1

I want to use Hateoas in my C# Web Api. I want to be able to work out if the requestee has access to other routes by providing the route name.

  1. When the requestee calls /A and would pass PolicyB but not PolicyC, I want them to receive "Get" back, not "Post"
  2. When the requestee calls /A and would pass PolicyB and PolicyC, I want them to receive "Get" and "Post" back

Here is the example code:

public class AController : Controller
{
    [HttpGet("A", Name = "RouteA")]
    public IActionResult GetA()
    {
        IEnumerable<string> routesAbleToAccess = MethodsUserCanAccessForRoute("RouteB");
        return Ok(routesAbleToAccess);
    }

    [HttpGet("B", Name = "RouteB")]
    [Authorize("PolicyB")]
    public IActionResult GetB()
    {
        return Ok();
    }


    [HttpPost("C")] // Also named Route B
    [Authorize("PolicyC")]
    public IActionResult SaveC()
    {
        return Ok();
    }

    private IEnumerable<string> MethodsUserCanAccessForRoute(string route)
    {
        // logic to get the routes that the user can access
    }
}
Tseng
  • 61,549
  • 15
  • 193
  • 205
chris31389
  • 8,414
  • 7
  • 55
  • 66
  • 1
    Do you mean you want to enumerate over all the methods that are decorated with the `Authorize` attribute in the `AController`? – Svek Oct 06 '17 at 15:46
  • And Check if the requestee would pass the policies for those authorize attributes. If it would I want to return the method – chris31389 Oct 06 '17 at 15:47
  • It needs to be by the Route Name too, as the route could exist on another controller – chris31389 Oct 06 '17 at 15:50
  • 1
    I think this leans more towards what you are looking for in terms of a starting point for your logic https://stackoverflow.com/a/8817663/3645638 – Svek Oct 06 '17 at 15:55

0 Answers0