问题
I have been unable to find information on this particular issue after the 2.0 changes to .NET Core.
I have cookie authorization like this:
services.AddAuthentication("ExampleCookieAuthenticationScheme")
.AddCookie("ExampleCookieAuthenticationScheme", options => {
options.AccessDeniedPath = "/Account/Forbidden/";
options.LoginPath = "/Account/Login/";
});
For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am unable to get the headers, or they have been made only for facebook, google, cookies etc.
How do I add an authorization that performs a simple header check in .Net core 2.0?
回答1:
It is possible to perform simple authorization check using a custom middleware. But if it is required to apply the custom middleware for selected controllers or action methods, you can use Middleware filter.
Middleware and its app builder extension:
public class SimpleHeaderAuthorizationMiddleware
{
private readonly RequestDelegate _next;
public SimpleHeaderAuthorizationMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context){
string authHeader = context.Request.Headers["Authorization"];
if(!string.IsNullOrEmpty(authHeader))
{
//TODO
//extract credentials from authHeader and do some sort or validation
bool isHeaderValid = ValidateCredentials();
if(isHeaderValid){
await _next.Invoke(context);
return;
}
}
//Reject request if there is no authorization header or if it is not valid
context.Response.StatusCode = 401;
await context.Response.WriteAsync("Unauthorized");
}
}
public static class SimpleHeaderAuthorizationMiddlewareExtension
{
public static IApplicationBuilder UseSimpleHeaderAuthorization(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return app.UseMiddleware<SimpleHeaderAuthorizationMiddleware>();
}
}
In order to use middleware as a filter, you need to create a type with Configure method that specifies the middleware pipeline that you want to use.
public class SimpleHeaderAuthorizationPipeline
{
public void Configure(IApplicationBuilder applicationBuilder){
applicationBuilder.UseSimpleHeaderAuthorization();
}
}
Now you can use the above type in specific controller or action methods like this:
[MiddlewareFilter(typeof(SimpleHeaderAuthorizationPipeline))]
public class ValuesController : Controller
{
}
来源:https://stackoverflow.com/questions/46744561/how-to-do-simple-header-authorization-in-net-core-2-0