ASP.NET Core 2.x has a robust authorization system extending beyond just the age old [Authorize] attribute. With ASP.NET Core you now have access to Authorization policies and Authorization filters. To understand what they are and when to use them (and when not to), you should begin by familiarizing yourself with how authorization works in MVC and where it fits into the context of ASP.NET Core middleware as a whole. ASP.NET Core Middleware Pipeline In a brand new ASP.NET Core 2.0 MVC project (using built-in templates), the request middleware pipeline executes in this order: Things like add logging, UseStaticFiles, UseDeveloperExceptionPage when…
In case you’re unfamiliar, Serilog is a an open source event library for .NET. Conceptually, Serilog gives you two important components: loggers and sinks (outputs). Most applications will have a single static logger and several sinks, so in this example I’ll use two: the console and a rolling file sink. Starting with a new ASP.NET Core 2.0 Web Application running on .NET Framework (as in the image to the right), begin by grabbing a few packages off NuGet: Serilog Serilog.AspNetCore Serilog.Settings.Configuration Serilog.Sinks.Console Serilog.Sinks.RollingFile Next, you will need to modify some files. Startup.cs Startup constructor Create the static Log.Logger by reading…