5 Middlewares in the WebAPI boilerplate of .NET 6 project and what do they do?
When you want to create a new WebAPI project in .NET 6 using the dotnet CLI (like as I do; I’m a fan of it), you use the following command -
> dotnet new webapi - name MyDotnetNetWebAPIThe Web API project thus created will come with one Program class file, one ValuesController file and a Model that is used in one of the controller endpoints.
But have you ever observed what the default middlewares that come inside the Program file and what do they do?
Let’s figure out. I have listed down the built-in middlewares that .NET 6 includes in the Program file. These are added to the IApplicationBuilder once the WebApplication is built and are executed in the same order as they are added to the pipeline for every request made to the API.
They are -
UseHttpsRedirection()
One of the highest priority best practices while hosting an API is to ensure that the requests are made over HTTPS channel. This makes the communication secure and less prone to security attacks. When you deploy and run a .NET 6 Web API, it listens on both HTTP and HTTPS ports. This middleware ensures that any request that is sent to the unsecure HTTP domain is redirected to the secure HTTPS channel.
UseRouting()
Endpoint Routing was one of the major design changes introduced in .NET Core starting from dotnetcore3.1.
Endpoint middleware is the alternative to the default MVC routing that was the norm since the Framework times.
Endpoint middleware resolves the endpoint to be called even before the request reaches till that point and ensures all the Route information (RoutePath, Paramters, Template etc.) are available to the other middlewares.
This was not possible with the older MVC routing middleware.
UseRouting() middleware marks that Endpoint Routing is being used for Routing, and the route information is available to all the middlewares that execute starting from here. I wrote a detailed article about Endpoint Routing — You can check out here.
UseCors()
CORS stands for Cross-Origin Requests. By default, any API denies access to any request that comes from a domain that is not same as the one where API is running.
This ensures that unwanted requests are not handled by the API. But this also means the actual client can also not access the API if it is deployed in another domain. The Solution? Access Control.
Cors middleware takes in a Cors Policy where you define which origins to be allowed, what methods to be allowed and what headers must be allowed.
UseAuthorization()
Authentication and Authorization are two facets of User data security. Authorization middleware ensures who is accessing what — if the current request is really allowed to do what it wants to do.
Authorization works after Authentication, so you need to add an Authentication mechanism first!
MapControllers()
MapControllers endpoint is the last stop for the request pipeline, here we attach the controllers and their actions to be invoked based on the request route selected by the Endpoint middleware.
For a WebAPI which doesn’t return any View this works — for a web application returns a HTML document, you will go with MapDefaultControllerRoute or the conventional MapControllerRoute() that takes a template string.
Share it with your friends if you find it informative! Follow me on LinkedIn and stay updated!
Checkout my new ebook Exploring ASP.NET Core Middlewares — A Complete Guide for Developers — I will explain everything you need to know about working with Middleware components in ASP.NET Core!!😁
