ASP.NET Core introduced a new concept called Middleware. A middleware is nothing but a component (class) which is executed on every request in ASP.NET Core application. In the classic ASP.NET, HttpHandlers and HttpModules were part of request pipeline. Middleware is similar to HttpHandlers and HttpModules where both needs to be configured and executed in each request.
Typically, there will be multiple middleware in ASP.NET Core web application. It can be either framework provided middleware, added via NuGet or your own custom middleware. We can set the order of middleware execution in the request pipeline. Each middleware adds or modifies http request and optionally passes control to the next middleware component. The following figure illustrates the execution of middleware components.
Middleware's build the request pipeline. The following figure illustrates the ASP.NET Core request processing.
Configure Middleware
We can configure middleware in the Configure method of the Startup class using IApplicationBuilder instance. The following example adds a single middleware using Run method which returns a string "Hello, World!" on each request.
In the above example, Run() is an extension method on IApplicationBuilder instance which adds a terminal middleware to the application's request pipeline. The above configured middleware returns a response with a string "Hello World!" for each request.
To configure multiple middleware, use Use() extension method. It is similar to Run() method except that it includes next parameter to invoke next middleware in the sequence. Consider the following example.
The above example will display Hello World From 1st Middleware!Hello World From 2nd Middleware! in the browser.
Thus, we can use Use() method to configure multiple middlewares in the order we like.
Add Built-in Middleware Via NuGet
ASP.NET Core is a modular framework. We can add server side features we need in our application by installing different plug-ins via NuGet. There are many middleware plug-ins available which can be used in our application.
The followings are some built-in middleware:
1. Exception Handling:
- UseDeveloperExceptionPage() & UseDatabaseErrorPage(): used in development phase to catch run-time exceptions.
- UseExceptionHandler("/Error"): used in production for run-time exceptions
Calling these methods first ensures that exceptions are caught.
2. HSTS & HTTPS Redirection:
- UseHsts(): HTTP Strict Transport Security Protocol (HSTS) Middleware (UseHsts) adds the Strict-Transport-Security header.
- UseHttpsRedirection(): forces HTTP calls to automatically redirect to equivalent HTTPS addresses.
Calling these methods next ensure that HTTPS can be enforced before resources are served from a web browser.
3. Static files:
- UseStaticFiles(): used to enable static files, such as HTML, JavaScript, CSS and graphics files.
This Middleware is called early on to avoid the need for authentication, session or MVC middleware.
4. Cookie Policy:
- UseCookiePolicy(): used to enforce cookie policy and display GDPR-friendly messaging
5. Authentication, Authorization & Sessions:
- UseAuthentication(): used to enable authentication and then subsequently allow authorization.
- UserSession(): manually added to the Startup file to enable the Session middleware.
Calling these after cookie authentication (but before the MVC middleware) ensures that cookies can be issued as necessary and that the user can be authenticated before the MVC engine kicks in.
6. MVC & Routing:
- UseMvc(): enables the use of MVC in your web application, with the ability to customize routes for your MVC application and set other options.
- routes.MapRoute(): set the default route and any custom routes when using MVC.
Reference: https://medium.com/, https://docs.microsoft.com
0 comments:
Post a Comment