Minimal APIs at a glance from David Fowler

A very concise list of each possibilities of minimal API from David Fowler : Minimal APIs at a glance. This is a must that everyone starting to use the minimum API should check out!

Some of this tips can not be easily find in documentation or be split into multiples (too) large pages. This list is just as I like, free of noise.

Improving Azure Key Vault use as configuration source in ASP.NET Core

Something I’ve missed: loading Key Vault secrets in .Net Core as configuration source can be a lengthy process if you don’t opt-out from unused authentication modes.

Hopefully, authentication chain construction can be customized by setting numerous ExcludeXxxx properties of DefaultAzureCredentialOptions. Some of these property are true by default but only a few.

More details here: Improving Azure Key Vault Performance in ASP.NET Core By Up To 10x (the assertion “Up to 10x” is a bit marketing, actual gain should be tested as it depends on many factors 🙂 ).

RecyclableMemoryStream, a better MemoryStream

More than 5 years after my first discovery, RecyclableMemoryStream is still relevant. With a clever use of buffer chains, this class should be used in (any) situation where a MemoryStream could be used.

This project has evolved to take into account the new memory efficiency paradigms integrated into the latest versions of .Net Core (Span, ReadOnlySpan, ReadOnlySequence, and Memory). It is more useful than ever to reconcile throughput and CPU load.

From Github project’s

 “In particular it is optimized to do the following:

  • Eliminate Large Object Heap allocations by using pooled buffers
  • Incur far fewer gen 2 GCs, and spend far less time paused due to GC
  • Avoid memory leaks by having a bounded pool size
  • Avoid memory fragmentation
  • Allow for multiple ways to read and write data that will avoid extraneous allocations
  • Provide excellent debuggability and logging
  • Provide metrics for performance tracking


Some sample API implemented in .Net 6.0 using minimal API with customized OpenApi support:

  • a playground with different test cases of miminal API possibilities (Results, custom IResults, advanced binding, etc…),
  • a classical TODO Api in EF Core,
  • a classical TODO Api in Dapper,

with validation support using System.ComponentModel.Validation extended by MinimalApis.Extensions (for now in preview).

Tomasz Pęczek repositories

Tomasz GitHub is a gem of asp.Net core related stuff:

Each subject is largely explain in understandable but not simplistic blog posts (and often very advanced technically) . Multiples sample projects are present. A very educational approach that makes you want to dig deeper.

Server Timing during API calls

Today, I was looking Developer Tools in Chrome to understand some request duration. My request takes more than 10 secondes :

10 seconds seems very long but but Timing tab don’t give me why. I suddenly saw the bottom part of this screen:

I don’t know if it’s a recent addition or if it’s been around for a long time, whatever, it looks promising. The link provided is not particularily interesting for me because its focus is mainly on browser part but it gives me a cue: a response header called “Server-Timing”.

Like always, some googling gives me a W3C working draft complete but not too much user friendly and a more understandable Server-Timing on MDN. This”Server-Timing” header is what I was missing. A standardized way of producing detailed information about the duration of what happened while processing the request. An Chrome is able to show them very easily. Perfect.

Some more search gives me a blog post (C# – How to add request timings to an ASP.Net project) about a pretty good implementation in .Net tpeczek/Lib.AspNetCore.ServerTiming in GitHub. A service to produce metrics and a middleware to write the now famous “Server-Timing” header. Clean!

Of course, for security reasons, it’s best to restrict the production of these metrics to some environments (perhaps internals only) or even to specifics clients (it could be restricted to authenticated users with some claims).

LettuceEncrypt: Free, automatic HTTPS certificate generation for ASP.NET Core web apps

Easy way to use Let’s Encrypt in Kestrel scenarios: LettuceEncrypt for ASP.NET Core


  • only work when kestrel receive encrypted traffic (either in edge mode or behind a TCP load balancer transmitting encrypted traffic),
  • This repos in in maintenance mode.


  • a Nate McMaster project even if he is no longer a MS employee,
  • Storage is largely customizable : Let’s Encrypt account private key, generated certificate,
  • have been choosen as documented way of adding Let’s Encrypt support in Yarp.