Azure App Service Logging Middleware

A production-ready ASP.NET Core minimal API showcasing automatic sensitive data obfuscation in logs with Azure Application Insights integration. Built with clean modular architecture for easy microservice extraction.

🎯 Key Features

• Smart Obfuscation Middleware - Automatically redacts sensitive data (credit cards, passwords, tokens) from logs before they reach Application Insights
• Azure Application Insights Integration - Seamless telemetry with custom properties and structured logging
• Modular Architecture - Self-contained modules (Orders, Payments) ready for microservice extraction
• .NET 9 Minimal APIs - Fast, lightweight, modern ASP.NET Core
• Auto-Discovery - Modules automatically registered via reflection
• Configurable - Control obfuscation patterns via appsettings.json
• OpenAPI/Swagger - Full API documentation out of the box
• Production-Ready - Includes health checks, structured logging, and comprehensive testing

🌟 What This Repo Demonstrates

Infrastructure as Code (IaC)

• ✅ Terraform modules and environments
• ✅ Azure resource provisioning
• ✅ Infrastructure versioning and state management

DevOps & CI/CD

• ✅ 7-stage automated deployment pipeline
• ✅ Blue-green deployment with dual rollback strategies
• ✅ Automated testing (regression + smoke tests)
• ✅ PR validation with Terraform plan preview
• ✅ Reusable workflows for code reuse
• ✅ Auto rollback on production failures
• ✅ Manual rollback for on-demand recovery

Development Best Practices

• ✅ Modular architecture (Orders, Payments modules)
• ✅ Custom middleware (obfuscation)
• ✅ Clean code and SOLID principles
• ✅ Modern .NET 9.0 patterns

Cloud & Observability

• ✅ Azure App Service deployment slots
• ✅ Application Insights integration
• ✅ Security-first approach (data obfuscation)
• ✅ Health checks and monitoring

🛠️ Tech Stack

Application

• .NET 9.0 - ASP.NET Core minimal APIs
• C# 13 - Records, pattern matching, modern features
• Application Insights - Azure monitoring and telemetry
• Swagger/OpenAPI - API documentation

Infrastructure & DevOps

• Terraform - Infrastructure as Code
• Azure App Service - Linux-based hosting
• GitHub Actions - CI/CD automation
• Bash Scripts - Deployment utilities

🏗️ Repository Architecture

azure-appservice-logging-middleware/
├── .github/
│   └── workflows/
│       ├── deploy-blue-green.yml     # 7-stage deployment pipeline (auto rollback)
│       ├── manual-rollback.yml       # On-demand rollback workflow
│       ├── ci-pr-validation.yml      # PR validation (build + terraform)
│       └── _build-app.yml            # Reusable build workflow
│
├── app/                              # .NET 9.0 Application
│   ├── Infrastructure/               # Module pattern implementation
│   ├── Middleware/                   # Obfuscation middleware
│   ├── Modules/                      # Orders & Payments modules
│   ├── Properties/                   # launchSettings.json
│   └── Program.cs
│
├── tests/                            # Test Projects
│   ├── AzureAppServiceLoggingMiddleware.UnitTests/
│   │   └── Middleware/
│   │       └── ObfuscationMiddlewareTests.cs
│   └── AzureAppServiceLoggingMiddleware.IntegrationTests/
│       └── ObfuscationMiddlewareIntegrationTests.cs
│
├── infrastructure/                   # Terraform IaC
│   ├── terraform/
│   │   ├── environments/
│   │   │   └── dev/                  # Dev environment config
│   │   └── modules/
│   │       └── app-service/          # App Service with slots
│   └── scripts/
│
└── docs/                            # Documentation

See Repository Structure for detailed breakdown.

Module Pattern Benefits:

Each module is self-contained and follows these principles:

• Self-contained - All domain code in one folder
• Testable - Clear boundaries and interfaces
• Discoverable - Auto-registered via reflection
• Extractable - Ready for microservice split

See Module Pattern Guide for implementation details and best practices.

🚀 CI/CD Pipeline

Automated 7-stage blue-green deployment pipeline with comprehensive rollback strategies.

Build → Terraform → Deploy to Green → Test Green → Swap → Smoke Test → Auto Rollback (if needed)

Key Features:

• ✅ Zero-downtime deployment with blue-green slots
• ✅ Automated rollback if production smoke tests fail
• ✅ Manual rollback workflow for post-deployment issues
• ✅ PR validation with Terraform plan preview
• ✅ Comprehensive testing before production swap

Triggers:

• Push to main with changes to app/**, infrastructure/**, or .github/workflows/**
• Pull requests run CI validation only (no deployment)

See CI/CD Pipeline Documentation for complete details on deployment stages, rollback strategies, and troubleshooting.

💻 Quick Start

Run Application Locally

# Clone the repository
git clone https://github.com/gilbertrios/azure-appservice-logging-middleware.git
cd azure-appservice-logging-middleware/app

# Run the application
dotnet run

The API will be available at:

• HTTPS: https://localhost:5001
• Swagger UI: https://localhost:5001/swagger

Optional: Customize obfuscation settings in app/appsettings.json - see Configuration Guide

Deploy to Azure

# 1. Configure Azure credentials (see docs/setup-guide.md)
# 2. Push to main branch
git push origin main

# The 7-stage pipeline will:
# ✅ Build application
# ✅ Provision infrastructure (Terraform)
# ✅ Deploy to green slot
# ✅ Run regression tests on green
# ✅ Swap to production
# ✅ Run smoke tests on production
# ✅ Auto rollback if smoke tests fail

🔒 Obfuscation Middleware in Action

The middleware automatically detects and obfuscates sensitive properties in request/response bodies:

Example Request

curl -X POST http://localhost:5000/api/payments/process \
  -H "Content-Type: application/json" \
  -d '{
    "orderId": 1,
    "amount": 299.99,
    "creditCard": "1234-5678-9012-3456",
    "cvv": "123",
    "token": "secret-api-key"
  }'

Console Output (Obfuscated)

{
  "orderId": 1,
  "amount": 299.99,
  "creditCard": "***REDACTED***",
  "cvv": "***REDACTED***",
  "token": "***REDACTED***"
}

✅ Actual API response remains unchanged - only logs are obfuscated!

📡 API Endpoints

Explore the API using Swagger UI at /swagger when running locally, or view the full endpoint documentation in the Application README.

Modules:

• Orders - Order management and status tracking
• Payments - Payment processing and refunds
• Health Check - API health status

⚙️ Configuration

Customize obfuscation behavior via app/appsettings.json:

{
  "ObfuscationMiddleware": {
    "Enabled": true,
    "ObfuscationMask": "***REDACTED***",
    "SensitiveProperties": ["password", "creditCard", "cvv", "ssn", "apiKey", "token"]
  }
}

Key features:

• Case-insensitive property matching
• Recursive JSON traversal (nested objects/arrays)
• Configurable mask pattern and sensitive property list

See Configuration Guide for complete options, Application Insights setup, environment-specific settings, and user secrets.

☁️ Azure Infrastructure

Uses Terraform to provision Azure App Service with blue-green deployment slots for zero-downtime releases.

Resources provisioned:

• App Service Plan (Linux, S1) with deployment slots
• App Service (production + green slot for zero-downtime deployments)
• Application Insights for telemetry and monitoring
• Log Analytics Workspace

Deploy infrastructure:

cd infrastructure/terraform/environments/dev
terraform init
terraform apply

See Infrastructure README for complete details on resources, configuration, and Terraform modules.

🧪 Testing

Run the test suite to verify functionality:

# Run all tests
dotnet test

# Run only unit tests (fast)
dotnet test --filter "Category=Unit"

# Run only integration tests
dotnet test --filter "Category=Integration"

Test Coverage:

• Unit tests for ObfuscationMiddleware logic and edge cases
• Integration tests for full API and middleware pipeline
• Automated execution in CI/CD pipeline

See Testing Guide for detailed test documentation, manual testing with cURL/Swagger, and coverage reports.

📚 Documentation

Architecture & Design

• Repository Structure - Folder organization
• Module Pattern Overview - Modular architecture
• Microservice Split Criteria - When to extract
• MVC vs Minimal API Pipeline - Request pipeline internals

Infrastructure & DevOps

• Infrastructure Guide - Terraform and Azure resources
• Setup Guide - Deploy to Azure step-by-step
• CI/CD Pipeline - Deployment pipeline and rollback strategies
• App Service vs Functions - Service comparison

Application

• Application README - Run and develop locally
• Testing Guide - Test strategy, commands, and coverage
• Configuration Guide - Application settings and options

🔄 Migration Path

Ready for microservice extraction. See Microservice Split Criteria for detailed guidance.

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📞 Support & Connect

• 💼 LinkedIn: Connect with me
• 📧 Email: gilbertrios@hotmail.com
• 💡 GitHub: @gilbertrios

🎓 Quick Links

• Setup Guide - Deploy to Azure in 10 steps
• Project Summary - Overview and key decisions
• Repository Structure - Folder organization

---

⭐ Star this repo if you find it useful for learning or reference!