Connect the XPO Profiler to an ASP.NET Core Application

This topic describes how to profile ASP.NET Core applications using the XPO Profiler.

Connection Setup

  • Create the following controller:


    using DevExpress.Xpo.Logger; 
    using Microsoft.AspNetCore.Mvc; 
    // ...
    public class XpoLoggerController : Controller { 
        readonly static LoggerBase logger = new LoggerBase(50000); 
        static XpoLoggerController() { 
        public LogMessage[] GetCompleteLog() { 
            return logger.GetCompleteLog(); 
        public LogMessage GetMessage() { 
            return logger.GetMessage(); 
        public LogMessage[] GetMessages(int messagesAmount) { 
            return logger.GetMessages(messagesAmount); 
  • Run the XPO Profiler. Click File | New. In the New Host dialog, supply the following parameters:

    Parameter Value
    Binding type Select "WebApi" in the drop-down list.
    Server name Specify the hostname. The HTTP protocol is used by default. To use HTTPS, add the protocol prefix to the hostname (for example, "https://myserver").
    Port Specify the web site's port number.
    Path Specify the path to the controller (demonstrated in the first step) that corresponds to the web application (for example, "XpoLogger").

    XPO Profiler - Web API Binding

  • Click Test to test the connection.

Authentication Setup

XPO Profiler supports the following authentication types when using WebAPI binding:

Authentication Type Description Authentication Dialog
Anonymous Your web application should provide a anonymous access to the controller demonstrated in the Connection Setup section. None
Basic XPO profiler displays the Authentication dialog where you can specify the login and password. XPO Profiler - Auth By LoginPassword
Token-Based XPO profiler displays the Authentication dialog where you can specify the authentication token. Your web application should implement a custom authentication handler (see the section below for details). XPO Profiler - Auth By Token

Token-Based Authentication

  • Implement the following XpoProfilerTokenHandler authentication handler:


    using Microsoft.AspNetCore.Authentication;
    // ...
    class XpoProfilerTokenHandler : AuthenticationHandler<AuthenticationSchemeOptions>, IAuthenticationHandler {
        const string ValidToken = "xpoxpo";
        public const string AuthScheme = "XpoProfilerToken";
        public XpoProfilerTokenHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
        ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { }
        protected override Task<AuthenticateResult> HandleAuthenticateAsync() {
            return Task.Run(() => {
                string header = Context.Request.Headers["Authorization"].FirstOrDefault(h => h.StartsWith(AuthScheme));
                if(header != null) {
                    string token = header.Substring(AuthScheme.Length + 1);
                    if(token == ValidToken) {
                        var principal = new ClaimsPrincipal(new ClaimsIdentity(null, AuthScheme));
                        return AuthenticateResult.Success(new AuthenticationTicket(principal, AuthScheme));
                return AuthenticateResult.NoResult();

    The XpoProfilerTokenHandler.ValidToken constant value ("xpoxpo" in this example) is a token that you should specify in the XPO Profiler's Authentication dialog to connect to your web application. Replace "xpoxpo" with a custom secret token string for security purposes.

  • Register your custom authentication handler in the Startup.ConfigureServices method declared in the Startup.cs file.


    public void ConfigureServices(IServiceCollection services) {
            .AddAuthentication( /*your default authentication_scheme*/)
            .AddScheme<AuthenticationSchemeOptions, XpoProfilerTokenHandler>(XpoProfilerTokenHandler.AuthScheme, null);
  • Apply the Authorize attribute to your XpoLoggerController class (demonstrated in the Connection Setup section).


    using Microsoft.AspNetCore.Authorization;
    // ...
    [Authorize(AuthenticationSchemes = XpoProfilerTokenHandler.AuthScheme)]
    public class XpoLoggerController : Controller {
        // ...