0

I have implemented Andrew Lock's version of using the AnalysisDiagnosticAdapter as he describes here https://andrewlock.net/understanding-your-middleware-pipeline-in-dotnet-6-with-the-middleware-analysis-package/

var builder = WebApplication.CreateBuilder(args);
    
builder.Services.Insert(0, ServiceDescriptor.Transient<IStartupFilter, AnalysisStartupFilter>());
    
    builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)
                .AddCookie(IdentityConstants.ApplicationScheme);
    
builder.Services.AddAuthorization(builder => {
    
                builder.DefaultPolicy = new AuthorizationPolicyBuilder()
                    .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
                    .RequireAuthenticatedUser()
                    .Build();
    
                builder.FallbackPolicy = new AuthorizationPolicyBuilder()
                    .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
                    .RequireAuthenticatedUser()
                    .Build();
                
                builder.AddPolicy("appscheme-policy", pb => pb
                    .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
                    .RequireClaim("abc", "def")
                    .RequireAuthenticatedUser()
                    .Build());
            });
    
var app = builder.Build();
    
var listener = app.Services.GetRequiredService<DiagnosticListener>();
var observer = ActivatorUtilities.CreateInstance<AnalysisDiagnosticAdapter>(app.Services);
var disposable = listener.SubscribeWithAdapter(observer);
    
app.UseAuthentication();
app.UseAuthorization();
    
app.MapGet("/", () => "Hello");
    
app.MapGet("/login", (HttpContext ctx) => {
                var p = new ClaimsPrincipal(
                new ClaimsIdentity(     
                    new Claim[] {         
                    new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString())
                    },
                    IdentityConstants.ApplicationScheme          
                ));
                ctx.SignInAsync(IdentityConstants.ApplicationScheme, p);
    }).AllowAnonymous();
    
app.MapGet("/logout", (HttpContext ctx) => {
        ctx.SignOutAsync(IdentityConstants.ApplicationScheme);
    }).RequireAuthorization("appscheme-policy");
    
app.Run();

The diagnostic events printed to the debug console do not include the AuthorizationMiddleware. I can see the AuthorizationMiddleware, in the stack, in the debugger. If I place a call to app.UseStaticFiles() before the call to app.UseAuthentication(), then I will not see the AuthenticationMiddleware printed to the debug console, but, again, I can see it in the stack. In other words, the AddMiddlewareAnalysis doesn't display a result for any but the first middleware I call with some Use* method. To be clear, I do see the HostFilteringMiddleware, the EndpointRoutingMiddleware, the DeveloperExceptionPageMiddleware, and the EndpointMiddleware. In other words, I see everything registered automatically by the .Build() call, but I only see the first one I manually register using some Use* call.

docjosh
  • 85
  • 1
  • 1
  • 8

0 Answers0