Exploring the new output caching middleware

[utterances-bot]

Exploring the new output caching middleware - Tim Deschryver

Taking a closer look at the capability of the new output caching middleware in .NET 7

https://timdeschryver.dev/blog/exploring-the-new-output-caching-middleware

[gbjbaanb]

If you want a reason to use the vary by value caching option, then I can think that extracting a claim from the httpcontext would suit this use-case. You can then vary by user, if you have logged-on users, or perhaps other data that can be extracted from the httpcontext such as request or session data.

whether these are "good" reasons depends on your needs.

It doesn;t have as fine-grained control over evicting cache as it does from adding it, If you cache by an ID parameter, you cannot evict only that ID's cache, its an all-or-nothing based on large tag names.

[AndiRudi]

Well done, but as most people still use Controllers it would be good to have more infos regarding that. For example how to use Tags with Controllers... and so on.

[timdeschryver]

@AndiRudi thanks.
The OutputCache accepts the same config parameters, so you could do the following

[OutputCache(Duration = 10_000, VaryByQueryKeys = new [] { "id" })]

Sadly, as far as I know, this doesn't support tags.
To clear the cache with controllers you might do something as mentioned here.

[dimigithub]

Hi Tim,
I have implement the IOutputCachePolicy interface, to override the no-caching setting when using an authorization header.
But that doesn't seems to work: The AttemptOutputCaching returns true when using a authorization header, but does nog seems to use the cache.
The policy is added to the base policy.

[AndiRudi]

If I am not mistaken, Output Caching does not work with an authorization header. When I started trying it out it took me quite a while to figure this out...

[timdeschryver]

@dimigithub Good question, how does the implementation look like?

For comparison, I copy-pasted the default policy and removed the header check and it seems to be working.

I added the policy to the base policies with:

builder.Services.AddOutputCache(options =>
{
    options.AddBasePolicy(new MyPolicy());
});

Now, for every endpoint that doesn't use CacheOutput, the result is cached.

Routes that use CacheOutput are not cached though, and fall back to the default behavior.

app.MapGet("/cache-test", () => ...).CacheOutput();

For me, this makes sense because you don't want to cache all endpoints.
I prefer to be explicit about this, and specify a policy with CacheOutput.

[dimigithub]

Hi Tim,
I actually implemented it as you described. And set the attribuut per route.

builder.Services.AddOutputCache(options => { options.AddBasePolicy(new CacheWithAuthorizationPolicy());});

[OutputCache(Duration = 20)]
[HttpGet(Name = "GetWeatherForecast")]

And I misunderstood the principle: I thought that routes with the cachedouput attribute were cached. It is indeed true that routes without the CacheOutput attribuut, are cached.
Is it then possible to determine, per route, how long it is cached?

[timdeschryver]

Yea, that's possible @dimigithub
See https://timdeschryver.dev/blog/exploring-the-new-output-caching-middleware#cache-expiration

[AdamDiament]

Fantastic article thanks! I didn't have any success with adding the base policy, I still couldn't cache authorized requests. For me what worked was using excludeDefaultPolicy: true like this

 services.AddOutputCache(options =>
        {
            options.AddPolicy("AuthorizationPolicy", builder =>
            {
                builder.AddPolicy<AllowAuthorizationCachePolicy>();
            }, excludeDefaultPolicy: true);
        });

combined with

 app.UseEndpoints(endpoints =>
            {
               endpoints.MapControllers().CacheOutput("AuthorizationPolicy");

Where AllowAuthorizationCachePolicy was just the default policy with the authorization checks removed.

[AdamDiament]

Here's another way you could use tags with controller attributes:

Given two endpoints:

[HttpGet("api/")]
[OutputCache(Duration = 60,PolicyName = "AuthorizationPolicy")]
public async Task<IActionResult> GetSomething(long id) {
 ...
}

and

[HttpGet("reports/")]
[OutputCache(Duration = 60,PolicyName = "ReportsPolicy")]
public async Task<IActionResult> GetSomethingElse(long id) {
 ...
}

You can do this...

        services.AddOutputCache(options =>
        {
            options.AddPolicy("AuthorizationPolicy", builder =>
            {
                builder.AddPolicy<AllowAuthorizationCachePolicy>()
                    .With(c => c.HttpContext.Request.Path.StartsWithSegments("/api"))
                    .Tag("api");

            }, excludeDefaultPolicy: true);

            options.AddPolicy("ReportsPolicy", builder =>
            {
                builder.AddPolicy<AllowAuthorizationCachePolicy>()
                    .With(c => c.HttpContext.Request.Path.StartsWithSegments("/reports"))
                    .Tag("reports");

            }, excludeDefaultPolicy: true);
        });

[timdeschryver]

Cool, thanks @AdamDiament !

[AdamDiament]

@gbjbaanb you can actually achieve fine grained control over evicting when using varybyvalue, for example:

In the setup:

  builder.AddPolicy<AuthorizedCacheByByClaimPolicy>()
                    .VaryByValue((cxt, ct) =>
                    {
                        var claim = cxt.User.Claims.FirstOrDefault(c => c.Type == "SomeClaimType");
                        if (claim is null)
                        {
                            throw new Exception("We should not get here");
                        }
                        return ValueTask.FromResult(new KeyValuePair<string, string>("SomeClaimType",claim.Value));
                    })
                    .With(c => c.HttpContext.Request.Path.StartsWithSegments("/api"));

Then in the custom AuthorizedCacheByByClaimPolicy CacheRequestAsync method itself you can set tags per execution. So you can have a method which takes the httpcontext and returns a tag - you could interrogate the claims, and return a tag based on the same claim type, then evict only that, for example:

    /// <inheritdoc />
    ValueTask IOutputCachePolicy.CacheRequestAsync(OutputCacheContext context, CancellationToken cancellationToken)
    {
       ... other stuff copied from default implementation
       
        var tag = GetTagForRequest(context.HttpContext);
        if (tag != null)
        {
            context.Tags.Add(tag);
        }

        return ValueTask.CompletedTask;
    }