Consider this Startup.cs configuration code:
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.AzureAD.UI;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
namespace Core31API
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// These three configs allow for Azure (Cloud) Authentication
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
//Bind to the appsettings.json AzureAD object...
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
//Make sure to configure OpenIdConnectOptions
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
options.Authority = options.Authority + "/v2.0/";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
//Make sure these next 4 are in proper order.
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
In particular:
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
ASP.NET Core 3.1 no longer supports MVC routing construct as everything is now considered an endpoint. This is actually a nice change because it makes both MVC and Web-API solution configurations the same!
Startup Class Changes
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
The IWebHostEnvironment is found in this assembly: Microsoft.AspNetCore.Hosting
Cookie Policy Changes
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
The Controller Attributes
[Authorize]
[ApiController]
[Route("[controller]")]
As soon as this endpoint is hit; the authorization logic kicks in after the Routing is done. Note that the routing is now using the Endpoints configuration.
Top comments (0)