Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News ASP.NET Core in .NET 8 Preview 7: Blazor, Native AOT, Antiforgery and More

ASP.NET Core in .NET 8 Preview 7: Blazor, Native AOT, Antiforgery and More

The latest release of .NET 8 Preview 7 brings significant additions and changes to ASP.NET Core. The most notable enhancements for this release of ASP.NET Core are related to the Blazor alongside the updates regarding the Native AOT, Identity, new SPA Visual Studio templates, Antiforgery middleware additions and many more.

Regarding the Blazor, the endpoints are now required to use antiforgery protection by default. As reported, from this version, the EditForm component will now add the antiforgery token automatically. Also, the developers can disable this but it is not recommended. In terms of form creation, developers can now build standard HTML forms in server-side rendering mode without relying on EditForm.

Blazor introduces a range of other notable enhancements, including the Auto interactive render mode that combines Server and WebAssembly render modes seamlessly. This mode optimizes rendering by utilizing WebAssembly if the .NET runtime loads swiftly, within 100ms. Additionally, registering root-level cascading values extends their availability throughout the component hierarchy.

Moreover, interactive components can now be added, removed, and parameterized with enhanced navigation, enhanced form handling, and a streaming rendering. Also, the Virtualize component introduces the EmptyContent property, offering a concise content definition for scenarios where items are absent or the ItemsProvider yields zero TotalItemCount.

Regarding the APIs, a new middleware has been added for validating antiforgery tokens, a key defence against cross-site request forgery attacks. This middleware activates when antiforgery services are registered via the AddAntiforgery method. Placing the antiforgery middleware after authentication and authorization middleware is vital to prevent unauthorized form data access. Also, Minimal API handling form data will now require antiforgery token validation.

Concerning Native AOT, from this Preview 7 developers can benefit from the updated Request Delegate Generator, to support new C# 12 interceptors, and compiler features to support the interception of minimal API calls of Map action methods. The original blog post shares the results of changes in the startup time, so it is highly recommended to explore it. Also, there is a new WebApplication.CreateEmptyBuilder factory method which will result in smaller apps that only contain necessary features.

As reported in the original release blog post:

Publishing this code with native AOT using .NET 8 Preview 7 on a linux-x64 machine results in a self-contained, native executable of about 8.5 MB.

This Preview also introduces a notable breaking change affecting web projects compiled with trimming enabled using PublishTrimmed=true. Previously, projects defaulted to partial TrimMode. However, starting from this release, all projects targeting .NET 8 or above will now use TrimMode=full by default.

Furthermore, new Visual Studio templates have been introduced. These templates contain Angular, React, and Vue, utilizing the new JavaScript project system (.esproj) while seamlessly integrating with ASP.NET Core backend projects.

Finally, the comments section of the original release blog post has been active with responses regarding the framework changes and enhancements. The blog post has sparked considerable engagement, with users posing numerous questions and engaging in discussions with the development team. For an insight into the various viewpoints, it is strongly advised that users look into the comment section and participate in the ongoing discussions.

About the Author

Rate this Article