Development with a Dot

Introduction To get the new year started, another post on my ASP.NET Core Pitfalls series! This time, it's related to APIs, and how the [Consumes] attribute is interpreted. The Problem The Content-Typ e header and optional charset parameter are part of the web standard and used to tell the server handler what type of content the client will send. The charset part is optional, and the default is " ascii "; for example, if we wish to set it as UTF-8 , we should sent: Content-Type: application/json;charset=utf-8 Now, charset is optional, and does not really change what the content type is, just the character set of the text of the payload. In ASP.NET Core, it can be used to route the request to different endpoints: for example, two action methods for the same action can consume different content types. There is an attribute,  [Consumes] , which can be used in ASP.NET Core MVC to restrict the content types that are accepted by a given action method. [HttpGet("Get...

Introduction This post talks about a few options for restricting access to a given action method - or to all of them - on an ASP.NET Core MVC controller. It won’t be a general article about security in ASP.NET Core, just this aspect of it. Prerequisites We must always add authentication  (who we are) and authorisation (what can we do) support to the ASP.NET Core pipeline. Authorisation requires authentication, but authentication can exist on its own, as long as some authentication scheme is provided: builder.Services.AddAuthentication() .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme); builder.Services.AddAuthorization(); //can take options as we will see later on Using Filters ASP.NET Core filters are well known and popular, they are probably the easiest way to restrict access to an endpoint. Filters can be applied: Through an attribute, to an action method or a controller Globally for all controllers and actions Custom Filters IAuthorizationFilter  or IAsyn...

Introduction This is post #2 on my series of posts on ASP.NET Core extensibility. The first one is this one , on the core extension points. This time, I'm going to focus on extensibility that is specific to MVC . I'm covering here: Controller factories and activators Action invokers, action invoker factories and action invoker providers Action constraints and action contraint factories Value providers and value provider factories Input and output formatters Output cache Controller Factories and Activators A controller factory is what creates a controller instance and also takes care of releasing (disposing of) it. A controller activator does similar things, even the methods they expose are very similar, as we can see it from the controller factory  IControllerFactory  and the controller activator  IControllerActivator  interfaces. As it is, the default controller factory class,  DefaultControllerFactory , receives a controller activator from Dependency Injection...