Similar Topics...
 |
Custom Authorization in .NET Core
In .NET Core you can create a custom 'Authorize' tag for your controller class and/or methods:
(similar to overriding AuthorizeAttribute as might be done in .NET Framework)
[AuthorizeAPI(Feature.User)] // or whatever string
[Route("api/my")]
public class MyController : Controller
or
[AuthorizeAPI(Feature.User)] // or whatever string
[HttpGet("[action]")]
public List<int> GetData()
By adding the following classes:
/// <summary>
/// Handle custom authorization.
/// </summary>
public class AuthorizeAPIFeatureAttribute : TypeFilterAttribute
{
public AuthorizeAPIFeatureAttribute(string claimValue) : base(typeof(ClaimRequirementFilter))
{
Arguments = new object[] { new Claim("", claimValue) };
}
}
public class ClaimRequirementFilter : IAuthorizationFilter
{
readonly Claim _claim;
public ClaimRequirementFilter(Claim claim)
{
_claim = claim;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var hasClaim = _claim.Value != null; // CUSTOM LOGIC GOES HERE
if (!hasClaim)
{
context.Result = new ForbidResult();
}
}
}
No other registration is required.
Created By: amos 8/28/2019 10:01:04 AM
|
|
|
|
|
|