2

Pretty much as the title states - I'm struggling to find the best balance between:

  1. Having Miniprofiler run 'high up' enough in the middleware chain that it can 'see' the full picture of a request.

  2. Finding a way to Authorize requests through ResultsAuthorize so that I can run MP in production.

Currently I am just enabling MP in non-Production requests - but I would like to be able to widen this and run it in Production to authorized users (developers).

In the docs (https://miniprofiler.com/dotnet/AspDotNetCore) I believe the inference is that it should be included first which I am currently doing - and which is great as I can see the contribution to the execution time of all of the other middleware (which is sometimes non-negligible).

The downside however is that I believe running it before app.UseAuthentication()and app.UseAuthorization() means that I have none of the normal ASP.NET Identity machinery available to drive this. I've toyed also with authorizing the user seperately and setting a session variable - but again that relies on app.UseSession() running first.

I would like to find a balance between these constraints and am interested in what other guidelines/implementations there are out there, perhaps even StackOverflow itself (in the in-progress .net core port).

Kieran Benton
  • 8,739
  • 12
  • 53
  • 77
  • Did you ever figure this one out? I'm hitting the same wall. – JohnC May 31 '20 at 22:23
  • I went the 'run it after UseSession, and have another endpoint to check authorisation and then mark the session with a flag' route. Not ideal, but it kind of makes sense. – Kieran Benton Jun 25 '20 at 11:02

0 Answers0