This middleware provides the option to not execute requests whenever the Authorization-Evaluation header of a HTTP request is set to a truthy value.
Providing this header allows for a policy agent (like OpenPolicyAgent) to evaluate the request and when granted, preventing the HTTP request's further execution.
This workflow is useful when using client apps (i.e. SPAs like Angular) and you need to check whether the user has certain permissions to access resources within the client app, but without having to allow public access to the policy agent.
NOTE: This package currently requires the usage of a policy middleware. This library only prevents requests from being executed whenever the policy server grants the request. Whenever the request is granted and this middleware prevents the execution, the request will receive a 204 (No Content) response.
dotnet add package Noticia.AspNetCore.AuthorizationEvaluationMiddleware
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthorizationEvaluation();
...
}