Skip to main content

Connect the XPO Profiler to an ASP.NET Core Application

  • 4 minutes to read

This topic describes how to use the XPO Profiler to profile ASP.NET Core applications.

Connection Setup

  1. Create the following controller:

    using DevExpress.Xpo.Logger;
    using DevExpress.Xpo.Logger.Transport;
    using Microsoft.AspNetCore.Mvc;
    // ...
    public class XpoLoggerController : ControllerBase {
        readonly ILogSource logger;
        public XpoLoggerController(ILogSource logger) {
            this.logger = logger;
        public LogMessage[] GetCompleteLog() {
            return logger.GetCompleteLog();
        public LogMessage GetMessage() {
            return logger.GetMessage();
        public LogMessage[] GetMessages(int messagesAmount) {
            return logger.GetMessages(messagesAmount);
  2. Add the following code to the Startup.ConfigureServices method:

    DevExpress.Xpo.Logger.ILogger logger = new DevExpress.Xpo.Logger.LoggerBase(5000);
  3. Make sure that the Configure method has the code that adds endpoints for controller actions:

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
        // ...
        app.UseEndpoints(endpoints => {
            // ...
  4. Run the XPO Profiler. Click File | New. In the New Host dialog, supply the following parameters:

    Parameter Value
    Binding type Select “WebApi” in the drop-down list.
    Server name Specify the hostname. The default protocol is HTTP. To use HTTPS, add the protocol prefix to the hostname (for example, “https://myserver”).
    Port Specify the web site’s port number.
    Path Specify the path to the controller (demonstrated in the first step) that corresponds to the web application (for example, “XpoLogger”).

    XPO Profiler - Web API Binding

  5. Click Test to test the connection.

Authentication Setup

XPO Profiler supports the following authentication types when using WebAPI binding:

Authentication Type Description Authentication Dialog
Anonymous Your web application should provide anonymous access to the controller demonstrated in the Connection Setup section. None
Basic XPO profiler displays the Authentication dialog where you can specify the login and password. XPO Profiler - Auth By LoginPassword
Token-Based XPO profiler displays the Authentication dialog where you can specify the authentication token. Your web application should implement a custom authentication handler (see the section below for details). XPO Profiler - Auth By Token

Token-Based Authentication

  • Implement the following XpoProfilerTokenHandler authentication handler:

    using Microsoft.AspNetCore.Authentication;
    // ...
    class XpoProfilerTokenHandler : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationHandler {
        const string ValidToken = "xpoxpo";
        public const string AuthScheme = "XpoProfilerToken";
        public XpoProfilerTokenHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
            ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { }
        protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
            return Task.Run(() => {
                string header = Context.Request.Headers["Authorization"].FirstOrDefault(h => h.StartsWith(AuthScheme));
                if(header != null) {
                    string token = header.Substring(AuthScheme.Length + 1);
                    if(token == ValidToken) {
                        var principal = new ClaimsPrincipal(new ClaimsIdentity(null, AuthScheme));
                        return AuthenticateResult.Success(new AuthenticationTicket(principal, AuthScheme));
                return AuthenticateResult.NoResult();


    The XpoProfilerTokenHandler.ValidToken constant value (“xpoxpo“ in this example) is a token that you should specify in the XPO Profiler’s Authentication dialog to connect to your web application. Replace “xpoxpo“ with a custom secret token string for security purposes.

  • Register your custom authentication handler in the Startup.ConfigureServices method declared in the Startup.cs file.

    public void ConfigureServices(IServiceCollection services) {
            .AddAuthentication( /*your default authentication_scheme*/)
            .AddScheme<AuthenticationSchemeOptions, XpoProfilerTokenHandler>(XpoProfilerTokenHandler.AuthScheme, null);
  • Apply the Authorize attribute to your XpoLoggerController class (demonstrated in the Connection Setup section).

    using Microsoft.AspNetCore.Authorization;
    // ...
    [Authorize(AuthenticationSchemes = XpoProfilerTokenHandler.AuthScheme)]
    public class XpoLoggerController : Controller {
        // ...
See Also