https://github.com/gilbertrios/azure-appservice-logging-middleware
Terraform infrastructure and C# middleware for obfuscating sensitive data in Azure App Insights logs
https://github.com/gilbertrios/azure-appservice-logging-middleware
app-insights appservice azure csharp data-masking dotnet logging middleware security terraform
Last synced: 2 months ago
JSON representation
Terraform infrastructure and C# middleware for obfuscating sensitive data in Azure App Insights logs
- Host: GitHub
- URL: https://github.com/gilbertrios/azure-appservice-logging-middleware
- Owner: gilbertrios
- Created: 2025-11-10T15:48:45.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-11-11T14:54:24.000Z (7 months ago)
- Last Synced: 2025-11-11T16:25:43.497Z (7 months ago)
- Topics: app-insights, appservice, azure, csharp, data-masking, dotnet, logging, middleware, security, terraform
- Homepage:
- Size: 27.3 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Azure App Service Logging Middleware
[](https://dotnet.microsoft.com/)
[](https://azure.microsoft.com/en-us/services/app-service/)
[](https://azure.microsoft.com/en-us/services/monitor/)
[](LICENSE)
A production-ready ASP.NET Core minimal API showcasing **automatic sensitive data obfuscation** in logs with Azure Application Insights integration. Built with clean modular architecture for easy microservice extraction.
## ๐ฏ Key Features
- **Smart Obfuscation Middleware** - Automatically redacts sensitive data (credit cards, passwords, tokens) from logs before they reach Application Insights
- **Azure Application Insights Integration** - Seamless telemetry with custom properties and structured logging
- **Modular Architecture** - Self-contained modules (Orders, Payments) ready for microservice extraction
- **.NET 9 Minimal APIs** - Fast, lightweight, modern ASP.NET Core
- **Auto-Discovery** - Modules automatically registered via reflection
- **Configurable** - Control obfuscation patterns via `appsettings.json`
- **OpenAPI/Swagger** - Full API documentation out of the box
- **Production-Ready** - Includes health checks, structured logging, and comprehensive testing
## ๐ What This Repo Demonstrates
### Infrastructure as Code (IaC)
- โ
Terraform modules and environments
- โ
Azure resource provisioning
- โ
Infrastructure versioning and state management
### DevOps & CI/CD
- โ
7-stage automated deployment pipeline
- โ
Blue-green deployment with dual rollback strategies
- โ
Automated testing (regression + smoke tests)
- โ
PR validation with Terraform plan preview
- โ
Reusable workflows for code reuse
- โ
Auto rollback on production failures
- โ
Manual rollback for on-demand recovery
### Development Best Practices
- โ
Modular architecture (Orders, Payments modules)
- โ
Custom middleware (obfuscation)
- โ
Clean code and SOLID principles
- โ
Modern .NET 9.0 patterns
### Cloud & Observability
- โ
Azure App Service deployment slots
- โ
Application Insights integration
- โ
Security-first approach (data obfuscation)
- โ
Health checks and monitoring
## ๐ ๏ธ Tech Stack
### Application
- **.NET 9.0** - ASP.NET Core minimal APIs
- **C# 13** - Records, pattern matching, modern features
- **Application Insights** - Azure monitoring and telemetry
- **Swagger/OpenAPI** - API documentation
### Infrastructure & DevOps
- **Terraform** - Infrastructure as Code
- **Azure App Service** - Linux-based hosting
- **GitHub Actions** - CI/CD automation
- **Bash Scripts** - Deployment utilities
## ๐๏ธ Repository Architecture
```
azure-appservice-logging-middleware/
โโโ .github/
โ โโโ workflows/
โ โโโ deploy-blue-green.yml # 7-stage deployment pipeline (auto rollback)
โ โโโ manual-rollback.yml # On-demand rollback workflow
โ โโโ ci-pr-validation.yml # PR validation (build + terraform)
โ โโโ _build-app.yml # Reusable build workflow
โ
โโโ app/ # .NET 9.0 Application
โ โโโ Infrastructure/ # Module pattern implementation
โ โโโ Middleware/ # Obfuscation middleware
โ โโโ Modules/ # Orders & Payments modules
โ โโโ Properties/ # launchSettings.json
โ โโโ Program.cs
โ
โโโ tests/ # Test Projects
โ โโโ AzureAppServiceLoggingMiddleware.UnitTests/
โ โ โโโ Middleware/
โ โ โโโ ObfuscationMiddlewareTests.cs
โ โโโ AzureAppServiceLoggingMiddleware.IntegrationTests/
โ โโโ ObfuscationMiddlewareIntegrationTests.cs
โ
โโโ infrastructure/ # Terraform IaC
โ โโโ terraform/
โ โ โโโ environments/
โ โ โ โโโ dev/ # Dev environment config
โ โ โโโ modules/
โ โ โโโ app-service/ # App Service with slots
โ โโโ scripts/
โ
โโโ docs/ # Documentation
```
See [Repository Structure](docs/repository-structure.md) for detailed breakdown.
**Module Pattern Benefits:**
Each module is self-contained and follows these principles:
- **Self-contained** - All domain code in one folder
- **Testable** - Clear boundaries and interfaces
- **Discoverable** - Auto-registered via reflection
- **Extractable** - Ready for microservice split
See [Module Pattern Guide](docs/module-pattern.md) for implementation details and best practices.
## ๐ CI/CD Pipeline
Automated 7-stage blue-green deployment pipeline with comprehensive rollback strategies.
```
Build โ Terraform โ Deploy to Green โ Test Green โ Swap โ Smoke Test โ Auto Rollback (if needed)
```
**Key Features:**
- โ
Zero-downtime deployment with blue-green slots
- โ
Automated rollback if production smoke tests fail
- โ
Manual rollback workflow for post-deployment issues
- โ
PR validation with Terraform plan preview
- โ
Comprehensive testing before production swap
**Triggers:**
- Push to `main` with changes to `app/**`, `infrastructure/**`, or `.github/workflows/**`
- Pull requests run CI validation only (no deployment)
See [CI/CD Pipeline Documentation](docs/cicd-pipeline.md) for complete details on deployment stages, rollback strategies, and troubleshooting.
## ๐ป Quick Start
### Run Application Locally
```bash
# Clone the repository
git clone https://github.com/gilbertrios/azure-appservice-logging-middleware.git
cd azure-appservice-logging-middleware/app
# Run the application
dotnet run
```
The API will be available at:
- **HTTPS**: `https://localhost:5001`
- **Swagger UI**: `https://localhost:5001/swagger`
**Optional:** Customize obfuscation settings in `app/appsettings.json` - see [Configuration Guide](docs/configuration.md)
### Deploy to Azure
```bash
# 1. Configure Azure credentials (see docs/setup-guide.md)
# 2. Push to main branch
git push origin main
# The 7-stage pipeline will:
# โ
Build application
# โ
Provision infrastructure (Terraform)
# โ
Deploy to green slot
# โ
Run regression tests on green
# โ
Swap to production
# โ
Run smoke tests on production
# โ
Auto rollback if smoke tests fail
```
## ๐ Obfuscation Middleware in Action
The middleware automatically detects and obfuscates sensitive properties in request/response bodies:
### Example Request
```bash
curl -X POST http://localhost:5000/api/payments/process \
-H "Content-Type: application/json" \
-d '{
"orderId": 1,
"amount": 299.99,
"creditCard": "1234-5678-9012-3456",
"cvv": "123",
"token": "secret-api-key"
}'
```
### Console Output (Obfuscated)
```json
{
"orderId": 1,
"amount": 299.99,
"creditCard": "***REDACTED***",
"cvv": "***REDACTED***",
"token": "***REDACTED***"
}
```
โ
**Actual API response remains unchanged** - only logs are obfuscated!
## ๐ก API Endpoints
Explore the API using Swagger UI at `/swagger` when running locally, or view the full endpoint documentation in the [Application README](app/README.md).
**Modules:**
- **Orders** - Order management and status tracking
- **Payments** - Payment processing and refunds
- **Health Check** - API health status
## โ๏ธ Configuration
Customize obfuscation behavior via `app/appsettings.json`:
```json
{
"ObfuscationMiddleware": {
"Enabled": true,
"ObfuscationMask": "***REDACTED***",
"SensitiveProperties": ["password", "creditCard", "cvv", "ssn", "apiKey", "token"]
}
}
```
**Key features:**
- Case-insensitive property matching
- Recursive JSON traversal (nested objects/arrays)
- Configurable mask pattern and sensitive property list
See [Configuration Guide](docs/configuration.md) for complete options, Application Insights setup, environment-specific settings, and user secrets.
## โ๏ธ Azure Infrastructure
Uses Terraform to provision Azure App Service with blue-green deployment slots for zero-downtime releases.
**Resources provisioned:**
- App Service Plan (Linux, S1) with deployment slots
- App Service (production + green slot for zero-downtime deployments)
- Application Insights for telemetry and monitoring
- Log Analytics Workspace
**Deploy infrastructure:**
```bash
cd infrastructure/terraform/environments/dev
terraform init
terraform apply
```
See [Infrastructure README](infrastructure/README.md) for complete details on resources, configuration, and Terraform modules.
## ๐งช Testing
Run the test suite to verify functionality:
```bash
# Run all tests
dotnet test
# Run only unit tests (fast)
dotnet test --filter "Category=Unit"
# Run only integration tests
dotnet test --filter "Category=Integration"
```
**Test Coverage:**
- Unit tests for ObfuscationMiddleware logic and edge cases
- Integration tests for full API and middleware pipeline
- Automated execution in CI/CD pipeline
See [Testing Guide](docs/testing-guide.md) for detailed test documentation, manual testing with cURL/Swagger, and coverage reports.
## ๐ Documentation
### Architecture & Design
- [Repository Structure](docs/repository-structure.md) - Folder organization
- [Module Pattern Overview](docs/module-pattern.md) - Modular architecture
- [Microservice Split Criteria](docs/microservice-split-criteria.md) - When to extract
- [MVC vs Minimal API Pipeline](docs/mvc-vs-minimal-api-pipeline.md) - Request pipeline internals
### Infrastructure & DevOps
- [Infrastructure Guide](infrastructure/README.md) - Terraform and Azure resources
- [Setup Guide](docs/setup-guide.md) - Deploy to Azure step-by-step
- [CI/CD Pipeline](docs/cicd-pipeline.md) - Deployment pipeline and rollback strategies
- [App Service vs Functions](docs/app-service-vs-functions.md) - Service comparison
### Application
- [Application README](app/README.md) - Run and develop locally
- [Testing Guide](docs/testing-guide.md) - Test strategy, commands, and coverage
- [Configuration Guide](docs/configuration.md) - Application settings and options
## ๐ Migration Path
Ready for microservice extraction. See [Microservice Split Criteria](docs/microservice-split-criteria.md) for detailed guidance.
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
1. Fork the repository
2. Create your feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
## ๐ Support & Connect
- ๐ผ LinkedIn: [Connect with me](https://linkedin.com/in/gilbert-rios-22586918)
- ๐ง Email: gilbertrios@hotmail.com
- ๐ก GitHub: [@gilbertrios](https://github.com/gilbertrios)
## ๐ Quick Links
- **[Setup Guide](docs/setup-guide.md)** - Deploy to Azure in 10 steps
- **[Project Summary](docs/project-summary.md)** - Overview and key decisions
- **[Repository Structure](docs/repository-structure.md)** - Folder organization
---
โญ **Star this repo if you find it useful for learning or reference!**