Document what's new in ASP.NET Core for .NET 9 Preview 2

[danroth27]

Update the "What's new in ASP.NET Core 9.0" for .NET 9 Preview 2

@adityamandaleeka @mkArtakMSFT Please have folks comment on this issue with the desired content.

FYI: @samsp-msft @JeremyLikness @mikekistler @claudiaregio @JamesNK @SteveSandersonMS @davidfowl

---

Associated WorkItem - 212924

[mkArtakMSFT]

@javiercn can you please add a comment here about content that should go with the Constructor Injection work that you brought back? Thanks!

[mkArtakMSFT]

@javiercn and another one for the Blazorpack compression please.

[javiercn]

Constructor injection: It is now possible to inject dependencies via the constructor of a component instead of using @inject.

Blazor Web Server Components compression: Compression is now enabled by default for interactive server components. This comes with a restriction to framing the app within the same origin by default, which is achieved by a content-security policy. The compression settings as well as the framing behavior can be adjusted by passing a callback to AddInteractiveServerRenderMode

[guardrex]

I've also added primary ctors.

I've placed the guidance now (today, 3/1), and I note in the section headings "(Preview 2, mid-March)". I'll adjust that when Pre2 lands.

I see that multithreading has been pushing to Pre3. Let me know if there's anything else outside of compression and ctors. 👂

https://learn.microsoft.com/aspnet/core/release-notes/aspnetcore-9.0

[danroth27]

I see that multithreading has been pushing to Pre3. Let me know if there's anything else outside of compression and ctors. 👂

@guardrex We had discussed potentially pushing out announcing the multithreading support to Preview 3, but after discussing it this week with the WebAssembly runtime folks (@lewing @pavelsavara) the plan is to move forward with announcing it for Preview 2. Some details on what’s supported can be found here:

• Add option to serve WebAssembly app with multithreading aspnetcore#54062
• https://github.com/dotnet/runtime/blob/main/src/mono/browser/runtime/multi-threading.md.

@guardrex Change of plan 😢: We've hit some blocking issues in Blazor when multithreading is enabled that we still need to work through, so we're going to delay previewing the multithreading support until we have things sorted out.

[guardrex]

Thanks, I'll make a note of that and see about placing it (commented out) sometime next week.

[danroth27]

Thanks, I'll make a note of that and see about placing it (commented out) sometime next week.

@guardrex See updated multithreading status above

[danroth27]

OIDC and OAuth Parameter Customization

The OAuth and OIDC authentication handlers now have a new AdditionalAuthorizationParameters option to make it easy to customize authorization message parameters that are usually included as part of the redirect query string. Previously this would have required a custom OnRedirectToIdentityProvider callback or overridden BuildChallengeUrl method in a custom hander. For example:

builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
    options.Events.OnRedirectToIdentityProvider = context =>
    {
        context.ProtocolMessage.SetParameter("prompt", "login");
        context.ProtocolMessage.SetParameter("audience", "https://api.example.com");
        return Task.CompletedTask;
    };
});

Now becomes:

builder.Services.AddAuthentication().AddOpenIdConnect(options =>
{
    options.AdditionalAuthorizationParameters.Add("prompt", "login");
    options.AdditionalAuthorizationParameters.Add("audience", "https://api.example.com");
});

Thank you @joegoldman2 for this contribution!

[danroth27]

Configure HTTP.sys extended authentication flags

You can now configure the HTTP_AUTH_EX_FLAG_ENABLE_KERBEROS_CREDENTIAL_CACHING and HTTP_AUTH_EX_FLAG_CAPTURE_CREDENTIAL HTTP.sys flags using the new EnableKerberosCredentialCaching and CaptureCredentials properties on the HTTP.sys AuthenticationManager to optimize how Windows authentication is handled. For example:

webBuilder.UseHttpSys(options =>
{
    options.Authentication.Schemes = AuthenticationSchemes.Negotiate;
    options.Authentication.EnableKerberosCredentialCaching = true;
    options.Authentication.CaptureCredentials = true;
});

Thank you @evgenykotkov for this contribution!