C
C#7mo ago
Shaka

❔ Is this possible in WEBAPI to add logic between JWT token validation and the authorization?

I read a blog about the AspNetCore WebApi: https://jasonwatmore.com/post/2022/02/18/net-6-role-based-authorization-tutorial-with-example-api this sample add an User instance in HttpContext.Items after the token validation and bring it to the Authorization filter to use it. I'm trying implement this with AspNetCore internal functions(middleware, policy and requirements). but I cannot find a way to add User instance in that time. and also try to created a custom middleware but this Handler will be invoked after the authorization. 
public class CustomAuthMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    private IUserService userService;

    public CustomAuthMiddlewareResultHandler(IUserService userService)
    {
        this.userService = userService;
    }
    public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    {
        if (authorizeResult.Challenged)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            return Task.CompletedTask; ;
        }
        var userId = int.Parse(context.User.Claims.First(x => x.Type == "id").Value);
        context.Items["User"] = userService.GetById(userId);
        next(context);
        return Task.CompletedTask;
    }
}
public class CustomAuthMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    private IUserService userService;

    public CustomAuthMiddlewareResultHandler(IUserService userService)
    {
        this.userService = userService;
    }
    public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    {
        if (authorizeResult.Challenged)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            return Task.CompletedTask; ;
        }
        var userId = int.Parse(context.User.Claims.First(x => x.Type == "id").Value);
        context.Items["User"] = userService.GetById(userId);
        next(context);
        return Task.CompletedTask;
    }
}
Is there any handler can add some logic between JWT token validation and API authorization?
.NET 6.0 - Role Based Authorization Tutorial with Example API | Jas...
How to build an API with role based authorization / access control in .NET 6.0 & C#. Includes example client apps built with Angular, React and Vue.
36 Replies
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
        context.Items["User"] = userService.GetById(userId);
        context.Items["User"] = userService.GetById(userId);
just this line
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
this is the code from the sample
No description
Shaka
Shaka7mo ago
No description
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
thanks you mean I add user info in the claims?
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
such as roles the HttpContext.User>?
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
could the claim store array or list?
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
this interface?
No description
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
so I can put the roles into claims into the token. after the token validation, I can use the HttpContext.User.Roles for authorization
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
i may take time to understand that. I'm new with C# I'll try to understand that IClaims interface and find a way to query the user role with user id thanks now I find the only ways is query the user role with ID in policy requirement but I need to query the roles in each requirement class.
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
yes, and I don't wanna the roles put inthe claim and return to the user I'll try this
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
I agree sorry my English is not well. maybe I miss something you said
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
Thanks , I implemented a custom IAuthorizationService. I made it thankks alot
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
a minute
Shaka
Shaka7mo ago
No description
Shaka
Shaka7mo ago
No description
Shaka
Shaka7mo ago
here is the program file
Shaka
Shaka7mo ago
No description
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
and there is another way to impl that
Shaka
Shaka7mo ago
No description
Shaka
Shaka7mo ago
the jwtbearerOption has a event that would be invoked when the token validated
Unknown User
Unknown User7mo ago
Message Not Public
Sign In & Join Server To View
Shaka
Shaka7mo ago
truly thanks for your comments about IAuthService
Accord
Accord7mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
✅ docker build with dotnet 8ERROR: Service 'vmg-dashboards-api' failed to build: The command '/bin/sh -c dotnet restore "vmg.dasMake every textblock in an itemscontrol with an OCollection<string> as the source have a click eventI have an itemscontrl with a OCollection as the source which means it can be updated i have a textbl❔ Validation of appsettings configuration before running the applicationHello. I would like to validate entries in the appsettings configuration at application startup to ❔ Migrate AppDomain (.net framework) to AssemblyLoadContext (.net core)I need help converting this code to the .net core equivalent by using AppDomain here, ensured that t❔ Form goes fully transparent please helpi was trying to make blurry panel then i searched and i found something but the problem is i see squ❔ ✅ Mind explaining a code to me?```cs public static int? Closest(int[] arr) { var min = arr.Distinct().Where(x => Math.Abs(x) ❔ (MVC web app) How can I handle exceptions/errors in this case?So I was thinking of placing all this code (the one inside the function) inside a try catch block, a❔ `<code>` xml docs not showing nicely in VSCodeI want to use `<code>` in my XML docs to provide examples documentation. However, extra `\` appears ❔ Console RPG GameHello. Im currently in middle school, and our project is to make an RPG game using console. Sadly we❔ ✅ Why am I getting error message CS0184?I am trying to compare the return type of a generic method, which produces the following warning. Ho