Scribd
Upload
12 views

dotnetConf-2024-AspNetCore-Source

Uploaded by

Nguyễn Tố Bình
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views

dotnetConf-2024-AspNetCore-Source

Uploaded by

Nguyễn Tố Bình
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

.

NET Conf 2024


- Vietnam

Organized by
Gain deeper understanding of ASP.NET

Core by exploring its source code

Thien Nguyen
ASP.NET Core components

Application Startup

The Anatomy of a Request


Agenda
Routing

Authentication and Authorization

Exception Handling
Web UI Services Extensions

Razor HTTP Logging


MVC SPA Blazor SignalR gRPC
Pages APIs
Configuration
Middleware
Routing Security Localization Caching Options
Compression Session Health Checks …
File Providers
Servers Worker
Kestrel IIS HTTP.sys Services
Dependency
Hosting Injection

ASP.NET Core Components


Application Startup

https://github.com/dotnet/aspnetcore/blob/main/src/DefaultBuilder/src/WebApplicationBuilder.cs
The Anatomy of a Request
The Server Architecture
https://github.com/dotnet/aspnetcore/blob/main/src/Hosting/Server.Abstractions/src/
IServer.cs

https://github.com/dotnet/aspnetcore/blob/main/src/Extensions/Features/src/
Request Dispatching

Thread Pool
Request Work
Item Thread
Work
Request Item
Infinity Work Thread
ThreadPool.UnsafeQueueUserWorkItem Item
Work
Request
loop
Item
Work Thread
Item
Work Thread
Item

https://github.com/dotnet/aspnetcore/blob/main/src/Servers/Kestrel/Core/src/Internal/
ConnectionDispatcher.cs
HttpContext
• HttpContext encapsulates all HTTP-specific
information about an individual HTTP request.

• HttpContext isn't thread-safe

https://github.com/dotnet/aspnetcore/blob/main/src/Http/Http/src/DefaultHttpContext.cs

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/http-context

https://github.com/davidfowl/AspNetCoreDiagnosticScenarios/blob/master/
AspNetCoreGuidance.md
Authentication

https://github.com/dotnet/aspnetcore/tree/main/src/Http/
Authentication.Abstractions/src

https://github.com/dotnet/aspnetcore/tree/main/src/Http/Authentication.Core/src

https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/
Core/src/
Authentication
Support multiple Schemes: Cookies, Bearer, Windows,…
If only one scheme registered, it is automatically used as
DefaultScheme

An Authentication Scheme corresponding to an Authentication


Handler

https://github.com/dotnet/aspnetcore/blob/main/src/Http/Authentication.Abstractions/src/IAuthenticationHandler.cs

https://github.com/dotnet/aspnetcore/blob/main/src/Http/Authentication.Core/src/AuthenticationService.cs

https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/Core/src/
AuthenticationMiddleware.cs
https://github.com/dotnet/aspnetcore/blob/main/src/Http/Authentication.Abstractions/src/
AuthenticationHttpContextExtensions.cs
https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/Cookies/src/
CookieAuthenticationHandler.cs
Authorization
AuthorizeAttribute only a marker attribute, it does not contain behavior,
authentication is handled in AuthorizationMiddleware and AuthorizationFilter
(legacy)

AuthoriztionPolicy contains a list of Requirements


Each Requirement need one or more AuthenticationHander
AuthorizationService: authorize the current user again Requirements

Role and Claim are built-in policies

https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authorization/Core/src/AuthorizeAttribute.cs

https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs

https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authorization/Core/src/DefaultAuthorizationService.cs
Custom Authorization Policy Provider

Typically, when using policy-based authorization, policies are registered by


calling AuthorizationOptions.AddPolicy as part of authorization service
configuration.

In some scenarios, it may not be possible (or desirable) to register all


authorization policies in this way. In those cases, you can use a custom
IAuthorizationPolicyProvider to control how authorization policies are supplied

https://github.com/thiennn/aspnetcore-samples/tree/main/CustomAuthorizationPolicyProvider
Global Exception Handling
Don’t write your custom ExceptionHandlerMiddleware

Use built-in ExceptionHanlderMiddleware and write your


GlobalExceptionHandler that implement IExceptionHandler if needed.

https://github.com/dotnet/aspnetcore/blob/main/src/Middleware/Diagnostics/src/
ExceptionHandler/ExceptionHandlerMiddlewareImpl.cs
Source code of demo
https://github.com/thiennn/aspnetcore-samples
Thank you

You might also like