Home > Software engineering >  Get Controller and Action Name whern creating Custom Authorization Policy in .NET Core 6 using IHttp
Get Controller and Action Name whern creating Custom Authorization Policy in .NET Core 6 using IHttp

Time:12-27

I, am trying to configure a custom Authorization policy in .NET Core 6 with the following logic in a Handler:

  1. Get Controller Name and Get Controller Action which user is trying to access
  2. If Claim.Type = Controller Name and Value = Controller Action then grant access.

I, am trying to access the Controller Name and Action using IHttpContextAccessor injected into the Handler class. How can I get the controller name and action method name? I found several articles mentioning how to do so in previous versions of .NET Core. But those do not work on .NET 6. It always provides NULL value

Current AccessHandler (Previous Versions of .NET)

using Microsoft.AspNetCore.Authorization;

namespace myApp.Security
{
    public class AccessHandler : AuthorizationHandler<AccessRequirement>
    {
        private readonly IHttpContextAccessor httpContextAccessor;

        public AccessHandler(IHttpContextAccessor httpContextAccessor)
        {
            this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
        }
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
        {
               
            string? controllerName = httpContextAccessor.HttpContext?.Request.Query["controller"].ToString();

            string? actionName = httpContextAccessor.HttpContext?.Request.Query["action"].ToString();

            if (controllerName != null && actionName != null)
            {
                if (context.User.HasClaim(claim => claim.Type == controllerName && claim.Value == actionName))
                {
                    context.Succeed(requirement);
                }
            }

            return Task.CompletedTask;
        }
    }
}

CodePudding user response:

Finally found the solution and the process of finding was really satisfying. Here is how you can do it in .NET 6 Core. Modify the Requirement handler as follows:

using Microsoft.AspNetCore.Authorization;

namespace myApp.Security
{
    public class AccessHandler : AuthorizationHandler<AccessRequirement>
    {
        private readonly IHttpContextAccessor httpContextAccessor;

        public AccessHandler(IHttpContextAccessor httpContextAccessor)
        {
            this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
        }
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
        {
            string? controllerName = httpContextAccessor.HttpContext?.Request.RouteValues["controller"]?.ToString();

            string? actionName = httpContextAccessor.HttpContext?.Request.RouteValues["action"]?.ToString();

            if (controllerName != null && actionName != null)
            {
                if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == actionName)))
                {
                    context.Succeed(requirement);
                }
            }

            return Task.CompletedTask;
        }
    }
}

Page link:https//www.codepudding.com/Softwareengineering/241447.html

Prev:How should I cache data from database to be thread safe by EF Core?
Next:ASP.Net Core 5 Print Div Vertical Alignment Problem
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding