Connect the XPO Profiler to an ASP.NET Core Application

  • 4 minutes to read

This topic describes how to use the XPO Profiler to profile ASP.NET Core applications.

Connection Setup

  1. Create the following controller:

    using DevExpress.Xpo.Logger;
    using DevExpress.Xpo.Logger.Transport;
    using Microsoft.AspNetCore.Mvc;
    // ...
    public class XpoLoggerController : ControllerBase {
        readonly ILogSource logger;
        public XpoLoggerController(ILogSource logger) {
            this.logger = logger;
        public LogMessage[] GetCompleteLog() {
            return logger.GetCompleteLog();
        public LogMessage GetMessage() {
            return logger.GetMessage();
        public LogMessage[] GetMessages(int messagesAmount) {
            return logger.GetMessages(messagesAmount);
  2. Add the following code to the Startup.ConfigureServices method:

    DevExpress.Xpo.Logger.ILogger logger = new DevExpress.Xpo.Logger.LoggerBase(5000);

    Note that Blazor applications do not have endpoints for controller actions. Use the ControllerEndpointRouteBuilderExtensions.MapControllers method to add these endpoints.

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
        // ...
        app.UseEndpoints(endpoints => {
            // NEW LINE
  3. Run the XPO Profiler. Click File | New. In the New Host dialog, supply the following parameters:

    Parameter Value
    Binding type Select "WebApi" in the drop-down list.
    Server name Specify the hostname. The HTTP protocol is used by default. To use HTTPS, add the protocol prefix to the hostname (for example, "https://myserver").
    Port Specify the web site's port number.
    Path Specify the path to the controller (demonstrated in the first step) that corresponds to the web application (for example, "XpoLogger").

    XPO Profiler - Web API Binding

  4. Click Test to test the connection.

Authentication Setup

XPO Profiler supports the following authentication types when using WebAPI binding:

Authentication Type Description Authentication Dialog
Anonymous Your web application should provide a anonymous access to the controller demonstrated in the Connection Setup section. None
Basic XPO profiler displays the Authentication dialog where you can specify the login and password. XPO Profiler - Auth By LoginPassword
Token-Based XPO profiler displays the Authentication dialog where you can specify the authentication token. Your web application should implement a custom authentication handler (see the section below for details). XPO Profiler - Auth By Token

Token-Based Authentication

  • Implement the following XpoProfilerTokenHandler authentication handler:

    using Microsoft.AspNetCore.Authentication;
    // ...
    class XpoProfilerTokenHandler : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationHandler {
        const string ValidToken = "xpoxpo";
        public const string AuthScheme = "XpoProfilerToken";
        public XpoProfilerTokenHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
            ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { }
        protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
            return Task.Run(() => {
                string header = Context.Request.Headers["Authorization"].FirstOrDefault(h => h.StartsWith(AuthScheme));
                if(header != null) {
                    string token = header.Substring(AuthScheme.Length + 1);
                    if(token == ValidToken) {
                        var principal = new ClaimsPrincipal(new ClaimsIdentity(null, AuthScheme));
                        return AuthenticateResult.Success(new AuthenticationTicket(principal, AuthScheme));
                return AuthenticateResult.NoResult();

    The XpoProfilerTokenHandler.ValidToken constant value ("xpoxpo" in this example) is a token that you should specify in the XPO Profiler's Authentication dialog to connect to your web application. Replace "xpoxpo" with a custom secret token string for security purposes.

  • Register your custom authentication handler in the Startup.ConfigureServices method declared in the Startup.cs file.

    public void ConfigureServices(IServiceCollection services) {
            .AddAuthentication( /*your default authentication_scheme*/)
            .AddScheme<AuthenticationSchemeOptions, XpoProfilerTokenHandler>(XpoProfilerTokenHandler.AuthScheme, null);
  • Apply the Authorize attribute to your XpoLoggerController class (demonstrated in the Connection Setup section).

    using Microsoft.AspNetCore.Authorization;
    // ...
    [Authorize(AuthenticationSchemes = XpoProfilerTokenHandler.AuthScheme)]
    public class XpoLoggerController : Controller {
        // ...
See Also