Unsuppress CA1848: replace direct logger calls with LoggerMessage delegates (#1049)

CA1848 was suppressed to `suggestion` in `.editorconfig`, masking a
pervasive pattern of suboptimal logging. This PR removes that
suppression and fixes all violations by migrating to `[LoggerMessage]`
source-generated delegates.

## Approach

Every direct `ILogger` extension call (`LogInformation`, `LogWarning`,
`LogError`, etc.) is replaced with a `[LoggerMessage]` partial method.
Classes not already `partial` were made so.

```csharp
// Before
logger.LogWarning("Chapter directory not found: {ChapterDirectory}", chapterDirectory);

// After
[LoggerMessage(Level = LogLevel.Warning, Message = "Chapter directory not found: {ChapterDirectory}")]
private static partial void LogChapterDirectoryNotFound(ILogger<ListingSourceCodeService> logger, string chapterDirectory);

// call site
LogChapterDirectoryNotFound(_Logger, chapterDirectory);
```

## Files changed
- **`.editorconfig`** — removed `dotnet_diagnostic.CA1848.severity =
suggestion`
- **Services** — `EmailSender`, `ListingSourceCodeService`,
`McpRateLimiterPolicy`, `CaptchaService`
- **Controllers** — `ChatController`
- **`Program.cs`** — rate-limit rejection handler, exception handler,
CSP middleware, sitemap startup
- **Identity pages** — `Login`, `Register`, `ExternalLogin`, `Logout`,
`LoginWith2fa`, `LoginWithRecoveryCode`, all Manage pages
(ChangePassword, DeletePersonalData, Disable2fa, DownloadPersonalData,
EnableAuthenticator, GenerateRecoveryCodes, ResetAuthenticator)
- **Identity services** — `PwnedPasswordValidator`
- **Helpers/Extensions** — `FileInfoExtensions`, `SitemapXmlHelpers`
- **Chat.Shared** — `AISearchService`, `MarkdownChunkingService`

Also fixed one LOGGEN008 error: removed a redundant `"Error: "` prefix
in a log message template whose level already implies the severity.

> [!WARNING]
>
> <details>
> <summary>Firewall rules blocked me from connecting to one or more
addresses (expand for details)</summary>
>
> #### I tried to connect to the following addresses, but was blocked by
firewall rules:
>
> - `api.hcaptcha.com`
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/120cf16fe2ba497ba2e0b3c576c12c16` (dns block)
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/f4a1d75f3ca54e5498eb8c5b68a70fbc ACCEPT` (dns block)
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/40a09c9a64054f218b5236e9732db5a8 rvices/IGuidelinesService.cs
rvices/CaptchaOptions.cs rvices/AuthMessageSenderOptions.cs
rvices/McpApiTokenService.cs rvices/RouteConfigurationService.cs
rvices/CaptchaService.cs rvices/GuidelinesService.cs rvic��
rvices/ISiteMappingService.cs rvices/SiteSettings.cs` (dns block)
> - `api.pwnedpasswords.com`
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/120cf16fe2ba497ba2e0b3c576c12c16` (dns block)
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/f4a1d75f3ca54e5498eb8c5b68a70fbc ACCEPT` (dns block)
> - Triggering command:
`/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
/home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Release/net10.0/EssentialCSharp.Web.Tests
--server dotnettestcli --dotnet-test-pipe
/tmp/40a09c9a64054f218b5236e9732db5a8 rvices/IGuidelinesService.cs
rvices/CaptchaOptions.cs rvices/AuthMessageSenderOptions.cs
rvices/McpApiTokenService.cs rvices/RouteConfigurationService.cs
rvices/CaptchaService.cs rvices/GuidelinesService.cs rvic��
rvices/ISiteMappingService.cs rvices/SiteSettings.cs` (dns block)
>
> If you need me to access, download, or install something from one of
these locations, you can either:
>
> - Configure [Actions setup
steps](https://gh.io/copilot/actions-setup-steps) to set up my
environment, which run before the firewall is enabled
> - Add the appropriate URLs or hosts to the custom allowlist in this
repository's [Copilot coding agent
settings](https://github.com/IntelliTect/EssentialCSharp.Web/settings/copilot/coding_agent)
(admins only)
>
> </details>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>

Author: Copilot

.editorconfig

@@ -155,8 +155,6 @@ csharp_style_prefer_top_level_statements = true:silent
 csharp_style_expression_bodied_lambdas = true:silent
 csharp_style_expression_bodied_local_functions = false:silent
 
-# CA1848: Use the LoggerMessage delegates
-dotnet_diagnostic.CA1848.severity = suggestion
 # Test files - allow underscore-separated test method names (CA1707)
 [{EssentialCSharp.Web.Tests,EssentialCSharp.Chat.Tests}/**]
 dotnet_diagnostic.CA1707.severity = none

EssentialCSharp.Chat.Shared/Services/AISearchService.cs

@@ -6,7 +6,7 @@
 
 namespace EssentialCSharp.Chat.Common.Services;
 
-public class AISearchService(
+public partial class AISearchService(
     VectorStore vectorStore,
     EmbeddingService embeddingService,
     ILogger<AISearchService> logger)
@@ -49,10 +49,13 @@ public async Task<IReadOnlyList<VectorSearchResult<BookContentChunk>>> ExecuteVe
                 // needed (clearing would evict all healthy connections, hurting concurrent users).
                 // The retry opens a fresh physical connection, which calls UsePasswordProvider
                 // and gets a new token from DefaultAzureCredential.
-                logger.LogWarning(ex, "Entra ID token expired on pooled connection (SqlState 28000); retrying once.");
+                LogEntraIdTokenExpired(logger, ex);
             }
         }
 
         throw new UnreachableException("Retry loop exited without returning or throwing.");
     }
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "Entra ID token expired on pooled connection (SqlState 28000); retrying once.")]
+    private static partial void LogEntraIdTokenExpired(ILogger<AISearchService> logger, Exception exception);
 }

EssentialCSharp.Chat.Shared/Services/MarkdownChunkingService.cs

@@ -26,7 +26,7 @@ public async Task<List<FileChunkingResult>> ProcessMarkdownFilesAsync(
         // Validate input parameters
         if (!directory.Exists)
         {
-            logger.LogError("Error: Directory {DirectoryName} does not exist.", directory.FullName);
+            LogDirectoryDoesNotExist(logger, directory.FullName);
             throw new InvalidOperationException($"Error: Directory '{directory.FullName}' does not exist.");
         }
 
@@ -177,4 +177,7 @@ public FileChunkingResult ProcessSingleMarkdownFile(
 
     [GeneratedRegex(@"^(#{1,6}) +(.+)$")]
     private static partial Regex HeadingRegex();
+
+    [LoggerMessage(Level = LogLevel.Error, Message = "Directory {DirectoryName} does not exist.")]
+    private static partial void LogDirectoryDoesNotExist(ILogger<MarkdownChunkingService> logger, string directoryName);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/ExternalLogin.cshtml.cs

@@ -14,7 +14,7 @@
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account;
 
 [AllowAnonymous]
-public class ExternalLoginModel(
+public partial class ExternalLoginModel(
     SignInManager<EssentialCSharpWebUser> signInManager,
     UserManager<EssentialCSharpWebUser> userManager,
     IUserStore<EssentialCSharpWebUser> userStore,
@@ -78,7 +78,7 @@ public async Task<IActionResult> OnGetCallbackAsync(string? returnUrl = null, st
         Microsoft.AspNetCore.Identity.SignInResult result = await signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
         if (result.Succeeded)
         {
-            logger.LogInformation("{Name} logged in with {LoginProvider} provider.", info.Principal.Identity?.Name, info.LoginProvider);
+            LogUserLoggedInWithProvider(logger, info.Principal.Identity?.Name, info.LoginProvider);
             // Ensure referral ID is set for the user
             var user = await userManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey);
             if (user != null)
@@ -140,7 +140,7 @@ public async Task<IActionResult> OnPostConfirmationAsync(string? returnUrl = nul
                     result = await userManager.AddLoginAsync(user, info);
                     if (result.Succeeded)
                     {
-                        logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
+                        LogUserCreatedWithProvider(logger, info.LoginProvider);
                         return await SendConfirmationEmail(returnUrl, info, user);
                     }
                 }
@@ -214,4 +214,10 @@ private EssentialCSharpWebUser CreateUser()
                 $"override the external login page in /Areas/Identity/Pages/Account/ExternalLogin.cshtml", innerException);
         }
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "{Name} logged in with {LoginProvider} provider.")]
+    private static partial void LogUserLoggedInWithProvider(ILogger<ExternalLoginModel> logger, string? name, string loginProvider);
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User created an account using {Name} provider.")]
+    private static partial void LogUserCreatedWithProvider(ILogger<ExternalLoginModel> logger, string name);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/Login.cshtml.cs

@@ -11,7 +11,7 @@
 
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account;
 
-public class LoginModel(SignInManager<EssentialCSharpWebUser> signInManager, UserManager<EssentialCSharpWebUser> userManager, ILogger<LoginModel> logger, IReferralService referralService, ICaptchaService captchaService, IOptions<CaptchaOptions> optionsAccessor) : PageModel
+public partial class LoginModel(SignInManager<EssentialCSharpWebUser> signInManager, UserManager<EssentialCSharpWebUser> userManager, ILogger<LoginModel> logger, IReferralService referralService, ICaptchaService captchaService, IOptions<CaptchaOptions> optionsAccessor) : PageModel
 {
     private InputModel? _Input;
     [BindProperty]
@@ -102,7 +102,7 @@ public async Task<IActionResult> OnPostAsync(string? returnUrl = null)
             }
             if (result.Succeeded)
             {
-                logger.LogInformation("User logged in.");
+                LogUserLoggedIn(logger);
                 return LocalRedirect(returnUrl);
             }
             if (result.RequiresTwoFactor)
@@ -111,7 +111,7 @@ public async Task<IActionResult> OnPostAsync(string? returnUrl = null)
             }
             if (result.IsLockedOut)
             {
-                logger.LogWarning("User account locked out.");
+                LogUserAccountLockedOut(logger);
                 return RedirectToPage("./Lockout");
             }
             else
@@ -124,4 +124,10 @@ public async Task<IActionResult> OnPostAsync(string? returnUrl = null)
         // If we got this far, something failed, redisplay form
         return Page();
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User logged in.")]
+    private static partial void LogUserLoggedIn(ILogger<LoginModel> logger);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "User account locked out.")]
+    private static partial void LogUserAccountLockedOut(ILogger<LoginModel> logger);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/LoginWith2fa.cshtml.cs

@@ -6,7 +6,7 @@
 
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account;
 
-public class LoginWith2faModel(
+public partial class LoginWith2faModel(
     SignInManager<EssentialCSharpWebUser> signInManager,
     UserManager<EssentialCSharpWebUser> userManager,
     ILogger<LoginWith2faModel> logger) : PageModel
@@ -68,19 +68,28 @@ public async Task<IActionResult> OnPostAsync(bool rememberMe, string? returnUrl
 
         if (result.Succeeded)
         {
-            logger.LogInformation("User with ID '{UserId}' logged in with 2fa.", user.Id);
+            LogUserLoggedInWith2fa(logger, user.Id);
             return LocalRedirect(returnUrl);
         }
         else if (result.IsLockedOut)
         {
-            logger.LogWarning("User with ID '{UserId}' account locked out.", user.Id);
+            LogUserAccountLockedOut2fa(logger, user.Id);
             return RedirectToPage("./Lockout");
         }
         else
         {
-            logger.LogWarning("Invalid authenticator code entered for user with ID '{UserId}'.", user.Id);
+            LogInvalidAuthenticatorCode(logger, user.Id);
             ModelState.AddModelError(string.Empty, "Invalid authenticator code.");
             return Page();
         }
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User with ID '{UserId}' logged in with 2fa.")]
+    private static partial void LogUserLoggedInWith2fa(ILogger<LoginWith2faModel> logger, string userId);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "User with ID '{UserId}' account locked out.")]
+    private static partial void LogUserAccountLockedOut2fa(ILogger<LoginWith2faModel> logger, string userId);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "Invalid authenticator code entered for user with ID '{UserId}'.")]
+    private static partial void LogInvalidAuthenticatorCode(ILogger<LoginWith2faModel> logger, string userId);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/LoginWithRecoveryCode.cshtml.cs

@@ -5,9 +5,8 @@
 using Microsoft.AspNetCore.Mvc.RazorPages;
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account;
 
-public class LoginWithRecoveryCodeModel(
+public partial class LoginWithRecoveryCodeModel(
     SignInManager<EssentialCSharpWebUser> signInManager,
-    UserManager<EssentialCSharpWebUser> userManager,
     ILogger<LoginWithRecoveryCodeModel> logger) : PageModel
 {
     private InputModel? _Input;
@@ -55,23 +54,30 @@ public async Task<IActionResult> OnPostAsync(string? returnUrl = null)
 
         Microsoft.AspNetCore.Identity.SignInResult result = await signInManager.TwoFactorRecoveryCodeSignInAsync(recoveryCode);
 
-        string userId = await userManager.GetUserIdAsync(user);
-
         if (result.Succeeded)
         {
-            logger.LogInformation("User with ID '{UserId}' logged in with a recovery code.", user.Id);
+            LogUserLoggedInWithRecoveryCode(logger, user.Id);
             return LocalRedirect(returnUrl ?? Url.Content("~/"));
         }
         if (result.IsLockedOut)
         {
-            logger.LogWarning("User account locked out.");
+            LogUserAccountLockedOutRecovery(logger);
             return RedirectToPage("./Lockout");
         }
         else
         {
-            logger.LogWarning("Invalid recovery code entered for user with ID '{UserId}' ", user.Id);
+            LogInvalidRecoveryCode(logger, user.Id);
             ModelState.AddModelError(string.Empty, "Invalid recovery code entered.");
             return Page();
         }
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User with ID '{UserId}' logged in with a recovery code.")]
+    private static partial void LogUserLoggedInWithRecoveryCode(ILogger<LoginWithRecoveryCodeModel> logger, string userId);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "User account locked out.")]
+    private static partial void LogUserAccountLockedOutRecovery(ILogger<LoginWithRecoveryCodeModel> logger);
+
+    [LoggerMessage(Level = LogLevel.Warning, Message = "Invalid recovery code entered for user with ID '{UserId}'.")]
+    private static partial void LogInvalidRecoveryCode(ILogger<LoginWithRecoveryCodeModel> logger, string userId);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/Logout.cshtml.cs

@@ -5,14 +5,17 @@
 
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account;
 
-public class LogoutModel(SignInManager<EssentialCSharpWebUser> signInManager, ILogger<LogoutModel> logger) : PageModel
+public partial class LogoutModel(SignInManager<EssentialCSharpWebUser> signInManager, ILogger<LogoutModel> logger) : PageModel
 {
     public async Task<IActionResult> OnPost(string? returnUrl = null)
     {
         await signInManager.SignOutAsync();
-        logger.LogInformation("User logged out.");
-            // This needs to be a redirect so that the browser performs a new
-            // request and the identity for the user gets updated.
-            return returnUrl is not null ? LocalRedirect(returnUrl) : RedirectToPage();
+        LogUserLoggedOut(logger);
+        // This needs to be a redirect so that the browser performs a new
+        // request and the identity for the user gets updated.
+        return returnUrl is not null ? LocalRedirect(returnUrl) : RedirectToPage();
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User logged out.")]
+    private static partial void LogUserLoggedOut(ILogger<LogoutModel> logger);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml.cs

@@ -6,7 +6,7 @@
 
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account.Manage;
 
-public class ChangePasswordModel(
+public partial class ChangePasswordModel(
     UserManager<EssentialCSharpWebUser> userManager,
     SignInManager<EssentialCSharpWebUser> signInManager,
     ILogger<ChangePasswordModel> logger) : PageModel
@@ -106,9 +106,12 @@ public async Task<IActionResult> OnPostAsync()
         }
 
         await signInManager.RefreshSignInAsync(user);
-        logger.LogInformation("User changed their password successfully.");
+        LogUserChangedPassword(logger);
         StatusMessage = "Your password has been changed.";
 
         return RedirectToPage();
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User changed their password successfully.")]
+    private static partial void LogUserChangedPassword(ILogger<ChangePasswordModel> logger);
 }

EssentialCSharp.Web/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml.cs

@@ -7,7 +7,7 @@
 
 namespace EssentialCSharp.Web.Areas.Identity.Pages.Account.Manage;
 
-public class DeletePersonalDataModel(
+public partial class DeletePersonalDataModel(
     UserManager<EssentialCSharpWebUser> userManager,
     SignInManager<EssentialCSharpWebUser> signInManager,
     ILogger<DeletePersonalDataModel> logger) : PageModel
@@ -79,8 +79,11 @@ public async Task<IActionResult> OnPostAsync()
 
         await signInManager.SignOutAsync();
 
-        logger.LogInformation("User with ID '{UserId}' deleted themselves.", userId);
+        LogUserDeletedThemselves(logger, userId);
 
         return Redirect("~/");
     }
+
+    [LoggerMessage(Level = LogLevel.Information, Message = "User with ID '{UserId}' deleted themselves.")]
+    private static partial void LogUserDeletedThemselves(ILogger<DeletePersonalDataModel> logger, string userId);
 }