.NET CORE 3.1 Web API Changes

Consider this Startup.cs configuration code:

using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.AzureAD.UI;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;

namespace Core31API
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            // These three configs allow for Azure (Cloud) Authentication
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });
            //Bind to the appsettings.json AzureAD object...
            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));
            //Make sure to configure OpenIdConnectOptions
            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.Authority = options.Authority + "/v2.0/";


            });
        }


        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            //Make sure these next 4 are in proper order.

            app.UseRouting();           
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

In particular:

  app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });

ASP.NET Core 3.1 no longer supports MVC routing construct as everything is now considered an endpoint. This is actually a nice change because it makes both MVC and Web-API solution configurations the same!

Startup Class Changes

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

The IWebHostEnvironment is found in this assembly: Microsoft.AspNetCore.Hosting

Cookie Policy Changes

services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

SameSiteMode has changed.

The Controller Attributes

 [Authorize]
 [ApiController]
 [Route("[controller]")]

As soon as this endpoint is hit; the authorization logic kicks in after the Routing is done. Note that the routing is now using the Endpoints configuration.