I would like to know whether I am
(a) engaging in good coding practices,
(b) repeating myself harmlessly, or
(c) adding inefficient redundancies
For example:
1) In Configure() I can add RewriteOptions().AddRedirectToHttps();
2) In ConfigureServices() I can add services.Configure<MvcOptions>(options => { options.Filters.Add(new RequireHttpsAttribute()); });
Another example:
1) In Configure() I can add app.UseAuthentication();
2) In ConfigureServices() I can add .RequireAuthenticatedUser()
to my AddMvc()
call.
It seems in both examples that I can get away with just one call. Am I free and clear to keep only one call? And if so, which one is the better to keep?
I've searched around a fair bit and I can see all of these approaches in use, but I haven't found a resource that compares the relative merits of these calls, let alone indicates whether it's good or bad practice to use them together.
To take your first example:
1) In
Configure()
I can addRewriteOptions().AddRedirectToHttps()
;2) In
ConfigureServices()
I can addservices.Configure<MvcOptions>(options => { options.Filters.Add(new RequireHttpsAttribute()); });
Both of these achieve essentially the same thing - they will redirect HTTP requests to HTTPS. The difference is which requests they are applied to.
If you use the rewriter middleware, all requests that make it to the middleware will be redirected to HTTPS.
public void Configure(IApplicationBuilder app)
{
app.UseStaticFiles(); // Requests handled by this middleware won't be redirected to HTTPS
var options = new RewriteOptions()
.AddRedirectToHttps();
app.UseRewriter(options); // All requests that make it this far will be redirected from HTTP to HTTPS
app.UseMvc(); // Requests guaranteed to be HTTPS
}
In the second case, where you use a global filter to apply the RequireHttpsAttribute
, only requests that make it to the MvcMiddleware
will be redirected to HTTPS.
In terms of best practices, I recommend using the rewriter middleware - you can add it to the start of your middleware pipeline, and then all of your requests are required to HTTPS, instead of just the requests that make it to the MVC middleware.
In your second example, the two methods actually do different things:
app.UseAuthentication()
- authenticates the request, and sets the User
associated with the request by eg deserializing the user principal stored in the cookie RequireAuthenticatedUser()
- Requires that a User has logged in before action methods on your controllers are called. If the user hasn't logged in, they are redirected to the login page. In this case, you must call app.UseAuthentication()
before app.UseMvc()
, otherwise the User
for the request will not be set even if you've logged in, and you will be redirected to the login page.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.