Tutorials ASP.NET Core Complete Tutorial (ShopNest)

Middleware in ASP.NET Core — Complete Guide

Learn Middleware in ASP.NET Core — Complete Guide in our free ASP.NET Core Complete Tutorial (ShopNest) series. Step-by-step explanations, examples, and interview tips on Toolliyo Academy.

On this page
Middleware in ASP.NET Core — Complete Guide — ShopNest
Article 24 of 75 · Module 3: Dependency Injection & Middleware · ShopNest API Gateway / Request Logging
Target keyword: middleware asp.net core · Read time: ~29 min · .NET: 8 / 9 · Project: ShopNest API Gateway / Request Logging

Introduction

Middleware forms the ASP.NET Core pipeline — each component can inspect, modify, or short-circuit the HTTP request. Like airport security: every passenger (request) passes checkpoints in a fixed order before reaching the gate (controller).

After this article you will

  • Understand pipeline order: Exception → HTTPS → Static → Routing → Auth → Endpoints
  • Build custom logging and timing middleware
  • Short-circuit with Run/Map
  • Compare IMiddleware vs convention-based middleware
  • Know when middleware beats action filters

Prerequisites

Concept deep-dive

Correct order (simplified)

ExceptionHandler → HTTPS → StaticFiles → Routing → CORS
→ Authentication → Authorization → Endpoints

Bug example: UseAuthorization() before UseAuthentication() — user is never authenticated, all [Authorize] fails mysteriously.

// Convention-based middleware
public class RequestTimingMiddleware
{
    private readonly RequestDelegate _next;
    private readonly ILogger<RequestTimingMiddleware> _logger;

    public RequestTimingMiddleware(RequestDelegate next, ILogger<RequestTimingMiddleware> logger)
    {
        _next = next;
        _logger = logger;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        var sw = Stopwatch.StartNew();
        await _next(context);
        sw.Stop();
        _logger.LogInformation("{Method} {Path} {Status} {Ms}ms",
            context.Request.Method, context.Request.Path,
            context.Response.StatusCode, sw.ElapsedMilliseconds);
    }
}

// Register
app.UseMiddleware<RequestTimingMiddleware>();

IMiddleware: resolved from DI per request — inject scoped services safely. Inline: app.Use(async (ctx, next) => { ... });

MiddlewareAction filters
Entire pipeline, all requestsMVC/API actions only
Routing, auth, static filesModel binding, validation, caching per action

Hands-on — ShopNest API Gateway / Request Logging

  1. RequestTimingMiddleware — log duration and status code.
  2. RequestResponseLoggingMiddleware — log body in Development only (mask passwords).
  3. Map("/health", app => app.Run(async ctx => await ctx.Response.WriteAsync("OK"))).
  4. Verify order in Program.cs matches diagram above.

Common errors & best practices

  • Middleware after MapControllers that never calls next — later middleware skipped.
  • Reading request body without EnableBuffering — stream consumed, model binding breaks.
  • Heavy logic in middleware for one route — use filters or endpoint metadata instead.

Interview questions

Q: Middleware order?
A: First registered runs first on way in; reverse on way out — auth before authorization.

Q: Short-circuit?
A: Don't call next() — pipeline stops, response sent (e.g. IP block).

Q: Middleware vs filter?
A: Middleware for cross-cutting HTTP concerns; filters for MVC action pipeline.

Summary

  • Pipeline order is critical — auth before authorization
  • Custom middleware logs ShopNest API gateway traffic
  • IMiddleware enables DI in middleware classes
  • Use Map/Run for branch pipelines

Previous: Dependency Injection
Next: Configuration in ASP.NET Core

FAQ

Can middleware access DbContext?

Use IMiddleware with scoped injection, not singleton middleware holding DbContext.

Where put rate limiting?

.NET 8 built-in rate limiter middleware before endpoints.

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

ASP.NET Core Complete Tutorial (ShopNest)
Course syllabus
Module 1: Foundations
Module 2: Entity Framework Core
Module 3: Dependency Injection & Middleware
Module 4: Authentication & Security
Module 5: Web API
Module 6: Advanced Architecture
Module 7: Testing
Module 8: Deployment & DevOps
Module 9: Real-World Projects
Module 10: Advanced Topics
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details