It's not Friday, but I've got a complaint. In a fresh .NET 5 Web Api I want to implement the simplest authorization technique using a header like x-auth-key: xyzzy. I could do this my old legacy way of using an IActionFilter class OnActionExecuting to inspect the headers and cause an error response (that works). But I wanted to do it "the formal modern way" so I went looking for guidance. After about 7 hours of searching and experiments I have found nothing that works. I found at least a dozen samples that used completely different classes, interfaces and configuration, but some won't compile, some have no effect, some are too complex to bother coding, and those that do work do not have enough context information available to complete my logic or I don't know how to set return values.
I read years ago that an aim of Core was to unify and simplify configuration to make it more extensible. Most of my time wasted today was fumbling around in Startup.cs with extension methods, lambas, fluent syntax and a hundred unfamiliar classes. Microsoft hasn't made config easier, they've made it harder than solving differential equations in a maze in the dark. I also spent an hour fumbling around configuring Swagger as well because it's now part of the problem. Overall, I'm getting progressively more upset and depressed about the complexity of some large parts of the .NET ecosystem. Things aren't getting easier! *Greg K*
