Skip to content
/ remote-claim-transformation Public

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

8 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

amiru3f/remote-claim-transformation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
.github
.github
 
 
Auth
Auth
 
 
Controllers
Controllers
 
 
Properties
Properties
 
 
Services
Services
 
 
.gitignore
.gitignore
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 
RemoteClaimTransformer.csproj
RemoteClaimTransformer.csproj
 
 
appsettings.json
appsettings.json
 
 
remote-claim-transformation.sln
remote-claim-transformation.sln
 
 

Repository files navigation

A simple .Net Claim Authorization using claims-transformer

This app demostrates how to read user claims through a remote endpoint and authorize with dynamic permission claims without complex hackings

Problem: Consider you want to authorize your APIs, either Minimal-Apis or Controller-Based ones with permission-claim comming from a remote endpoint instead of being inside the JWT

There are lots of hacks to solve such a simple problem.

  • Using Authorization filters
  • Replacing .Net Authorization Service (wow :D)
  • Pushing custom-middlewares before built-in ones
  • A combination of customized attributes and reflection or code generators
  • A combination of using [Authorize(Role=..)] with putting the permissions into the Role claim and hacking User.IsInRole(...) function by changing RoleClaimType to "Permission"
  • and:

Pretty simple .Net out-of-the-box supprted interface, IClaimsTranformation which lets you transform the user claims before entering the Authorization middleware. This approach is supported both in MinimalApis and Controllers style. For the sake of MinimalApis there is already an implemented RequireClaim() extensions that enables you to check the specific permission claim, and for the latter you just need an additional Policy-Requirement pair to ensure the specific permission value exists in the user claims

How to run

Make sure you have .Net 8.0 v8.0.100-preview.6 installed

Just run the project in debug mode and use the following curl to check both of the endpoints

$ curl localhost:5000/grant-through-minimal-api -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v
$ curl localhost:5000/access-through-controller -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v

See also:

About

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages