Why middleware matters
Middleware lets you run logic before or after an endpoint without putting that logic inside every controller action. Typical uses:- CORS
- Request logging
- Route-aware auditing
- Short-circuiting blocked requests
- Adding data to
Context.Items
Prefix middleware
UseRegisterMiddleware(...) to attach middleware to a route path or path prefix.
Next(Context) after short-circuiting.
A practical CORS pattern
Pipeline stages
Use the overload withMiddlewareStage when a middleware depends on data only available later:
InfrastructureRoutingPreAuthorizationAuthorizationPostAuthorizationPreHandlerHandlerPostHandler
- Route parameters are available from
Routingand later - Authorization state is available from
Authorizationand later Handleris reserved for the endpoint itself
Attribute-based middleware
Attach middleware directly to controllers and methods with[Middleware].
[Middleware] are constructed through Router.ServiceProvider, so constructor injection works for middleware classes too.
Default middleware behavior
RegisterMiddleware("/path", Middleware)defaults toPreHandlerfor all supported verbsRegisterMiddleware(HttpMethodType.Get, "/path", Middleware)defaults toPreHandlerfor the exact method and path- Controller-level
[Middleware]defaults toPreHandler - Method-level
[Middleware]defaults toPreHandler - Controller-level middleware runs before method-level middleware
MiddlewareStage instead of relying on the default.
Middleware types declared in
[Middleware] must inherit MiddlewareBase.