Middlewares are used to add additional logic before and after HTTP requests.
We can create custom middleware, and there is a wide range of built-in middleware available that we can utilize:
Simply adding a middleware code (as show in the article) does not guarantee that its intended purpose will be fully achieved. Additional services, configurations, and logic may be required to meet specific application needs.
This article aims to explain the purpose of commonly seen middleware in the Program.cs file, along with a few additional middleware components.
1. Static Files Middleware
Purpose: Serves static files such as HTML, CSS, JavaScript, and images directly from the file system.
app.UseStaticFiles();
Details: This middleware is typically placed early in the pipeline to efficiently serve static content without further processing.
2. Routing Middleware
Purpose: Matches incoming HTTP requests to endpoints defined in the application.
app.UseRouting();
Details: Routing middleware is essential for directing requests to the appropriate controllers or endpoints. It should be placed before any middleware that depends on routing information, such as authorization.
3. Authentication Middleware
Purpose: Handles user authentication, verifying user credentials, and establishing user identity.
app.UseAuthentication();
Details: This middleware should be placed before authorization middleware to ensure that users are authenticated before access checks are performed.
4. Authorization Middleware
Purpose: Enforces access control policies, ensuring that authenticated users have the necessary permissions to access resources.
app.UseAuthorization();
Details: Authorization middleware should be placed after authentication middleware to ensure that only authenticated users are authorized.
5. CORS Middleware
Purpose: Configures Cross-Origin Resource Sharing (CORS) policies to allow or restrict resources requested from another domain.
app.UseCors("AllowAllPolicy");
Details: CORS middleware is crucial for enabling secure cross-origin requests, especially in API applications.
6. Session Middleware
Purpose: Manages user sessions, allowing data to be stored and retrieved across multiple requests.
app.UseSession();
Details: Session middleware requires session services to be configured in services.
7. Response Compression Middleware
Purpose: Compresses HTTP responses to reduce bandwidth usage and improve load times.
app.UseResponseCompression();
Details: This middleware is beneficial for optimizing performance, especially for large responses.
8. Exception Handling Middleware
Purpose: Provides a centralized mechanism for handling exceptions and generating error responses.
app.UseExceptionHandler("/Home/Error"); //Web App
app.UseExceptionHandler(); //API
Details: Exception-handling middleware should be placed early in the pipeline to catch exceptions from subsequent middleware.
9. HTTPS Redirection Middleware
Purpose: Redirects HTTP requests to HTTPS, ensuring secure communication.
app.UseHttpsRedirection();
Details: This middleware is essential for enforcing HTTPS in production environments
10. HSTS Middleware
Purpose: Enforces HTTP Strict Transport Security (HSTS) headers, instructing browsers to only access the site over HTTPS.
app.UseHsts();
Details: HSTS middleware should be used in conjunction with HTTPS redirection for enhanced security.
11. Run Middleware
Purpose: Defines a terminal middleware delegate that handles HTTP requests and generates responses directly, without passing control to subsequent middleware.
app.Run();
Details: app.Run() is used to set up a terminal middleware in the ASP.NET Core request processing pipeline. It is typically placed at the end in Program.cs file and is responsible for producing the final response.
Whenever you're ready, there are 3 ways I can help you:
- Subscribe to my youtube channel : For in-depth tutorials, coding tips, and industry insights.
- Promote yourself to 9,000+ subscribers : By sponsoring this newsletter
- Patreon community : Get access to all of my blogs and articles at one place