I, am trying to configure a custom Authorization policy in .NET Core 6 with the following logic in a Handler:
- Get Controller Name and Get Controller Action which user is trying to access
- If Claim.Type = Controller Name and Value = Controller Action then grant access.
I, am trying to access the Controller Name and Action using IHttpContextAccessor injected into the Handler class. How can I get the controller name and action method name? I found several articles mentioning how to do so in previous versions of .NET Core. But those do not work on .NET 6. It always provides NULL value
Current AccessHandler (Previous Versions of .NET)
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.Query["controller"].ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.Query["action"].ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => claim.Type == controllerName && claim.Value == actionName))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}
CodePudding user response:
Finally found the solution and the process of finding was really satisfying. Here is how you can do it in .NET 6 Core. Modify the Requirement handler as follows:
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.RouteValues["controller"]?.ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.RouteValues["action"]?.ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == actionName)))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}