Middleware Injection¶
Warning: Use with caution! If you notice any exceptions or strange behavior in your middleware pipeline and are using any of the following, remove your custom middlewares and try again.
When setting up Ocelot in your Program, you can provide additional middleware and override it with your custom middlewares. This is done as follows:
// Set it up: configuration, services, etc.
// Middleware setup is only possible during the final stage of app configuration and execution
var app = builder.Build();
var pipeline = new OcelotPipelineConfiguration
{
PreErrorResponderMiddleware = async (context, next) =>
{
await next.Invoke();
}
};
await app.UseOcelot(pipeline);
await app.RunAsync();
In the example above, the provided function will run before the first piece of Ocelot middleware. This allows users to supply any behavior they want before and after the Ocelot pipeline has run. Be cautious, as this means you can break everything — use at your own risk or pleasure!
OcelotPipelineConfiguration Class¶
Class: OcelotPipelineConfiguration
The user can set middleware-functions aka custom user’s middleware against the following:
Middleware |
Description |
|---|---|
PreErrorResponderMiddlewarePrev:
ExceptionHandlerMiddlewareNext:
ResponderMiddleware |
This is called after the global error-handling middleware, so any code before calling |
ResponderMiddlewarePrev:
PreErrorResponderMiddlewareNext:
DownstreamRouteFinderMiddleware |
This allows the user to completely override Ocelot’s ResponderMiddleware. [1] |
PreAuthenticationMiddlewarePrev:
RequestIdMiddlewareNext:
AuthenticationMiddleware |
This allows the user to run any extra authentication before the Ocelot authentication kicks in. |
AuthenticationMiddlewarePrev:
PreAuthenticationMiddlewareNext:
ClaimsToClaimsMiddleware |
This allows the user to completely override Ocelot’s AuthenticationMiddleware. [1] |
PreAuthorizationMiddlewarePrev:
ClaimsToClaimsMiddlewareNext:
AuthorizationMiddleware |
This allows the user to run any extra authorization before the Ocelot authorization kicks in. |
AuthorizationMiddlewarePrev:
PreAuthorizationMiddlewareNext:
ClaimsToHeadersMiddleware |
This allows the user to completely override Ocelot’s AuthorizationMiddleware. [1] |
ClaimsToHeadersMiddlewarePrev:
AuthorizationMiddlewareNext:
PreQueryStringBuilderMiddleware |
This allows the user to completely override Ocelot’s ClaimsToHeadersMiddleware. [1] |
PreQueryStringBuilderMiddlewarePrev:
ClaimsToHeadersMiddlewareNext:
ClaimsToQueryStringMiddleware |
This allows the user to implement own query string manipulation logic. |
Obviously, you can add the mentioned Ocelot middleware overrides as normal before the call to app.UseOcelot.
They cannot be added afterward because Ocelot does not invoke subsequent middleware overrides based on the specified middleware configuration.
As a result, the next-called middleware will not affect the Ocelot configuration.
Ocelot Pipeline Builder¶
Class:Ocelot.Middleware.OcelotPipelineExtensionsMethod:BuildOcelotPipeline(IApplicationBuilder, OcelotPipelineConfiguration)
The Ocelot pipeline is part of the entire ASP.NET Core Middleware conveyor, also known as the app pipeline.
The BuildOcelotPipeline method encapsulates the Ocelot pipeline.
The last middleware in the BuildOcelotPipeline method is HttpRequesterMiddleware, which calls the next middleware if it is added to the pipeline.
The internal HttpRequesterMiddleware is part of the pipeline, but it is private and cannot be overridden since this middleware is not included in the list of user-accessible public middlewares that can be overridden. Therefore, it is the final middleware in both the Ocelot and ASP.NET pipelines, and it handles non-user operations. The last user (public) middleware that can be overridden is PreQueryStringBuilderMiddleware, which is read from the pipeline configuration object. For more details, see the previous OcelotPipelineConfiguration Class section.
To understand the actual order of middleware execution, here is a quick list of them, with an asterisk (*) marking the ones that can be overridden:
ConfigurationMiddlewareExceptionHandlerMiddlewarePreErrorResponderMiddleware*ResponderMiddleware*DownstreamRouteFinderMiddlewareMultiplexingMiddlewareSecurityMiddlewareHttpHeadersTransformationMiddlewareDownstreamRequestInitialiserMiddlewareRateLimitingMiddlewareRequestIdMiddlewarePreAuthenticationMiddleware*AuthenticationMiddleware*ClaimsToClaimsMiddlewarePreAuthorizationMiddleware*AuthorizationMiddleware*ClaimsToHeadersMiddleware*PreQueryStringBuilderMiddleware*ClaimsToQueryStringMiddlewareClaimsToDownstreamPathMiddlewareLoadBalancingMiddlewareDownstreamUrlCreatorMiddlewareOutputCacheMiddlewareHttpRequesterMiddleware
Considering that PreQueryStringBuilderMiddleware and HttpRequesterMiddleware are the final user and system middleware, there are no other middleware components in the pipeline.
However, you can still extend the ASP.NET pipeline, as demonstrated in the following code:
await app.UseOcelot();
app.UseMiddleware<MyCustomMiddleware>();
However, we do not recommend adding custom middleware before or after calling UseOcelot() because it affects the stability of the entire pipeline and has not been tested.
This type of custom pipeline building falls outside the Ocelot pipeline model, and the quality of the solution is your responsibility.
Finally, do not confuse the distinction between system (private, non-overridden) and user (public, overridden) middleware. Private middleware is hidden and cannot be overridden, but the entire ASP.NET pipeline can still be extended. The public middleware of the OcelotPipelineConfiguration Class is fully customizable and can be overridden.
Future¶
The community has shown interest in adding more overridden middleware. One such request is pull request 1497, which may possibly be included in an upcoming release.
In any case, if the current overridden middleware does not provide enough pipeline flexibility, you can open a new topic in the Discussions of the repository. 