.NET Core: Type serialization denied

When trying to return with a complex object in .NET Core API, which has a Type property in it, the serializer gives the following exception :

System.NotSupportedException: Serialization and deserialization of 'System.Type' instances are not supported and should be avoided since they can lead to security issues.

Passing Type, DataSet, DataTable through the JSON or XML serializer gives possibility to remote code execution for attackers. More information available at https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/dataset-datatable-dataview/security-guidance

Workaround:
Declare an enumeration for your types (ex: enum { string, int, etc }) you can parse the value for the requested type explicitly.

This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

.NET Core : Logging with Log4NET in .NET Core application

There are tons of newly created logging engines for .NET Core. Log4Net is stable, old school technology in the market. Consider using newer logging technologies, such as NLog or Serilog. But if you want to use this engine, you can make it work.

Start with the Microsoft’s tutorial, “Logging in .NET Core”. https://docs.microsoft.com/en-us/aspnet/core/fundamentals/logging/?view=aspnetcore-5.0

Install log4Net NuGet Package, and Microsoft.Extensions.Logging.Log4Net.AspNetCore package.

Install-Package log4Net
Install-Package Microsoft.Extensions.Logging.Log4Net.AspNetCore

Make changes in your Program.cs file. In the CreateHostBuilder method, configure logging with the following code:

                .ConfigureLogging((hostingContext, logging) =>
                {
                    logging.AddConsole();
                    logging.AddLog4Net();
                })

If the “AddLog4Net” method call is unrecognized by IntelliSense, make sure you have installed the Logging extension NuGet package mentioned above.

Add a new file to your project, and name it log4Net.config. The template should be used is Web Configuration file.

Make changes in the newly generated file, here you can configure the applications logging. I’ve skipped Console logging, Microsoft’s console logger visualize logs much greater. You can learn configuring Log4Net more at https://logging.apache.org/log4net/release/manual/configuration.html
A quick start configuration example:

<?xml version="1.0" encoding="utf-8"?>
<log4net>
	<root>
		<level value="ALL" />
		<appender-ref ref="file" />
	</root>
	<appender name="file" type="log4net.Appender.RollingFileAppender">
		<file value="myapp.log" />
		<appendToFile value="true" />
		<rollingStyle value="Size" />
		<maxSizeRollBackups value="5" />
		<maximumFileSize value="10MB" />
		<staticLogFileName value="true" />
		<layout type="log4net.Layout.PatternLayout">
			<conversionPattern value="%date [%thread] %level %logger - %message%newline" />
		</layout>
	</appender>
</log4net>
This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

.NET Core : Run Core apps as Windows service.

You may want to host your .NET Core application in a Windows computer, even a Windows server. You want to get rid of Console windows, and do not want to start the app manually after the computer is started, or restart it when the application has crashed. This tutorial helps you to make a windows service from your .NET Core application, especially a .NET Core WebAPI.

Install the “Microsoft.Extensions.Hosting.WindowsServices” NuGet package for you .NET Core application. This can be achieved from NuGet package manager console:

Install-Package Microsoft.Extensions.Hosting.WindowsServices

Make changes in your Program.cs file. Add the UseWindowsService call to the CreateHostBuilder function. The result may look something like this:

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseUrls("https://0.0.0.0:8080/", "http://0.0.0.0:8081/");
                    webBuilder.UseStartup<Startup>();
                })
                .ConfigureLogging((hostingContext, logging) =>
                {
                    logging.ClearProviders();
                    logging.AddConsole();
                })
                .UseWindowsService();

This is all of the code change you need to do.
Let’s Publish your application.

Publish your application to a folder

Make the following changes in the following dialog by pressing an edit button next to a summary label.

Set the deployment mode toself-contained

Click on Publish. Once the publish is done, copy the published files to a specific directory of the computer, or an another computer. Run the powershell script above, to create a new windows service on the hosting computer.

# New-Service documentation: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-service?view=powershell-7.1
# Script by banditoth

$serviceName = "typeyourservicename";
$serviceDescription = "typeyourdescription";
$displayName = "displayname";
$exeFilePath = "pathtoyourexefile.exe";
$serviceUserName = "MustBeDomain\User";

New-Service -Name $serviceName -DisplayName $displayName -BinaryPathName $exeFilePath -Credential $serviceUserName -Description $serviceDescription -StartupType Automatic

Do NOT forget to set the inbound policies for your application in Advanced Windows Firewall. Also keep in mind, if you want to access your web application outside of your local network, you need to forward ports on your router.

This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.