Skip to content

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

Notifications You must be signed in to change notification settings

amiru3f/remote-claim-transformation

Repository files navigation

A simple .Net Claim Authorization using claims-transformer

This app demostrates how to read user claims through a remote endpoint and authorize with dynamic permission claims without complex hackings


Problem: Consider you want to authorize your APIs, either Minimal-Apis or Controller-Based ones with permission-claim comming from a remote endpoint instead of being inside the JWT

There are lots of hacks to solve such a simple problem.

  • Using Authorization filters
  • Replacing .Net Authorization Service (wow :D)
  • Pushing custom-middlewares before built-in ones
  • A combination of customized attributes and reflection or code generators
  • A combination of using [Authorize(Role=..)] with putting the permissions into the Role claim and hacking User.IsInRole(...) function by changing RoleClaimType to "Permission"
  • and:

Pretty simple .Net out-of-the-box supprted interface, IClaimsTranformation which lets you transform the user claims before entering the Authorization middleware. This approach is supported both in MinimalApis and Controllers style. For the sake of MinimalApis there is already an implemented RequireClaim() extensions that enables you to check the specific permission claim, and for the latter you just need an additional Policy-Requirement pair to ensure the specific permission value exists in the user claims

How to run

Make sure you have .Net 8.0 v8.0.100-preview.6 installed

Just run the project in debug mode and use the following curl to check both of the endpoints

$ curl localhost:5000/grant-through-minimal-api -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v
$ curl localhost:5000/access-through-controller -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v

See also:

About

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages