C
C#8mo ago
Dr_Cox1911

✅ Put `[Authorize("myPolicy")]` behind feature flag

Greetings, I'm currently working on authentication and authorization for an API that is already deployed to a couple of customers. The whole auth process sits behind a feature flag using the MS IFeatureManager, so that the API can be deployed completely without auth and once more downtime is possible from customers side auth shall be activated by enabling this feature. I have pretty much all covered by the feature flag, but I don't know how I can conditionally apply the [Authorize("myPolicy")] on my api endpoints. If the feature is disabled I don't even register any auth related services or middlewares.
7 Replies
Pobiega
Pobiega8mo ago
you can't conditionally apply an attribute, as they are compile time metadata but if as you say the feature is disabled there are no auth middlewares, doesnt it still work?
Dr_Cox1911
Dr_Cox19118mo ago
Unfortunately it doesn't work, as I don't even register any services and middleware if the feature is disabled. I get an exception that the auth metadata is defined but no app.UseAuthorization() call is made.
Pobiega
Pobiega8mo ago
Ah, thats unfortunate. The recommended approach seems to be to make your policies conditional ie, 
.AddAuthorization(x =>
{
    // _env is of type IHostingEnvironment, which you can inject in
    // the ctor of Startup
    if (_env.IsDevelopment())
    {
        x.DefaultPolicy = new AuthorizationPolicyBuilder().Build();
    }
});
.AddAuthorization(x =>
{
    // _env is of type IHostingEnvironment, which you can inject in
    // the ctor of Startup
    if (_env.IsDevelopment())
    {
        x.DefaultPolicy = new AuthorizationPolicyBuilder().Build();
    }
});
replace that if with your feature toggle check replacing all your policies with "blank" policies
Dr_Cox1911
Dr_Cox19118mo ago
That doesn't work either unfortunately, I get AuthorizationPolicy must have at least one requirement.
Pobiega
Pobiega8mo ago
x.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAssertion(_ => true)
                .Build();
x.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAssertion(_ => true)
                .Build();
there you go 🙂
Dr_Cox1911
Dr_Cox19118mo ago
Thanks! It works! I had to get a custom IAuthorizationPolicyProvider alongside your solution to support Authorize attributes with policies that I don't have defined when the feature is disabled. Works like a charm now
Pobiega
Pobiega8mo ago
👍
Want results from more Discord servers?
Add your server
More Posts
❔ Which types should I use for this dictionaryI am making a command interpreter from a game, which the players can use via /command <parameters>, ✅ .NET7 Hotfix via DDLHey, I've following situation and question: Currently there is a external software in use and somet❔ Some image detecting thingSo, I took this script from talkai and I want to use it from the main script https://paste.mod.gg/zo❔ solid principles trainingI'm studying solid principles using c#, i want to train on it, there is exercise or problem solving What formatting rule is linked to removing lines when typing an open bracket when creating an array?I'm trying to pinpoint what is causing this specific formatting when typing the brackets when creat❔ Prevent Rider from removing "redundant" named arguments.As per the title, I have constructors which take a lot of arguments. I use the constructors to manua❔ dotnet workload installed, but not detected during compilationFor a project I'm using `wasm-tools`. It works fine on my Manjaro machine with dotnet version 7.0.11✅ how can u compile a c# project to a .dll file?title✅ async .NET MAUI bindingHello, on Xamarin channel I found this code how to update UI with threads and async stuff. <https://✅ WPF Masked TextBoxWhat's the easiest way to create a maskedtextbox in WPF? I did some searching and just find this pac