Pretty much as the title states - I'm struggling to find the best balance between:
Having Miniprofiler run 'high up' enough in the middleware chain that it can 'see' the full picture of a request.
Finding a way to Authorize requests through
ResultsAuthorizeso that I can run MP in production.
Currently I am just enabling MP in non-Production requests - but I would like to be able to widen this and run it in Production to authorized users (developers).
In the docs (https://miniprofiler.com/dotnet/AspDotNetCore) I believe the inference is that it should be included first which I am currently doing - and which is great as I can see the contribution to the execution time of all of the other middleware (which is sometimes non-negligible).
The downside however is that I believe running it before app.UseAuthentication()and app.UseAuthorization() means that I have none of the normal ASP.NET Identity machinery available to drive this. I've toyed also with authorizing the user seperately and setting a session variable - but again that relies on app.UseSession() running first.
I would like to find a balance between these constraints and am interested in what other guidelines/implementations there are out there, perhaps even StackOverflow itself (in the in-progress .net core port).