How to insert middleware to run before FluentValidation? - fluentvalidation

We have a .net 7 web api, and are using FluentValidation to validate the incoming requests. Apparently FluentValidation hooks itself into the pipeline as middleware, not sure how since that is happening behind the scenes. We have middleware code that does some custom validation on a route to ensure the route itself is valid. That code works correctly, but it seems that FluentValidation is hooked in before our middleware, even if we insert the middleware immediately after app.UseAuthorization(); in program.cs.
The end result is: If the request is to an invalid route, and has validation errors that would be legit if the request itself was legit, then the response shows the validation errors instead of the invalid route message.
The preferred response message would be about the invalid route, not the validation errors.
Is there a way to get our middleware to run before FluentValidation?
Thanks for any pointers!

Related

Sending xAPI statement to a web application instead of LRS

I have an xAPI content made by storyline I want for the statement to be sent to a webapp instead of the LRS.
this webapp is developped using laravel, and user should be authenticated with email and password to use it.
what I did to send the statement to this app:
1.in the webapp I created an API endpoint route that use POST method.
2.in the xAPI wrapper I changed the endpoint in the configuration to the route I made in the webapp.
const conf = {
"endpoint":"here I added my api endpoint route of the webapp",
"auth":"Basic " + toBase64(""),
}
now whith any interaction with the content where a statement should be sent the request making cors error like in the picture down, I think this is authentication error, how can I add my authentication credentials to the xAPI wrapper?
Your non-LRS LRS is probably not handling preflight requests which are necessary for CORS handling. Most common LRSs will handle those requests appropriately since they expect to be accessed from additional origins. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests
Also note that you'll likely run into issues unless you also handle state requests.
Additionally unless you are requesting the credentials from the user during runtime then hard coding the credentials into the package isn't a great idea from a security perspective.

Serilog middleware and custom middleware

I have implemented some serilog middleware as described in the following blog :https://blog.datalust.co/smart-logging-middleware-for-asp-net-core I also have some other custom middleware that occurs after it in the pipeline. I also have some error handling middleware.
If my custom middleware throws an exception then somehow the status code returned from my API is different to the status code being logged. Eg I get back a 401 but the serilog middleware is logging both a 401 and also a 500.
Anyone any ideas what might be issue.

Custom error message on failed authentication in IdentityServer4

I would like to display custom error message when authentication fails in IdentityServer4. Namely I want to show what went wrong, e.g. "invalid redirect url" or "invalid authentication flow". When authentication fails I see only that exception occured but for what happened I need to go into logs. In this case I would like to know that e.g. redirect url is wrong directly. How can I achieve that?
I'm thinking about some exception filter or custom middleware on ASP.NET Core. However it seems to me that exception filter won't work since that is MVC stuff and exception occurs in the IdentityServer middleware. And I am not sure how to create the middleware so it shows the error and also manages to use the same layout and ui parts as in MVC views. Is there another way? Maybe some extension points I did not see?

Calling next('route') when no other route matches the request uri

The Express documentation states the following about next('route') callback:
You can provide multiple callbacks, and all are treated equally, and behave just like middleware, except that these callbacks may invoke next('route') to bypass the remaining route callback(s). You can use this mechanism to perform pre-conditions on a route then pass control to subsequent routes when there is no reason to proceed with the route matched.
and
To skip the rest of the middleware functions from a router middleware stack, call next('route') to pass control to the next route. NOTE: next('route') will work only in middleware functions that were loaded by using the app.METHOD() or router.METHOD() functions.
What is the response to the client when a middleware calls next('route') and there is no other matching route?
The response to the client is a status 404 error. This is not caught by the routers error handlers.
If you want to catch the 404 error for some reason, see this question.
However beware of matching routes:
router.get('/profile', auth.hasRole('User'), controller.showProfile);
router.get('/:id', controller.show);
I had the hasRole('User') function call next('route') if the client did not have that role. Controll was then passed to the '/:id' route as this matched the request uri, causing errors.
It will exit the Router and continue on with the rest of your application middleware and if still nothing ends in a response then a 404 error will be thrown and will be handled by the error handlers.

ServiceStack not URL decoding route parameter in RESTful route

I'm using self hosted ServiceStack to provide an API to integrate with a ticketing system, and have defined the following routes:
Routes
.Add<TicketsWithStatus>("tickets/{Status}")
.Add<TicketStatusCounts>("tickets");
I'm having URL encoding problems with the first route when the status contains a space. If I browse to http://myservicebase/json/syncreply/TicketsWithStatus?Status=On%20Hold I get the response I'm expecting. However, if I use the RESTful route http://mysevicebase/tickets/On%20Hold I don't get any results.
Debugging my application, I can see that the On%20Hold is being URL decoded to On Hold in the case of the json/syncreply call, but is not decoded when using the RESTful route.
How can I ensure that the status property is properly decoded when calling my service via the RESTful route?
ServiceStack doesn't UrlDecode the PathInfo, it uses the same HttpRequest.PathInfo that the ASP.NET Request object returns. You might have better success if you change it to On+Hold.