Microsoft released .NET 9 Preview 2 which contains updates regarding ASP.NET Core: Blazor component constructor injection and WebSocket compression for Blazor interactive server components. Furthermore, developers can streamline authentication integration by customising OIDC and OAuth parameters and configuring HTTP.sys extended authentication flags.
Blazor components now support the constructor injection of configured services, complementing the existing capabilities of injecting service properties through @inject or using the [Inject] attribute. Microsoft presented the feature in the following example, in which a component uses constructor injection via a basic C# constructor to access the NavigationManager service:
Blazor component constructor injection (Source: Microsoft blog)
Blazor's interactive server rendering now incorporates WebSocket protocol compression by default, leading to substantial reductions in message payload size. Additionally, to reduce the potential risks of compression attacks on secure connections, Interactive Server Rendering adopts a default Content Security Policy (CSP) ancestor frame: 'self', restricting application embedding solely to pages originating from the same source.
To change the frame-ancestors source, developers must use the ContentSecurityFrameAncestorsPolicy option:
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode(o => o.ContentSecurityFrameAncestorsPolicy="'none'");
For disabling compression, there is the DisableWebSocketCompression option:
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode(o => o.DisableWebSocketCompression = true);
Moreover, the OAuth and OIDC authentication procedures have a new AdditionalAuthorizationParameters option, facilitating customization of authorization message parameters commonly included in redirect request strings. This can be done in this way:
builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
options.AdditionalAuthorizationParameters.Add("prompt", "login");
options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
});
The next feature is about configuring HTTP.sys extended authentication flags. Developers can configure the HTTP_AUTH_EX_FLAG_ENABLE_KERBEROS_CREDENTIAL_CACHING and HTTP_AUTH_EX_FLAG_CAPTURE_CREDENTIAL HTTP.sys flags using the new EnableKerberosCredentialCaching and CaptureCredentials properties in HTTP.sys AuthenticationManager to optimise how Windows authentication is handled.
In the latest release also appeared the new AllowOutOfOrderMetadataProperties config in System.Text.Json. In the comment section, Weihan Li, a .NET software development engineer, noted a change that introduces support for out-of-order metadata reads in the JsonSerializer, alongside ensuring that JSON property names are always unescaped during reading.
The roadmap for the ASP.NET Core in .NET 9 is available in the Github repository.