Kevin Krumwiede
Reputation: 10308
How does ASP.NET Core AuthorizeAttribute work under the hood?
ASP.NET Core AuthorizeAttribute is just a marker containing a little data and no behavior (source). Whatever visits the attribute must contain the behavior.
What visits AuthorizeAttribute and what does it do?
Upvotes: 0
Views: 448
Answers (1)
Ruikai Feng
Reputation: 11896
AuthorizeAttribute implemented IAuthorizeData interface
public class AuthorizeAttribute : Attribute, IAuthorizeData
app.UseAuthorization() middleware visits AuthorizeAttribute From endpoint metadata accroding to the source code:
var endpoint = context.GetEndpoint();
......
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
then it could access the scheme,policy,roles you defined when you add the Authorize attribute
You could try similar in a middleware:
app.Use(async (context, next) =>
{
var endpoint = context.GetEndpoint();
var authdata = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>();
await next.Invoke();
});
Result:
Upvotes: 2
Related Questions
- AddTransient, AddScoped and AddSingleton Services Differences
- How to enable CORS in ASP.net Core WebAPI
- ASP.NET Core Web API exception handling
- How do you create a custom AuthorizeAttribute in ASP.NET Core?
- How to register multiple implementations of the same interface in Asp.Net Core?
- How to enable CORS in ASP.NET Core
- How to read values from the querystring with ASP.NET Core?
- Access the current HttpContext in ASP.NET Core
- Unexpected outcome of node.js vs ASP.NET Core performance test
- .NET Core vs ASP.NET Core