Middleware Pipeline Internals

Every HTTP request in ASP.NET Core flows through a pipeline of middleware components. Each component either handles the request, passes it to the next component (next()), or short-circuits (returns without calling next). Understanding this chain—and the ORDER it's built in—determines your app's behavior and security.

25 min•By Priygop Team•Updated 2026

The Request Pipeline — How Middleware Chains Work

// Middleware pipeline visualization:
// Request →  [M1] → [M2] → [M3] → Handler → Response
//         ↑                              ↓
//         └──────────────────────────────┘
// Each middleware can inspect/mutate both the REQUEST (going in) and RESPONSE (coming out)

// ━━ app.Use — bidirectional middleware (wraps next) ━━
app.Use(async (context, next) =>
{
    // PRE-processing: runs BEFORE the rest of the pipeline
    var sw = System.Diagnostics.Stopwatch.StartNew();
    var path = context.Request.Path;

    await next(context); // call next middleware

    // POST-processing: runs AFTER the rest of the pipeline completes
    sw.Stop();
    Console.WriteLine($"{path} → {context.Response.StatusCode} in {sw.ElapsedMilliseconds}ms");
});

// ━━ app.Run — terminal middleware (does NOT call next) ━━
// Short-circuits the pipeline — nothing after this runs
app.Run(async context =>
{
    await context.Response.WriteAsync("Hello from terminal middleware!");
});

// ━━ app.Map — branch by path ━━
app.Map("/health", healthApp =>
{
    healthApp.Run(async ctx => await ctx.Response.WriteAsync("OK"));
});

// ━━ app.UseWhen — conditional branching ━━
app.UseWhen(
    context => context.Request.Path.StartsWithSegments("/api"),
    apiApp => apiApp.UseRateLimiter());

// ━━ CRITICAL: Order of built-in middleware ━━
// app.UseExceptionHandler("/error")  ← FIRST: catches all downstream exceptions
// app.UseHsts()                       ← HTTPS enforcement
// app.UseHttpsRedirection()           ← redirect HTTP to HTTPS
// app.UseStaticFiles()                ← serve wwwroot before routing overhead
// app.UseRouting()                    ← parse route
// app.UseCors()                       ← CORS (MUST be after routing, before auth)
// app.UseAuthentication()             ← who are you?
// app.UseAuthorization()              ← what can you do?
// app.UseRateLimiter()                ← limit request rate
// app.UseResponseCaching()            ← cache responses
// app.MapControllers()               ← execute endpoints

Tip

Practice Middleware Pipeline Internals in small, isolated examples before integrating into larger projects. Breaking concepts into small experiments builds genuine understanding faster than reading alone.

Diagram

Loading diagram…

.NET provides a unified platform for building various application types

Practice Task

Note

Practice Task — (1) Write a working example of Middleware Pipeline Internals from scratch without looking at notes. (2) Modify it to handle an edge case (empty input, null value, or error state). (3) Share your solution in the Priygop community for feedback.

Quick Quiz

Common Mistake

Warning

A common mistake with Middleware Pipeline Internals is skipping edge case testing — empty inputs, null values, and unexpected data types. Always validate boundary conditions to write robust, production-ready dotnet code.

Topics in This Module