete
employees based on the HTTP Verb used.

HTTP response status codes

Sometimes when the client sends a request to the server it expects a response indicating the result of the
operation. it’s a good practice to return coherent status codes to make it easy to the client understand what
happened when the request is processed.
HTTP defines standard status codes that can be used to convey the results of a client’s request. The
status codes are divided into the five categories presented below.


1xx: Informational Communicates transfer protocol-level information.

2xx: Success Indicates that the client’s request was accepted successfully.

3xx: Redirection Indicates that the client must take some additional action in order to complete their request.

4xx: Client Error This category of error status codes points the finger at clients.

5xx: Server Error The server takes responsibility for these error status codes.

Check below the description of the most used Status Codes used when creating a web api.

For a complete list of the HTTP Status Codes check https://docs.microsoft.com/en-

200 (OK)
It indicates that the REST API successfully carried out whatever action the client requested, and that no
more specific code in the 2xx series is appropriate.

201 (Created)
A REST API responds with the 201 status code whenever a resource is created inside a collection. There
may also be times when a new resource is created as a result of some controller action, in which case
201 would also be an appropriate response.

204 (No Content)
The 204 status code is usually sent out in response to a PUT, POST, or DELETE request when the REST
API declines to send back any status message or representation in the response message’s body.
An API may also send 204 in conjunction with a GET request to indicate that the requested resource
exists, but has no state representation to include in the body.

304 (Not Modified)
This status code is similar to 204 (“No Content”) in that the response body must be empty. The key
distinction is that 204 is used when there is nothing to send in the body, whereas 304 is used when the
resource has not been modified since the version specified by the request headers If-Modified-Since or

400 (Bad Request)
400 is the generic client-side error status, used when no other 4xx error code is appropriate. Errors can
be like malformed request syntax, invalid request message parameters, or deceptive request routing
The client SHOULD NOT repeat the request without modifications.

401 (Unauthorized)
A 401 error response indicates that the client tried to operate on a protected resource without providing
the proper authorization. It may have provided the wrong credentials or none at all.

404 (Not Found)
The 404 error status code indicates that the REST API can’t map the client’s URI to a resource but may
be available in the future. Subsequent requests by the client are permissible.

500 (Internal Server Error)
500 is the generic REST API error response. Most web frameworks automatically respond with this
response status code whenever they execute some request handler code that raises an exception.

Content Negotiation

When sending a request to an API we need to tell the server what is the type of the data we are sending
and the server is responsible to tell the client the same.

At server side, an incoming request may have an entity attached to it. To determine it’s type, server
uses the HTTP request header Content-Type.

Some common examples of content types are :“text/plain”, “application/xml”, “text/html”, “application/json”, “image/gif”, and “image/jpeg”.

Content-Type: application/json
Similarly, to determine what type of representation is desired at client side, HTTP header ACCEPT is
used. It will have one of the values as mentioned for Content-Type above.
Accept: application/json

The most used content-type used by APIS to represent the object the is being sent to the server or
returned to the client is JSON, make sure to use the camelCase naming convention when using JSON.

API Versioning
One of the most important things in WEB API development is the versioning.
WEB APIs must be well versioned in order to prevent the clients that are consuming it to break.

When a Break Change is made to an existing WEB API, instead of modifying the existing one we must
create a new version of it.

For example:
Several changes are required to be made on the WEB API
https://www.estradaci.com/apis/v1/Employees and these changes may lead the consumers to break
their integrations.
Instead of simply applying the changes to this API we need to create a new version of the api, E.G
This will prevent the clients that are consuming the V1 to break and will give them the time and
flexibility to migrate their calls to the V2.