Middleware in Minimal API apps
WebApplication automatically adds the following middleware in Minimal API applications depending on certain conditions:
UseDeveloperExceptionPageis added first when theHostingEnvironmentis"Development".UseRoutingis added second if user code didn't already callUseRoutingand if there are endpoints configured, for exampleapp.MapGet.UseEndpointsis added at the end of the middleware pipeline if any endpoints are configured.UseAuthenticationis added immediately afterUseRoutingif user code didn't already callUseAuthenticationand ifIAuthenticationSchemeProvidercan be detected in the service provider.IAuthenticationSchemeProvideris added by default when usingAddAuthentication, and services are detected usingIServiceProviderIsService.UseAuthorizationis added next if user code didn't already callUseAuthorizationand ifIAuthorizationHandlerProvidercan be detected in the service provider.IAuthorizationHandlerProvideris added by default when usingAddAuthorization, and services are detected usingIServiceProviderIsService.- User configured middleware and endpoints are added between
UseRoutingandUseEndpoints.
The following code is effectively what the automatic middleware being added to the app produces:
if (isDevelopment)
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
if (isAuthenticationConfigured)
{
app.UseAuthentication();
}
if (isAuthorizationConfigured)
{
app.UseAuthorization();
}
// user middleware/endpoints
app.CustomMiddleware(...);
app.MapGet("/", () => "hello world");
// end user middleware/endpoints
app.UseEndpoints(e => {});
In some cases, the default middleware configuration isn't correct for the app and requires modification. For example, UseCors should be called before UseAuthentication and UseAuthorization. The app needs to call UseAuthentication and UseAuthorization if UseCors is called:
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
If middleware should be run before route matching occurs, UseRouting should be called and the middleware should be placed before the call to UseRouting. UseEndpoints isn't required in this case as it is automatically added as described previously:
app.Use((context, next) =>
{
return next(context);
});
app.UseRouting();
// other middleware and endpoints
When adding a terminal middleware:
- The middleware must be added after
UseEndpoints. - The app needs to call
UseRoutingandUseEndpointsso that the terminal middleware can be placed at the correct location.
app.UseRouting();
app.MapGet("/", () => "hello world");
app.UseEndpoints(e => {});
app.Run(context =>
{
context.Response.StatusCode = 404;
return Task.CompletedTask;
});
Terminal middleware is middleware that runs if no endpoint handles the request.
WebApplication automatically adds the following middleware in Minimal API applications depending on certain conditions:
UseDeveloperExceptionPageis added first when theHostingEnvironmentis"Development".UseRoutingis added second if user code didn't already callUseRoutingand if there are endpoints configured, for exampleapp.MapGet.UseEndpointsis added at the end of the middleware pipeline if any endpoints are configured.UseAuthenticationis added immediately afterUseRoutingif user code didn't already callUseAuthenticationand ifIAuthenticationSchemeProvidercan be detected in the service provider.IAuthenticationSchemeProvideris added by default when usingAddAuthentication, and services are detected usingIServiceProviderIsService.UseAuthorizationis added next if user code didn't already callUseAuthorizationand ifIAuthorizationHandlerProvidercan be detected in the service provider.IAuthorizationHandlerProvideris added by default when usingAddAuthorization, and services are detected usingIServiceProviderIsService.- User configured middleware and endpoints are added between
UseRoutingandUseEndpoints.
The following code is effectively what the automatic middleware being added to the app produces:
if (isDevelopment)
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
if (isAuthenticationConfigured)
{
app.UseAuthentication();
}
if (isAuthorizationConfigured)
{
app.UseAuthorization();
}
// user middleware/endpoints
app.CustomMiddleware(...);
app.MapGet("/", () => "hello world");
// end user middleware/endpoints
app.UseEndpoints(e => {});
In some cases, the default middleware configuration isn't correct for the app and requires modification. For example, UseCors should be called before UseAuthentication and UseAuthorization. The app needs to call UseAuthentication and UseAuthorization if UseCors is called:
app.UseCors();
app.UseAuthentication();
app.UseAuthorization();
If middleware should be run before route matching occurs, UseRouting should be called and the middleware should be placed before the call to UseRouting. UseEndpoints isn't required in this case as it is automatically added as described previously:
app.Use((context, next) =>
{
return next(context);
});
app.UseRouting();
// other middleware and endpoints
When adding a terminal middleware:
- The middleware must be added after
UseEndpoints. - The app needs to call
UseRoutingandUseEndpointsso that the terminal middleware can be placed at the correct location.
app.UseRouting();
app.MapGet("/", () => "hello world");
app.UseEndpoints(e => {});
app.Run(context =>
{
context.Response.StatusCode = 404;
return Task.CompletedTask;
});
Terminal middleware is middleware that runs if no endpoint handles the request.
For information on antiforgery middleware in Minimal APIs, see Prevent Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core
For more information about middleware see ASP.NET Core Middleware, and the list of built-in middleware that can be added to applications.
For more information about Minimal APIs see Minimal APIs overview.
ASP.NET Core
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for