I evaluate various hosting options for an ASP.NET Core application. In the new ASP.NET programming model, you process a request using a set of middlewares (which are a mixture of older IHttpModuleand IHttpHandler).
You may have middleware that may be responsible for authenticating, processing static files, or compressing the response before sending it (just to indicate some). This is where the confusion arises.
Where to set the boundary between the server and the application in the context of responsibility?
Which side should be responsible for compressing the response? With IIS, this was handled by the server and configured in web.config. Kestrel does not provide this AFAIK functionality, so you need to implement custom software in an application that will handle this for you. Which one is more appropriate?
What about authentication ? IIS provides authentication options (anonymous, impersonating, auth). In contrast, in ASP.NET Core, we can also write middleware applications that can handle this for us.
Well, SSL is handled by the server since it is lower at the protocol level and the application only works with HTTP (S).
What responsibilities should a server have? What responsibilities should the application have?