Home > Mobile >  Custom Authorization Filtering Minimal API .Net 6
Custom Authorization Filtering Minimal API .Net 6

Time:08-08

I'm exploring Minimal APIs in .Net 6, and trying to apply a custom Authorization Filter to the endpoint (via Attributes or Extensions). But it seems to me, I am doing something wrong, or it's simply not designed to work in that way (and it's sad if so). Couldn't find anything in the docs besides the default usage of [Authorize] attribute in Minimal APIs.

Here is the Filter

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class CustomAuthorizeAttribute : Attribute, IAuthorizationFilter
{
    //Checking tokens
}

And if I try to apply it at Controller level, it works fine

[CustomAuthorize]
public class CustomController : ControllerBase
{
    //Necessary routing
}

But if I switch to Minimap APIs notation and try to use attributes

app.MapGet("/customEndpoint", 
        [CustomAuthorize] async ([FromServices] ICustomService customService, Guid id) => 
            await customService.GetCustomStuff(id));

or even an extension method

app.MapGet("/customEndpoint", 
        async ([FromServices] ICustomService customService, Guid id) => 
            await customService.GetCustomStuff(id)).WithMetadata(new CustomAuthorizeAttribute());

It just doesn't work. The filter doesn't even being constructed.

What did I miss or did wrong? Thx in advance

CodePudding user response:

I think you won't be able to inject action filter in minimal api, you can use 3 alternative approches.

  1. Create a custom middleware and inject it in startup class, it would check every request and do the intended work as you filter is doing. You can put a check for the request path there if you only need to validate a specific controller/endpoint.

  2. The second approach is you can inject httpcontext in minimal api like this, from that extract jwt token and validate that, if found not ok reject that request.

 app.MapGet("/customEndpoint", async (HttpContext context, ICustomService service) =>
 {
     var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
     if (string.isNullOrEmpty(token) || <not a valid token>) return Results.Unauthorized();    
     // do some work 
     return Results.Ok(result);
 });

as @Dai suggested, you can extract token in this way also

AuthenticationHeaderValue.TryParse(context.Request.Headers["Authorization"], out var parsed ) && parsed.Scheme == "BearerOrWhatever" ? parsed.Parameter : null
  1. You can register the filter globally from startup.cs.

Page link:https//www.codepudding.com/Mobile/502924.html

Prev:How can I fix the vb.net error "array bounds cannot appear in type specifiers"?
Next:laravel excel import update only if there is a change
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding