Reputation: 807
How to do simple header authorization in .net core 2.0?
I have been unable to find information on this particular issue after the 2.0 changes to .NET Core.
I have cookie authorization like this:
services.AddAuthentication("ExampleCookieAuthenticationScheme")
.AddCookie("ExampleCookieAuthenticationScheme", options => {
options.AccessDeniedPath = "/Account/Forbidden/";
options.LoginPath = "/Account/Login/";
});
For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am unable to get the headers, or they have been made only for facebook, google, cookies etc.
How do I add an authorization that performs a simple header check in .Net core 2.0?
Upvotes: 5
Views: 5971
Answers (1)
Reputation: 2472
It is possible to perform simple authorization check using a custom middleware. But if it is required to apply the custom middleware for selected controllers or action methods, you can use Middleware filter.
Middleware and its app builder extension:
public class SimpleHeaderAuthorizationMiddleware
{
private readonly RequestDelegate _next;
public SimpleHeaderAuthorizationMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context){
string authHeader = context.Request.Headers["Authorization"];
if(!string.IsNullOrEmpty(authHeader))
{
//TODO
//extract credentials from authHeader and do some sort or validation
bool isHeaderValid = ValidateCredentials();
if(isHeaderValid){
await _next.Invoke(context);
return;
}
}
//Reject request if there is no authorization header or if it is not valid
context.Response.StatusCode = 401;
await context.Response.WriteAsync("Unauthorized");
}
}
public static class SimpleHeaderAuthorizationMiddlewareExtension
{
public static IApplicationBuilder UseSimpleHeaderAuthorization(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return app.UseMiddleware<SimpleHeaderAuthorizationMiddleware>();
}
}
In order to use middleware as a filter, you need to create a type with Configure method that specifies the middleware pipeline that you want to use.
public class SimpleHeaderAuthorizationPipeline
{
public void Configure(IApplicationBuilder applicationBuilder){
applicationBuilder.UseSimpleHeaderAuthorization();
}
}
Now you can use the above type in specific controller or action methods like this:
[MiddlewareFilter(typeof(SimpleHeaderAuthorizationPipeline))]
public class ValuesController : Controller
{
}
Upvotes: 9
Related Questions
- What's the simplest way to fetch the value of the Authorization header of a request?
- How do I authorize requests based on the Authorization header value?
- Access token appendix http header
- Authorizing based on request headers in ASP.NET Core
- Including Authentication in the Header of a POST Request using ASP.NET Core
- Authorization header is not setting
- ASP.NET Web API Basic Authentication Authorisation Header
- How to get the authentication header from a request sent to an ASP.NET core 2.0 API controller action
- ASP.NET HTTP Authorization Header
- HTTP Basic Authorization in .NET