4

I am using JwtBearer authentication to secure my API. I am adding [Authorize] above each API and it worked.

I am using this code to add the authentication in the startup: 

services.AddAuthentication("Bearer")
        .AddJwtBearer("Bearer", options =>
        {
            options.Authority = "http://localhost:1234";
            options.RequireHttpsMetadata = false;
            options.Audience = "test";
        });

I want a way to add the [Authorize] to a function in a service, or write a code in the function that works the same as [Authorize].

Kirk Larkin
  • 84,915
  • 16
  • 214
  • 203
MBS
  • 673
  • 2
  • 16
  • 48
  • What is the version of .net core are you using? – MBS Jun 26 '19 at 07:24
  • The concept you are trying to achieve called AOP. net core does not support it out of the box yet. PostSharp or Windsor Castle Dynamic proxy can make that happen for you. I suggest you to check this answer https://stackoverflow.com/questions/46000757/net-core-attributes-that-execute-before-and-after-method – ilkerkaran Jun 26 '19 at 07:34

1 Answers1

3

Using [Authorize] without passing any parameters boils down to a call that checks whether or not the user is authenticated. From inside a service, that would look something like this:

// If any of the properties being accessed are null, assume that the user
// is not authenticated.
var isAuthenticated = httpContext?.User?.Identity?.IsAuthenticated ?? false;

To access HttpContext inside of a service, you can use IHttpContextAccessor. Here's a complete example:

public class Service
{
    private readonly IHttpContextAccessor httpContextAccessor;

    public Service(IHttpContextAccessor httpContextAccessor)
    {
        this.httpContextAccessor = httpContextAccessor;
    }

    public void ServiceFunction()
    {
        var httpContext = httpContextAccessor.HttpContext;
        var isAuthenticated = httpContext?.User?.Identity?.IsAuthenticated ?? false;

        if (isAuthenticated)
        {
            // The user is authenticated.
        }
    }
}

If you want to apply an authorisation policy, you can use IAuthorizationService. Here's a complete example of that:

public class Service
{
    private readonly IHttpContextAccessor httpContextAccessor;
    private readonly IAuthorizationService authzService;

    public Service(IHttpContextAccessor httpContextAccessor,
        IAuthorizationService authzService)
    {
        this.httpContextAccessor = httpContextAccessor;
        this.authzService = authzService;
    }

    public async Task ServiceFunction()
    {
        var httpContext = httpContextAccessor.HttpContext;
        var isAuthenticated = httpContext?.User?.Identity?.IsAuthenticated ?? false;

        if (isAuthenticated)
        {
            // The user is authenticated.

            var authzResult = await authzService.AuthorizeAsync(
                httpContext.User,
                "PolicyName");

            if (authzResult.Succeeded)
            {
                // The user is authorised.
            }
        }
    }
}

Note: To use IHttpContextAccessor, you might need to add services.AddHttpContextAccessor(); to your Startup.ConfigureServices method.

Kirk Larkin
  • 84,915
  • 16
  • 214
  • 203