Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add AspNetCoreOperationSecurityScopeProcessor #2090

Merged
merged 1 commit into from Apr 12, 2019

Conversation

Projects
None yet
2 participants
@softworkz
Copy link
Contributor

softworkz commented Apr 8, 2019

This doesn't compile by default!
It requires aspnetcore2.2

I still thought it might be worth sharing this as it solves the following problems:

  • fixes bug with existing OperationSecurityScopeProcessor which marks all methods as requiring authorization
  • Uses EndpointMetadata from ActionDescriptor instead of custom code for detecting attributes. This makes sure that we're getting the exact same results as the aspnetcore runtime
  • Checks for presence of the AllowAnonymous attribute
  • The current code in OperationSecurityScopeProcessor is incorrectly concatenating AuthorizeAttributes of the method with AuthorizeAttributes of the declaring type and then doing 'SelectMany'. This is incorrect. Attributes of the declaring type should only be used when there's no such attribute on the method. That problem doesn't exist with the code in this PR
@RicoSuter

This comment has been minimized.

Copy link
Owner

RicoSuter commented Apr 12, 2019

Ill merge and only compile it into the 2.2+ assemblies... this way it should work. Is that ok?

@softworkz

This comment has been minimized.

Copy link
Contributor Author

softworkz commented Apr 12, 2019

Yes, that's great. It's the code we're having in production...

@RicoSuter RicoSuter merged commit 328b133 into RicoSuter:master Apr 12, 2019

RicoSuter added a commit that referenced this pull request Apr 12, 2019

@RicoSuter

This comment has been minimized.

Copy link
Owner

RicoSuter commented Apr 12, 2019

Added some reflection to make this work in .net standard 2.0...

Thanks for the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.