Project Information: ABP version: 8.3.4 .NET version: .NET 8 UI framework: Blazor WebAssembly Solution type: Tiered Relevant projects: .Application, .Application.Contracts, .AuthServer, .Blazor, .Core, .DB, .DbMigrator, .Domain, .Domain.Seed, .Domain.Shared, .EntityFrameworkCore .HttpApi, .HttpApi.Host, .HttpApi.Client,
Goal: I want to enable HTTP response caching for API endpoints in my ABP Blazor application. I followed the ABP documentation and examples for HTTP caching, but the caching behavior is not applied when my controllers are located inside the .HttpApi project.
What I Did: I configured ASP.NET Core Output Caching:
builder.Services.AddOutputCache(options =>
{
options.DefaultExpirationTimeSpan = TimeSpan.FromSeconds(30);
options.AddPolicy("Default", builder => builder
.Expire(TimeSpan.FromSeconds(120))
.SetVaryByHeader("Authorization"));
});
and used
[OutputCache(
PolicyName = "Default",
VaryByRouteValueNames = new[]
{
nameof(id)
})]
and
[OutputCache(
PolicyName = "Default",
VaryByQueryKeys = new[]
{
nameof(FilterInputDto.Id),
nameof(FilterInputDto.SearchText),
nameof(FilterInputDto.IsActive),
nameof(FilterInputDto.Sorting)
})] on my API controllers (as needed).
When the controller is inside .HttpApi, caching does not seem to take effect — no caching headers or stored responses.
When I moved the controller to .Web, I got 401 Unauthorized responses instead.
Tested the endpoint — the caching headers were missing.
Moved the same controller from .HttpApi to the .Web project (without using the generated HTTP proxies) — I get authorization errors when accessing endpoints.
The Problems Case 1 – Controller inside .HttpApi
Response caching is not applied — response headers like Cache-Control are missing.
No apparent caching layer is triggered.
Case 2 – Controller moved to .Web
Requests fail with authorization errors:
401 Unauthorized
Happens even for authenticated users that can access the same API endpoints when the controller was in .HttpApi.
What I Tried
Verified that [Authorize] is correctly applied.
Disabled and re-enabled ABP HTTP proxies.
Tested both from Swagger and browser.
Confirmed that other endpoints’ authorization still works normally.
Question
Is HTTP caching officially supported when controllers are placed in the .HttpApi project of an ABP Blazor solution? If so, what configuration is required for it to work?
