20 KiB
| title | description | author | ms.author | ms.date | uid |
|---|---|---|---|---|---|
| Migrate HTTP handlers and modules to ASP.NET Core middleware | Migrate HTTP handlers and modules to ASP.NET Core middleware | rick-anderson | riande | 3/22/2024 | migration/http-modules |
Migrate HTTP handlers and modules to ASP.NET Core middleware
This article shows how to migrate existing ASP.NET HTTP modules and handlers from system.webserver to ASP.NET Core middleware.
Modules and handlers revisited
Before proceeding to ASP.NET Core middleware, let's first recap how HTTP modules and handlers work:
Handlers are:
-
Classes that implement xref:System.Web.IHttpHandler
-
Used to handle requests with a given file name or extension, such as .report
-
Configured in Web.config
Modules are:
-
Classes that implement xref:System.Web.IHttpModule
-
Invoked for every request
-
Able to short-circuit (stop further processing of a request)
-
Able to add to the HTTP response, or create their own
-
Configured in Web.config
The order in which modules process incoming requests is determined by:
-
A series events fired by ASP.NET, such as xref:System.Web.HttpApplication.BeginRequest and xref:System.Web.HttpApplication.AuthenticateRequest. For a complete list, see xref:System.Web.HttpApplication?displayProperty=fullName. Each module can create a handler for one or more events.
-
For the same event, the order in which they're configured in Web.config.
In addition to modules, you can add handlers for the life cycle events to your Global.asax.cs file. These handlers run after the handlers in the configured modules.
From handlers and modules to middleware
Middleware are simpler than HTTP modules and handlers:
-
Modules, handlers,
Global.asax.cs, Web.config (except for IIS configuration) and the application life cycle are gone -
The roles of both modules and handlers have been taken over by middleware
-
Middleware are configured using code rather than in Web.config
:::moniker range=">= aspnetcore-3.0"
- Pipeline branching lets you send requests to specific middleware, based on not only the URL but also on request headers, query strings, etc.
:::moniker-end :::moniker range="< aspnetcore-3.0"
- Pipeline branching lets you send requests to specific middleware, based on not only the URL but also on request headers, query strings, etc.
:::moniker-end
Middleware are very similar to modules:
-
Invoked in principle for every request
-
Able to short-circuit a request, by not passing the request to the next middleware
-
Able to create their own HTTP response
Middleware and modules are processed in a different order:
-
Order of middleware is based on the order in which they're inserted into the request pipeline, while order of modules is mainly based on xref:System.Web.HttpApplication?displayProperty=fullName events.
-
Order of middleware for responses is the reverse from that for requests, while order of modules is the same for requests and responses
Note how in the image above, the authentication middleware short-circuited the request.
Migrating module code to middleware
An existing HTTP module will look similar to this:
As shown in the Middleware page, an ASP.NET Core middleware is a class that exposes an Invoke method taking an HttpContext and returning a Task. Your new middleware will look like this:
The preceding middleware template was taken from the section on writing middleware.
The MyMiddlewareExtensions helper class makes it easier to configure your middleware in your Startup class. The UseMyMiddleware method adds your middleware class to the request pipeline. Services required by the middleware get injected in the middleware's constructor.
Your module might terminate a request, for example if the user isn't authorized:
A middleware handles this by not calling Invoke on the next middleware in the pipeline. Keep in mind that this doesn't fully terminate the request, because previous middlewares will still be invoked when the response makes its way back through the pipeline.
When you migrate your module's functionality to your new middleware, you may find that your code doesn't compile because the HttpContext class has significantly changed in ASP.NET Core. Later on, you'll see how to migrate to the new ASP.NET Core HttpContext.
Migrating module insertion into the request pipeline
HTTP modules are typically added to the request pipeline using Web.config:
Convert this by adding your new middleware to the request pipeline in your Startup class:
The exact spot in the pipeline where you insert your new middleware depends on the event that it handled as a module (BeginRequest, EndRequest, etc.) and its order in your list of modules in Web.config.
As previously stated, there's no application life cycle in ASP.NET Core and the order in which responses are processed by middleware differs from the order used by modules. This could make your ordering decision more challenging.
If ordering becomes a problem, you could split your module into multiple middleware components that can be ordered independently.
Migrating handler code to middleware
An HTTP handler looks something like this:
In your ASP.NET Core project, you would translate this to a middleware similar to this:
This middleware is very similar to the middleware corresponding to modules. The only real difference is that here there's no call to _next.Invoke(context). That makes sense, because the handler is at the end of the request pipeline, so there will be no next middleware to invoke.
Migrating handler insertion into the request pipeline
Configuring an HTTP handler is done in Web.config and looks something like this:
You could convert this by adding your new handler middleware to the request pipeline in your Startup class, similar to middleware converted from modules. The problem with that approach is that it would send all requests to your new handler middleware. However, you only want requests with a given extension to reach your middleware. That would give you the same functionality you had with your HTTP handler.
One solution is to branch the pipeline for requests with a given extension, using the MapWhen extension method. You do this in the same Configure method where you add the other middleware:
MapWhen takes these parameters:
-
A lambda that takes the
HttpContextand returnstrueif the request should go down the branch. This means you can branch requests not just based on their extension, but also on request headers, query string parameters, etc. -
A lambda that takes an
IApplicationBuilderand adds all the middleware for the branch. This means you can add additional middleware to the branch in front of your handler middleware.
Middleware added to the pipeline before the branch will be invoked on all requests; the branch will have no impact on them.
Loading middleware options using the options pattern
Some modules and handlers have configuration options that are stored in Web.config. However, in ASP.NET Core a new configuration model is used in place of Web.config.
The new configuration system gives you these options to solve this:
-
Directly inject the options into the middleware, as shown in the next section.
-
Use the options pattern:
-
Create a class to hold your middleware options, for example:
-
Store the option values
The configuration system allows you to store option values anywhere you want. However, most sites use
appsettings.json, so we'll take that approach:MyMiddlewareOptionsSection here is a section name. It doesn't have to be the same as the name of your options class.
-
Associate the option values with the options class
The options pattern uses ASP.NET Core's dependency injection framework to associate the options type (such as
MyMiddlewareOptions) with aMyMiddlewareOptionsobject that has the actual options.Update your
Startupclass: -
Inject the options into your middleware constructor. This is similar to injecting options into a controller.
The UseMiddleware extension method that adds your middleware to the
IApplicationBuildertakes care of dependency injection.This isn't limited to
IOptionsobjects. Any other object that your middleware requires can be injected this way.
Loading middleware options through direct injection
The options pattern has the advantage that it creates loose coupling between options values and their consumers. Once you've associated an options class with the actual options values, any other class can get access to the options through the dependency injection framework. There's no need to pass around options values.
This breaks down though if you want to use the same middleware twice, with different options. For example an authorization middleware used in different branches allowing different roles. You can't associate two different options objects with the one options class.
The solution is to get the options objects with the actual options values in your Startup class and pass those directly to each instance of your middleware.
-
Add a second key to
appsettings.jsonTo add a second set of options to the
appsettings.jsonfile, use a new key to uniquely identify it: -
Retrieve options values and pass them to middleware. The
Use...extension method (which adds your middleware to the pipeline) is a logical place to pass in the option values: -
Enable middleware to take an options parameter. Provide an overload of the
Use...extension method (that takes the options parameter and passes it toUseMiddleware). WhenUseMiddlewareis called with parameters, it passes the parameters to your middleware constructor when it instantiates the middleware object.Note how this wraps the options object in an
OptionsWrapperobject. This implementsIOptions, as expected by the middleware constructor.
Migrating to the new HttpContext
You saw earlier that the Invoke method in your middleware takes a parameter of type HttpContext:
public async Task Invoke(HttpContext context)
HttpContext has significantly changed in ASP.NET Core. This section shows how to translate the most commonly used properties of xref:System.Web.HttpContext?displayProperty=fullName to the new Microsoft.AspNetCore.Http.HttpContext.
HttpContext
HttpContext.Items translates to:
Unique request ID (no System.Web.HttpContext counterpart)
Gives you a unique id for each request. Very useful to include in your logs.
HttpContext.Request
HttpContext.Request.HttpMethod translates to:
HttpContext.Request.QueryString translates to:
HttpContext.Request.Url and HttpContext.Request.RawUrl translate to:
HttpContext.Request.IsSecureConnection translates to:
HttpContext.Request.UserHostAddress translates to:
HttpContext.Request.Cookies translates to:
HttpContext.Request.RequestContext.RouteData translates to:
HttpContext.Request.Headers translates to:
HttpContext.Request.UserAgent translates to:
HttpContext.Request.UrlReferrer translates to:
HttpContext.Request.ContentType translates to:
HttpContext.Request.Form translates to:
[!WARNING] Read form values only if the content sub type is x-www-form-urlencoded or form-data.
HttpContext.Request.InputStream translates to:
[!WARNING] Use this code only in a handler type middleware, at the end of a pipeline.
You can read the raw body as shown above only once per request. Middleware trying to read the body after the first read will read an empty body.
This doesn't apply to reading a form as shown earlier, because that's done from a buffer.
HttpContext.Response
HttpContext.Response.Status and HttpContext.Response.StatusDescription translate to:
HttpContext.Response.ContentEncoding and HttpContext.Response.ContentType translate to:
HttpContext.Response.ContentType on its own also translates to:
HttpContext.Response.Output translates to:
HttpContext.Response.TransmitFile
Serving up a file is discussed in xref:fundamentals/request-features.
HttpContext.Response.Headers
Sending response headers is complicated by the fact that if you set them after anything has been written to the response body, they will not be sent.
The solution is to set a callback method that will be called right before writing to the response starts. This is best done at the start of the Invoke method in your middleware. It's this callback method that sets your response headers.
The following code sets a callback method called SetHeaders:
public async Task Invoke(HttpContext httpContext)
{
// ...
httpContext.Response.OnStarting(SetHeaders, state: httpContext);
The SetHeaders callback method would look like this:
HttpContext.Response.Cookies
Cookies travel to the browser in a Set-Cookie response header. As a result, sending cookies requires the same callback as used for sending response headers:
public async Task Invoke(HttpContext httpContext)
{
// ...
httpContext.Response.OnStarting(SetCookies, state: httpContext);
httpContext.Response.OnStarting(SetHeaders, state: httpContext);
The SetCookies callback method would look like the following: