Exclude certain controllers?

[chambersDon]

I set EnforceHeader=true, to require the client to add the correlationID header. I need to exclude some of the controllers. I have a health check endpoint and swagger documents endpoint that should not require a correlationID. Is this possible?

[stevejgordon]

Hi @chambersDon,

Thanks for raising this suggestion. With the current design, it's not available in the package. To implement this, I think the middleware would need to be made "Endpoint aware" so that when it runs, it knows which Endpoint will handle the request. This is technically possible if the middleware where to be registered after UseRouting() in the pipeline. An attribute could then be used to mark Endpoints with metadata to avoid the correlation ID from being enforced on those requests. The main downside is that for this to function, it may require consumers to call UseRouting earlier than they would normally. Often we want to grab the correlation ID right at the start of the request so the correlation ID is registered as the first middleware in the pipeline.

I'll put this into under consideration as I can see the requirement. As I type this, I can think of a few designs which may be a nice way to enable this where it is needed.

Right now, I think the best option is not to enforce this using the library with EnforceHeader = true. Instead, you could add you own piece of middleware to selectively check for the correlation ID when you deem that it is required for the Endpoint in question. Alternatively, since you likely only want the enforce to happen inside MVC, you could write a global ActionFilter and apply the check there, such that you reject any requests without the correlation ID which are routed to an MVC Action.