Data Browser - Viewing Site  Sector 23 Code Bank Logged in as:  Guest  




           


Custom Authorization in .NET Core
In .NET Core you can create a custom 'Authorize' tag for your controller class and/or methods:
(similar to overriding AuthorizeAttribute as might be done in .NET Framework)

[AuthorizeAPI(Feature.User)] // or whatever string
[Route("api/my")]
public class MyController : Controller

or

[AuthorizeAPI(Feature.User)] // or whatever string
[HttpGet("[action]")]
public List<int> GetData()

By adding the following classes:

/// <summary>
/// Handle custom authorization.
/// </summary>
public class AuthorizeAPIFeatureAttribute : TypeFilterAttribute
{
public AuthorizeAPIFeatureAttribute(string claimValue) : base(typeof(ClaimRequirementFilter))
{
Arguments = new object[] { new Claim("", claimValue) };
}
}

public class ClaimRequirementFilter : IAuthorizationFilter
{
readonly Claim _claim;

public ClaimRequirementFilter(Claim claim)
{
_claim = claim;
}

public void OnAuthorization(AuthorizationFilterContext context)
{
var hasClaim = _claim.Value != null; // CUSTOM LOGIC GOES HERE
if (!hasClaim)
{
context.Result = new ForbidResult();
}
}
}

No other registration is required.

Created By: amos 8/28/2019 10:01:04 AM