This repository has been archived by the owner on Dec 13, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 600
Policy which requires data from the request body, query #1465
Comments
The last section of this doc page covers it: |
@epignosisx This does not work for the post with data in the body. So it looks like I have to use ActionFilters to implement my security logic instead of Policies with the AuthorizationFilter. Correct? |
You should be able to access the HttpContext once you cast the resource to AuthorizationFilterContext. See below. protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SomeRequirement requirement)
{
if (context == null)
throw new ArgumentNullException(nameof(context));
if (requirement == null)
throw new ArgumentNullException(nameof(requirement));
var authFilterCtx = (Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext)context.Resource;
var httpContext = authFilterCtx.HttpContext;
...
} |
Looks like this is now answered again. Thanks for the help @epignosisx ! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I have requirements which requires me to return a 401 or 403 if the request identity is not allowed to access a resource. The resource id is sent in the request in the body or as an id in the query string.
Can I implement this in a Policy, AuthorizationHandler, IAuthorizationRequirement? How can I access the body, querystring?
Or do I have to use ActionFilters to support this?
If not what is the recommended way to support this?
The text was updated successfully, but these errors were encountered: