How to read ASP.NET Core Response.Body?
In my original response I had totally misread the question and thought the poster was asking how to read the Request.Body
But he had asked how to read the Response.Body
. I'm leaving my original answer to preserve history but also updating it to show how I would answer the question once reading it correctly.
Original Answer
If you want a buffered stream that supports reading multiple times you need to set
context.Request.EnableRewind()
Ideally do this early in the middleware before anything needs to read the body.
So for example you could place the following code in the beginning of the Configure
method of the Startup.cs file:
app.Use(async (context, next) => {
context.Request.EnableRewind();
await next();
});
Prior to enabling Rewind the stream associated with the Request.Body
is a forward only stream that doesn't support seeking or reading the stream a second time. This was done to make the default configuration of request handling as lightweight and performant as possible. But once you enable rewind the stream is upgrade to a stream that supports seeking and reading multiple times. You can observe this "upgrade" by setting a breakpoint just before and just after the call to EnableRewind
and observing the Request.Body
properties. So for example Request.Body.CanSeek
will change from false
to true
.
update: Starting in ASP.NET Core 2.1 Request.EnableBuffering()
is available which upgrades the Request.Body
to a FileBufferingReadStream
just like Request.EnableRewind()
and since Request.EnableBuffering()
is in a public namespace rather than an internal one it should be preferred over EnableRewind(). (Thanks to @ArjanEinbu for pointing out)
Then to read the body stream you could for example do this:
string bodyContent = new StreamReader(Request.Body).ReadToEnd();
Don't wrap the StreamReader
creation in a using statement though or it will close the underlying body stream at the conclusion of the using block and code later in the request lifecycle wont be able to read the body.
Also just to be safe, it might be a good idea to follow the above line of code that reads the body content with this line of code to reset the body's stream position back to 0.
request.Body.Position = 0;
That way any code later in the request lifecycle will find the request.Body in a state just like it hasn't been read yet.
Updated Answer
Sorry I originally misread your question. The concept of upgrading the associated stream to be a buffered stream still applies. However you do have to do it manually, I'm unaware of any built in .Net Core functionality that lets you read the response stream once written in the way that EnableRewind()
lets a developer reread the request stream after it's been read.
Your "hacky" approach is likely totally appropriate. You are basically converting a stream that can't seek to one that can. At the end of the day the Response.Body
stream has to get swapped out with a stream that is buffered and supports seeking. Here is another take on middleware to do that but you will notice it's quite similar to your approach. I did however choose to use a finally block as added protection for putting the original stream back on the Response.Body
and I used the Position
property of the stream rather than the Seek
method since the syntax is a bit simpler but the effect is no different than your approach.
public class ResponseRewindMiddleware
{
private readonly RequestDelegate next;
public ResponseRewindMiddleware(RequestDelegate next) {
this.next = next;
}
public async Task Invoke(HttpContext context) {
Stream originalBody = context.Response.Body;
try {
using (var memStream = new MemoryStream()) {
context.Response.Body = memStream;
await next(context);
memStream.Position = 0;
string responseBody = new StreamReader(memStream).ReadToEnd();
memStream.Position = 0;
await memStream.CopyToAsync(originalBody);
}
} finally {
context.Response.Body = originalBody;
}
}
}
You can use a middleware in the request pipeline, in order to log request and responses.
However is increased the hazard of memory leak
, due to the facth that:
1. Streams,
2. Setting Byte Buffers and
3. String conversions
can end up to Large Object Heap (in case the body of request or response is larger than 85,000 bytes). This increases the hazard of memory leak in your application. In order to avoid LOH, memory streams can be replaced by Recyclable Memory stream using the relevant library.
An implementation that uses Recyclable memory streams:
public class RequestResponseLoggingMiddleware
{
private readonly RequestDelegate _next;
private readonly ILogger _logger;
private readonly RecyclableMemoryStreamManager _recyclableMemoryStreamManager;
private const int ReadChunkBufferLength = 4096;
public RequestResponseLoggingMiddleware(RequestDelegate next, ILoggerFactory loggerFactory)
{
_next = next;
_logger = loggerFactory
.CreateLogger<RequestResponseLoggingMiddleware>();
_recyclableMemoryStreamManager = new RecyclableMemoryStreamManager();
}
public async Task Invoke(HttpContext context)
{
LogRequest(context.Request);
await LogResponseAsync(context);
}
private void LogRequest(HttpRequest request)
{
request.EnableRewind();
using (var requestStream = _recyclableMemoryStreamManager.GetStream())
{
request.Body.CopyTo(requestStream);
_logger.LogInformation($"Http Request Information:{Environment.NewLine}" +
$"Schema:{request.Scheme} " +
$"Host: {request.Host} " +
$"Path: {request.Path} " +
$"QueryString: {request.QueryString} " +
$"Request Body: {ReadStreamInChunks(requestStream)}");
}
}
private async Task LogResponseAsync(HttpContext context)
{
var originalBody = context.Response.Body;
using (var responseStream = _recyclableMemoryStreamManager.GetStream())
{
context.Response.Body = responseStream;
await _next.Invoke(context);
await responseStream.CopyToAsync(originalBody);
_logger.LogInformation($"Http Response Information:{Environment.NewLine}" +
$"Schema:{context.Request.Scheme} " +
$"Host: {context.Request.Host} " +
$"Path: {context.Request.Path} " +
$"QueryString: {context.Request.QueryString} " +
$"Response Body: {ReadStreamInChunks(responseStream)}");
}
context.Response.Body = originalBody;
}
private static string ReadStreamInChunks(Stream stream)
{
stream.Seek(0, SeekOrigin.Begin);
string result;
using (var textWriter = new StringWriter())
using (var reader = new StreamReader(stream))
{
var readChunk = new char[ReadChunkBufferLength];
int readChunkLength;
//do while: is useful for the last iteration in case readChunkLength < chunkLength
do
{
readChunkLength = reader.ReadBlock(readChunk, 0, ReadChunkBufferLength);
textWriter.Write(readChunk, 0, readChunkLength);
} while (readChunkLength > 0);
result = textWriter.ToString();
}
return result;
}
}
NB. The hazard of LOH is not fully eradicate due to textWriter.ToString()
on the other hand you can use a logging client library that supports structured logging (ie. Serilog) and inject the instance of a Recyclable Memory Stream.
What you describe as a hack is actually the suggested approach of how to manage response streams in custom middleware.
Because of the pipeline nature of the middle ware design where each middle ware is unaware of the previous or next handler in the pipeline. There is no guarantee that the current middle ware would be the one writing the response unless it holds on to the response stream it was given before passing on a stream that it (the current middle ware) controls. This design was seen in OWIN and eventually baked into asp.net-core.
Once you start writing to the response stream it sends the body and headers (the response) to the client. If another handler down the pipeline does that before the current handler had a chance to then it wont be able to add anything to the response once it has been already sent.
Which again is not guaranteed to be the actual response stream if the previous middleware in the pipeline followed the same strategy of passing another stream down the line.
Referencing ASP.NET Core Middleware Fundamentals
Warning
Be careful modifying the
HttpResponse
after invokingnext
, because the response may have already been sent to the client. You can use HttpResponse.HasStarted to check whether the headers have been sent.Warning
Do not call
next.Invoke
after calling awrite
method. A middleware component either produces a response or callsnext.Invoke
, but not both.
Example of built in basic middlewares from aspnet/BasicMiddleware Github repo
ResponseCompressionMiddleware.cs
/// <summary>
/// Invoke the middleware.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task Invoke(HttpContext context)
{
if (!_provider.CheckRequestAcceptsCompression(context))
{
await _next(context);
return;
}
var bodyStream = context.Response.Body;
var originalBufferFeature = context.Features.Get<IHttpBufferingFeature>();
var originalSendFileFeature = context.Features.Get<IHttpSendFileFeature>();
var bodyWrapperStream = new BodyWrapperStream(context, bodyStream, _provider,
originalBufferFeature, originalSendFileFeature);
context.Response.Body = bodyWrapperStream;
context.Features.Set<IHttpBufferingFeature>(bodyWrapperStream);
if (originalSendFileFeature != null)
{
context.Features.Set<IHttpSendFileFeature>(bodyWrapperStream);
}
try
{
await _next(context);
// This is not disposed via a using statement because we don't want to flush the compression buffer for unhandled exceptions,
// that may cause secondary exceptions.
bodyWrapperStream.Dispose();
}
finally
{
context.Response.Body = bodyStream;
context.Features.Set(originalBufferFeature);
if (originalSendFileFeature != null)
{
context.Features.Set(originalSendFileFeature);
}
}
}
In ASP.NET Core 3, the story is even worse: Even if you ignore the fact that we are talking about a web framework that has turned something as fundamental as reading web requests into a struggle with unintuitive workarounds and an API that changes between every version, then there's an open issue which means that if you use EnableBuffering
"too late" (including late in your middleware pipeline), it won't do anything.
In my case, I used the hacky solution of adding the body to HttpContext.Items
as early in the pipeline as possible. I'm sure this is awfully inefficient, and it ignores the sort of issues that arise when the body is large, but if you're looking for something off-the-shelf (as I was when I came across this question), then maybe this is helpful.
Concretely, I use the following middleware:
public class RequestBodyStoringMiddleware
{
private readonly RequestDelegate _next;
public RequestBodyStoringMiddleware(RequestDelegate next) =>
_next = next;
public async Task Invoke(HttpContext httpContext)
{
httpContext.Request.EnableBuffering();
string body;
using (var streamReader = new System.IO.StreamReader(
httpContext.Request.Body, System.Text.Encoding.UTF8, leaveOpen: true))
body = await streamReader.ReadToEndAsync();
httpContext.Request.Body.Position = 0;
httpContext.Items["body"] = body;
await _next(httpContext);
}
}
To use this, do a app.UseMiddleware<RequestBodyStoringMiddleware>();
as early as possible in Startup.Configure
; the issue is that depending on what else you're doing, the body stream might end up being consumed along the way, so the order matters. Then, when you need the body later (in the controller, or another piece of middleware), access it through (string)HttpContext.Items["body"];
. Yes, your controllers now rely on implementation details of your configuration but what can you do.
@RonC's answer works for the most part. But I wanted to add this. It seems that ASP.NET Core does not like to present the web contents directly from the memory stream (unless it's a simple string and not a whole HTML page). I spent hours trying to figure this one out, so I wanted to post it here so that other people wouldn't waste their time trying to figure this one out as I did.
Here is the little modification of @RonC's answer about the response part:
public class ResponseBufferMiddleware
{
private readonly RequestDelegate _next;
public ResponseBufferMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task InvokeAsync(HttpContext context)
{
// Store the original body stream for restoring the response body back to its original stream
var originalBodyStream = context.Response.Body;
// Create new memory stream for reading the response; Response body streams are write-only, therefore memory stream is needed here to read
await using var memoryStream = new MemoryStream();
context.Response.Body = memoryStream;
// Call the next middleware
await _next(context);
// Set stream pointer position to 0 before reading
memoryStream.Seek(0, SeekOrigin.Begin);
// Read the body from the stream
var responseBodyText = await new StreamReader(memoryStream).ReadToEndAsync();
// Reset the position to 0 after reading
memoryStream.Seek(0, SeekOrigin.Begin);
// Do this last, that way you can ensure that the end results end up in the response.
// (This resulting response may come either from the redirected route or other special routes if you have any redirection/re-execution involved in the middleware.)
// This is very necessary. ASP.NET doesn't seem to like presenting the contents from the memory stream.
// Therefore, the original stream provided by the ASP.NET Core engine needs to be swapped back.
// Then write back from the previous memory stream to this original stream.
// (The content is written in the memory stream at this point; it's just that the ASP.NET engine refuses to present the contents from the memory stream.)
context.Response.Body = originalBodyStream;
await context.Response.Body.WriteAsync(memoryStream.ToArray());
// Per @Necip Sunmaz's recommendation this also works:
// Just make sure that the memoryStrream's pointer position is set back to 0 again.
// await memoryStream.CopyToAsync(originalBodyStream);
// context.Response.Body = originalBodyStream;
}
}
This way, you can present the web contents properly but also read the response body if you need to. This has been thoroughly been tested.
Also, note that this code is written using .NET Core 3.1 and the C# language version 8.0. @DalmTo confirmed that this code works with .NET 5 and C# 9.