-
Notifications
You must be signed in to change notification settings - Fork 25.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document what's new in ASP.NET Core for .NET 9 Preview 7 #33031
Comments
(Added to What's New as an include with PR #33318) SignalR supports trimming and native AOTContinuing the native AOT journey we started in .NET 8, we have enabled trimming and native AOT support for both SignalR client and server scenarios. You can now take advantage of the performance benefits of using native AOT in applications that use SignalR for real-time web communications. Getting startedUsing the using Microsoft.AspNetCore.SignalR;
using System.Text.Json.Serialization;
var builder = WebApplication.CreateSlimBuilder(args);
builder.Services.AddSignalR();
builder.Services.Configure<JsonHubProtocolOptions>(o =>
{
o.PayloadSerializerOptions.TypeInfoResolverChain.Insert(0, AppJsonSerializerContext.Default);
});
var app = builder.Build();
app.MapHub<ChatHub>("/chatHub");
app.MapGet("/", () => Results.Content("""
<!DOCTYPE html>
<html>
<head>
<title>SignalR Chat</title>
</head>
<body>
<input id="userInput" placeholder="Enter your name" />
<input id="messageInput" placeholder="Type a message" />
<button onclick="sendMessage()">Send</button>
<ul id="messages"></ul>
<script src="https://cdnjs.cloudflare.com/ajax/libs/microsoft-signalr/8.0.7/signalr.min.js"></script>
<script>
const connection = new signalR.HubConnectionBuilder()
.withUrl("/chatHub")
.build();
connection.on("ReceiveMessage", (user, message) => {
const li = document.createElement("li");
li.textContent = `${user}: ${message}`;
document.getElementById("messages").appendChild(li);
});
async function sendMessage() {
const user = document.getElementById("userInput").value;
const message = document.getElementById("messageInput").value;
await connection.invoke("SendMessage", user, message);
}
connection.start().catch(err => console.error(err));
</script>
</body>
</html>
""", "text/html"));
app.Run();
[JsonSerializable(typeof(string))]
internal partial class AppJsonSerializerContext : JsonSerializerContext { }
public class ChatHub : Hub
{
public async Task SendMessage(string user, string message)
{
await Clients.All.SendAsync("ReceiveMessage", user, message);
}
} Produces a native Windows executable of Limitations
|
@halter73 the only customer-facing change worth mentioning is the new analyzer that you've done (AllowAnonymous / Authorize). Can you please drop a note as a comment here with the details about it? Thanks! |
The AllowAnonymous / Authorize changes were covered in preview 6. #32960 (comment) |
OpenIdConnectHandler adds support for Pushed Authorization Requests (PAR)We'd like to thank @josephdecock from @DuendeSoftware for adding Pushed Authorization Requests (PAR) to ASP.NET Core's
For preview7, we have decided to enable PAR by default if the identity provider's discovery document (usually found at builder.Services
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(oidcOptions =>
{
// Other provider-specific configuration goes here.
// The default value is PushedAuthorizationBehavior.UseIfAvailable.
oidcOptions.PushedAuthorizationBehavior = PushedAuthorizationBehavior.Disable;
}); If you want to ensure that authentication only succeeds if PAR is used, you can use @josephdecock @brockallen @JeremyLikness @blowdart @jennyf19 @janmarques @brentschmaltz Let me know if you think there's any improvements we should make to the above for the preview7 announcement. |
Support calling
|
Data Protection adds support for deleting keysHistorically, it has been intentionally impossible to delete data protection keys because doing so makes it impossible to decrypt any data protected with them (i.e. causing data loss). Fortunately, keys are quite small, so the impact of accumulating many of them is minor. However, in order to support very long running services, we've added the ability to explicitly delete (typically, very old) keys, accepting the risk of data loss in exchange for storage savings. Our guidance remains that data protection keys should not be deleted. [I'd rather not include this code snippet, but here it is:] var keyManager = services.GetService<IKeyManager>();
if (keyManager is IDeletableKeyManager deletableKeyManager)
{
var utcNow = DateTimeOffset.UtcNow;
var yearGo = utcNow.AddYears(-1);
if (!deletableKeyManager.DeleteKeys(key => key.ExpirationDate < yearGo))
{
throw new InvalidOperationException("Failed to delete keys.");
}
} |
Customize Kestrel named pipe endpointsKestrel's named pipe support has been improved with advanced customization options. The new An example of where this is useful is a Kestrel app that requires two pipe endpoints but with different security. The var builder = WebApplication.CreateBuilder();
builder.WebHost.ConfigureKestrel(options =>
{
options.ListenNamedPipe("pipe1");
options.ListenNamedPipe("pipe2");
});
builder.WebHost.UseNamedPipes(options =>
{
options.CreateNamedPipeServerStream = (context) =>
{
var pipeSecurity = CreatePipeSecurity(context.NamedPipeEndpoint.PipeName);
return NamedPipeServerStreamAcl.Create(context.NamedPipeEndPoint.PipeName, PipeDirection.InOut,
NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte,
context.PipeOptions, inBufferSize: 0, outBufferSize: 0, pipeSecurity);
};
}); |
Add option to ExceptionHandlerMiddleware to choose status code based on exceptionThere is a new option when configuring the app.UseExceptionHandler(new ExceptionHandlerOptions
{
StatusCodeSelector = ex => ex is TimeoutException
? StatusCodes.Status503ServiceUnavailable
: StatusCodes.Status500InternalServerError,
}); Thanks to @latonz for contributing this new option! |
Opt-out of HTTP metrics on certain endpoints and requests.NET 9 adds the ability to opt-out of HTTP metrics and not record a value for certain endpoints and requests. It's common for apps to have endpoints that are frequently called by automated systems, such as a health checks endpoint. Recording information about those requests isn't useful. HTTP requests to an endpoint can be excluded from metrics by adding metadata. Either add the var builder = WebApplication.CreateBuilder(args);
builder.Services.AddHealthChecks();
var app = builder.Build();
app.MapHealthChecks("/healthz").DisableHttpMetrics();
app.Run(); In more advanced scenarios where a request doesn't map to an endpoint, or you want to opt-out HTTP requests dynamically, the // Middleware that conditionally opts-out HTTP requests.
app.Use(async (context, next) =>
{
if (context.Request.Headers.ContainsKey("x-disable-metrics"))
{
context.Features.Get<IHttpMetricsTagsFeature>()?.MetricsDisabled = true;
}
await next(context);
}); |
Improved security and performance observability with Kestrel connection metricsWe've made a significant improvement to Kestrel's connection metrics by including metadata about why a connection failed. The Here is a small sample of
Previously, diagnosing Kestrel connection issues required a server to record detailed, low-level logging. The problem with logs is they're expensive to generate and store. And it can be difficult to find the right information amongst the noise. Metrics are a much cheaper alternative that can be left on in a production environment with minimal impact. Collected metrics can drive dashboards and alerts. Once a problem is identified at a high-level with metrics, further investigation using logging and other tooling can begin. We expect improved connection metrics to be useful in many scenarios:
Learn more about ASP.NET Core metrics here. |
@Rick-Anderson and @tdykstra, It is not clear to me if it is OK now to do PR's adding the new sections (I have one ready to submit). Assuming the process would be to do the PR, get the review and merge to main, but ensure it is not merged to live. I don't remember us using a fork or anything last time. |
Got my answer offline, will PR now, thanks! Added PR #33318 SignalR supports trimming and native AOT |
Description
Update the "What's new in ASP.NET Core 9.0" for .NET 9 Preview 7
.NET 9 preview releases
Page URL
https://learn.microsoft.com/en-us/aspnet/core/release-notes/aspnetcore-9.0?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/release-notes/aspnetcore-9.0.md
Document ID
4e75ad25-2c3f-b28e-6a91-ac79a9c683b6
Article author
@Rick-Anderson
Associated WorkItem - 291114
The text was updated successfully, but these errors were encountered: