InfoQ Homepage News ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
ASP.NET Core Updates in .NET 9 Preview 2: Blazor, OIDC, OAuth and Configuring HTTP.sys
This item in japanese
Mar 26, 2024 1 min read
Write for InfoQ
Feed your curiosity. Help 550k+ globalsenior developers
each month stay ahead.Get in touch
Microsoft released .NET 9 Preview 2 which contains updates regarding ASP.NET Core: Blazor component constructor injection and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
Blazor components now support the constructor injection of configured services, complementing the existing capabilities of injecting service properties through @inject or using the [Inject] attribute. Microsoft presented the feature in the following example, in which a component uses constructor injection via a basic C# constructor to access the NavigationManager service:
Blazor component constructor injection (Source: Microsoft blog)
Blazor's interactive server rendering now incorporates WebSocket protocol compression by default, leading to substantial reductions in message payload size. Additionally, to reduce the potential risks of compression attacks on secure connections, Interactive Server Rendering adopts a default Content Security Policy (CSP) ancestor frame: 'self', restricting application embedding solely to pages originating from the same source.
To change the frame-ancestors source, developers must use the ContentSecurityFrameAncestorsPolicy option:
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode(o => o.ContentSecurityFrameAncestorsPolicy="'none'");
For disabling compression, there is the DisableWebSocketCompression option:
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode(o => o.DisableWebSocketCompression = true);
Moreover, the OAuth and OIDC authentication procedures have a new AdditionalAuthorizationParameters option, facilitating customization of authorization message parameters commonly included in redirect request strings. This can be done in this way:
builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
options.AdditionalAuthorizationParameters.Add("prompt", "login");
options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
});
The next feature is about configuring HTTP.sys extended authentication flags. Developers can configure the HTTP_AUTH_EX_FLAG_ENABLE_KERBEROS_CREDENTIAL_CACHING and HTTP_AUTH_EX_FLAG_CAPTURE_CREDENTIAL HTTP.sys flags using the new EnableKerberosCredentialCaching and CaptureCredentials properties in HTTP.sys AuthenticationManager to optimise how Windows authentication is handled.
In the latest release also appeared the new AllowOutOfOrderMetadataProperties config in System.Text.Json. In the comment section, Weihan Li, a .NET software development engineer, noted a change that introduces support for out-of-order metadata reads in the JsonSerializer, alongside ensuring that JSON property names are always unescaped during reading.
The roadmap for the ASP.NET Core in .NET 9 is available in the Github repository.
This content is in the .NET topic
Related Topics:
-
Related Editorial
-
Related Sponsors
-
Popular across InfoQ
-
Microsoft Patches Critical ASP.NET Core Vulnerability with 9.9 Severity Score
-
GitHub Expands Copilot Ecosystem with AgentHQ
-
Redis Critical Remote Code Execution Vulnerability Discovered after 13 Years
-
Monzo’s Real-Time Fraud Detection Architecture with BigQuery and Microservices
-
AWS Launches Capabilities by Region Tool
-
Architecture Should Model the World as it Really is: a Conversation with Randy Shoup
-
Related Content
The InfoQ Newsletter
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example