Exploring ASP.NET Core 9.0's Groundbreaking Features and Updates

Summary

Sources

learn.microsoft.comlearn.microsoft.com

Welcome to the latest update on ASP.NET Core, where the focus is on the release of ASP.NET Core 9.0. This new version brings an array of enhancements and features that equip developers with advanced tools to build robust, modern web applications. Lets explore these updates in detail. Starting with Blazor, a significant highlight is the .NET MAUI Blazor Hybrid and Web App solution template. This template simplifies the process of creating cross-platform apps, allowing code reuse across a variety of platforms including Android, iOS, Mac, Windows, and the Web. The template includes a Blazor interactive render mode for web apps and sets up a .NET MAUI Blazor Hybrid app, both of which share a Razor class library to maintain UI components. It also provides sample code for implementing dependency injection in these apps. This innovation streamlines the development process, fostering greater efficiency and integration. A new middleware called MapStaticAssets has been introduced to optimize static asset delivery. This middleware is a game-changer for any ASP.NET Core application, including Blazor apps, by automating the optimization of static resources at build and publish times, thus ensuring efficient delivery to the browser. Detecting rendering location, interactivity, and assigned render mode at runtime has become more straightforward with a new API. Developers can now determine a components current execution location, check if its running in an interactive environment, and retrieve its render mode. These capabilities are particularly useful for debugging, performance optimization, and enhancing component behavior based on interactivity. Server-side Blazor apps now offer an improved reconnection experience. Enhancements include immediate reconnection attempts upon navigating back to a disconnected app, automatic page refreshes when the server has released the circuit, and a computed backoff strategy for reconnect timing. The default UI for reconnection has also been updated with a modernized style. Simplifying authentication state serialization in Blazor Web Apps is now possible with new APIs. These APIs make it easier to add authentication to existing Blazor Web Apps, especially when leveraging WebAssembly-based interactivity. Authentication state is serialized into HTML comments and then read back from WebAssembly to create a new AuthenticationState instance. Adding static server-side rendering pages to globally interactive Blazor Web Apps is more convenient with the release of .NET 9. The new [ExcludeFromInteractiveRouting] attribute ensures that navigation to a page causes a full-page reload rather than resolving via interactive routing. This feature is useful for pages that require a request/response cycle, such as those dependent on HTTP cookies. Constructor injection is now supported in Razor components, allowing for a cleaner and more efficient way to inject services. For Interactive Server components, WebSocket compression is enabled by default, with options to disable it or configure a stricter frame-ancestors Content Security Policy (CSP) directive. Handling keyboard composition events is crucial for international character input methods, and Blazor now tracks the composition state of keyboard events with the KeyboardEventArgs.IsComposing property. The QuickGrid component has been enhanced with an OverscanCount parameter to specify additional rows to be rendered in virtualized contexts. SignalR introduces several new features, including polymorphic type support in SignalR Hubs, improved activities with an ActivitySource named Microsoft.AspNetCore.SignalR.Server, and support for trimming and native ahead-of-time (AOT) compilation. These updates pave the way for more versatile real-time communication in web applications. Minimal APIs have been extended with new features, such as the ability to return 500 Internal Server Error responses with TypedResults and updated extension methods for indicating ProblemDetails or ValidationProblemDetails responses in route groups. OpenAPI, the standard for describing HTTP APIs, now has built-in support for document generation in ASP.NET Core via the Microsoft.AspNetCore.OpenApi package. This support includes Intellisense completion enhancements, support for [Required] and [DefaultValue] attributes, schema transformers, and improved transformer registration APIs. OpenAPI also now supports trimming and Native AOT. For authentication and authorization, the OpenIdConnectHandler adds support for Pushed Authorization Requests (PAR). AdditionalAuthorizationParameters option simplifies customization of authorization message parameters. HTTP.sys extended authentication flags now offer more control over Windows authentication handling. Lastly, the new HybridCache library offers a unified API for both in-process and out-of-process caching with features like stampede protection and configurable serialization. The library aims to be a drop-in replacement for existing caching mechanisms. ASP.NET Core 9.0 also includes miscellaneous improvements such as enhanced debugging for dictionaries, a developer exception page with endpoint metadata, and the ability to opt-out of HTTP metrics on specific endpoints. Furthermore, theres a fix for 503 errors during app recycling in IIS, and now developers can delete data protection keys, although this should be approached with caution. In summary, ASP.NET Core 9.0 introduces a suite of advancements that will significantly impact web development, offering new levels of efficiency, performance optimization, and robust functionality for building modern web applications. With these tools at their disposal, developers can look forward to creating even more dynamic and responsive web experiences. Moving forward, the Blazor framework has received substantial enhancements in ASP.NET Core 9.0, which are poised to push the boundaries of web and cross-platform development. A standout feature is the .NET MAUI Blazor Hybrid and Web App solution template. This innovation marks a significant stride towards unifying the development experience across multiple platforms. The new solution template is engineered to facilitate the creation of applications that are not only native to Android, iOS, Mac, and Windows but are also capable of running as web apps. This cross-platform capability is achieved without sacrificing the ability to share a user interface. Developers can now write their UI once and have it run seamlessly across all these platforms, thereby eliminating the need to duplicate efforts for different operating systems. The template comes equipped with the option to choose Blazors interactive render mode for the web application part of the project. This mode is essential for ensuring that the user interface remains responsive and dynamic, reacting to user interactions as expected in a modern web app. In addition to interactive render modes, the template enhances the developer experience by automating the creation of the necessary projects. This includes a Blazor Web App with global interactive auto rendering and a .NET MAUI Blazor Hybrid app. Both of these projects leverage a shared Razor class library for maintaining the UIs Razor components, ensuring consistency and reusability. Furthermore, the template provides sample code to demonstrate the use of dependency injection, a pattern that is crucial for creating scalable and maintainable applications. By providing different interface implementations for the Blazor Hybrid app and the Blazor Web App, developers can fine-tune their applications for the specific needs of each platform. In essence, the new Blazor enhancements in ASP.NET Core 9.0 are a testament to the frameworks commitment to providing versatile and powerful tools for developers. These updates are not just about new features; they represent a paradigm shift in how applications are built and delivered across diverse platforms, ushering in a new era of development efficiency and user experience. In the realm of performance, ASP.NET Core 9.0 introduces the MapStaticAssets middleware, a pivotal feature designed to enhance the efficiency of static asset delivery. Performance, often a critical determinant of user satisfaction and SEO ranking, is given a considerable boost through this new addition. The middleware primarily addresses the challenge of serving static files, such as images, scripts, and stylesheets, in an optimized manner. It automates the optimization process, which traditionally required a significant amount of manual intervention and expertise. One of the cornerstones of the MapStaticAssets middleware is build-time compression. This process occurs during the build and publish stages, where all assets are compressed to reduce their size. By employing both gzip and brotli compression algorithms, the middleware ensures that the assets are as lightweight as possible, which in turn results in faster transmission over the network. Another key aspect of this middleware is the use of content-based ETags. An ETag, short for entity tag, is part of the HTTP protocol and is used as a mechanism for web cache validation. MapStaticAssets generates ETags based on the SHA-256 hash of the content. This means that the browser only needs to re-download a file if the content has indeed changed. This approach prevents unnecessary network requests, ensuring that the browser cache is effectively leveraged to minimize load times and bandwidth usage. By integrating these performance optimizations, MapStaticAssets middleware drastically reduces the number of bytes transferred over the network. This is especially beneficial for users with limited bandwidth or those accessing applications from mobile devices, where network conditions can be less predictable. The introduction of MapStaticAssets middleware thus represents a significant stride forward in the optimization of web applications. It simplifies developers tasks by automating complex optimizations and ensures that applications built with ASP.NET Core 9.0 can deliver content to users more quickly and efficiently than ever before. This not only enhances the end-user experience but also aligns with best practices for web performance optimization. Shifting focus to API development, ASP.NET Core 9.0 brings to the table built-in support for OpenAPI document generation. This feature is a boon for developers, as OpenAPI has become the industry standard for defining and documenting RESTful APIs. With this integration, ASP.NET Core now simplifies the process of generating and maintaining comprehensive API documentation. OpenAPI support is seamlessly woven into the fabric of ASP.NET Core 9.0 through the Microsoft.AspNetCore.OpenApi package. This marks a departure from third-party solutions, providing a more cohesive and streamlined experience. Developers can now automatically generate OpenAPI documents for both controller-based and minimal APIs, with the ability to manage multiple documents for a single application. This built-in feature not only aids in the design and testing phases but also significantly enhances the discoverability and usability of APIs for client developers. In addition to OpenAPI advancements, SignalR in ASP.NET Core 9.0 has seen notable improvements. SignalR, the library responsible for enabling real-time web functionality, now supports polymorphic type handling in Hubs. This allows Hub methods to accept parameters as base classes, paving the way for more flexible and dynamic client-server communication. SignalR also introduces an ActivitySource named Microsoft.AspNetCore.SignalR.Server that emits events for hub method calls, providing deeper insights into hub activities. The journey towards optimizing SignalR continues with support for trimming and native Ahead-Of-Time (AOT) compilation. These enhancements are part of an ongoing effort to reduce the size of applications and improve performance, particularly important for scenarios such as Blazor WebAssembly where download size directly impacts startup time. The combination of OpenAPI and SignalR updates in ASP.NET Core 9.0 emblemizes Microsofts commitment to not only keeping pace with evolving web standards but also to enhancing developer productivity. These updates ensure that developers have the most modern and efficient tools at their disposal to build, document, and deploy interactive, real-time web applications. Tackling the crucial aspects of security, ASP.NET Core 9.0 enhances authentication and authorization mechanisms, fortifying web applications against potential threats and ensuring that user credentials are managed safely and effectively. A standout feature in this space is the support for Pushed Authorization Requests (PAR). PAR represents a significant advancement in the security of OAuth and OIDC flows. By shifting authorization parameters from the potentially vulnerable front channel to the more secure back channel, PAR reduces the risk of sensitive information exposure and tampering. This alignment with the Financial-grade API (FAPI) working groups recommendations demonstrates ASP.NET Cores commitment to adopting high security standards, especially relevant in sectors with stringent security requirements such as banking and healthcare. Customization has also been made more accessible with the introduction of an option to easily modify OAuth and OIDC authorization message parameters. This refinement simplifies the process, saving time and reducing the likelihood of errors when integrating with different identity providers. Furthermore, ASP.NET Core 9.0 introduces new options to configure extended authentication flags for HTTP.sys, the web server for ASP.NET Core that runs directly on the Windows HTTP Server API. These options include the EnableKerberosCredentialCaching and CaptureCredentials properties, which offer enhanced control over how Windows authentication is performed, optimizing it for various application scenarios. These authentication and authorization improvements are not just marginal tweaks but pivotal enhancements that bolster the security posture of ASP.NET Core applications. By providing robust, flexible, and easy-to-use authentication and authorization features, ASP.NET Core 9.0 ensures that developers can build secure applications with confidence, thus safeguarding user data and enhancing the overall trustworthiness of the web ecosystem.