As I gladly accept any kind of performance improvement I can get in my applications, I like to use the System.Text.Json source generator to generate the serialization logic for my Data Transfer Objects. However after upgrading a project to .NET 8, I started to get errors. The problem When using ASP.NET Core's [ApiController] attribute with automatic model validation, the framework automatically returns ValidationProblemDetails objects for validation errors. However, if you've configured your application to use System.Text.Json source generators for performance benefits, you might encounter serialization exceptions like: System.NotSupportedException: JsonTypeInfo metadata for type 'Microsoft.AspNetCore.Mvc.ValidationProblemDetails' was not provided by TypeInfoResolver of type '[]'. If using source generation, ensure that all root types passed to the serializer have been annotated with 'JsonSerializableAttribute', along with any types that might...
As we see security as a top priority, for every new application that we put in production, we let it be penetration tested first. One remark we got with the last pen test was about the information our servers inadvertently revealed through HTTP response headers. Although I think it is not the biggest possible security issue, exposing details about their technology stack through headers like Server and X-Powered-By , gives some reconnaissance information to potential attackers for free. n this post, we'll explore why you should hide these headers and demonstrate several methods to remove or customize them in ASP.NET Core applications. Generated with Bing Image Creator Why hide server headers? Server identification headers might seem harmless, but they can pose security risks: Information Disclosure : Headers like Server: Kestrel or X-Powered-By: ASP.NET immediately tell attackers what technology stack you're using, making it easier for them to target known vulnerabili...