Skip to content
/ remote-claim-transformation Public

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

8 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

amiru3f/remote-claim-transformation

BranchesTags

Repository files navigation

A simple .Net Claim Authorization using claims-transformer

This app demostrates how to read user claims through a remote endpoint and authorize with dynamic permission claims without complex hackings

Problem: Consider you want to authorize your APIs, either Minimal-Apis or Controller-Based ones with permission-claim comming from a remote endpoint instead of being inside the JWT

There are lots of hacks to solve such a simple problem.

  • Using Authorization filters
  • Replacing .Net Authorization Service (wow :D)
  • Pushing custom-middlewares before built-in ones
  • A combination of customized attributes and reflection or code generators
  • A combination of using [Authorize(Role=..)] with putting the permissions into the Role claim and hacking User.IsInRole(...) function by changing RoleClaimType to "Permission"
  • and:

Pretty simple .Net out-of-the-box supprted interface, IClaimsTranformation which lets you transform the user claims before entering the Authorization middleware. This approach is supported both in MinimalApis and Controllers style. For the sake of MinimalApis there is already an implemented RequireClaim() extensions that enables you to check the specific permission claim, and for the latter you just need an additional Policy-Requirement pair to ensure the specific permission value exists in the user claims

How to run

Make sure you have .Net 8.0 v8.0.100-preview.6 installed

Just run the project in debug mode and use the following curl to check both of the endpoints

$ curl localhost:5000/grant-through-minimal-api -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v
$ curl localhost:5000/access-through-controller -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MGE5ZGRmOS0yZmY0LTQ3NDAtOGI3Yy1iYmRjOGI2NjVkNmMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxNjIzOTAyMiwiaXNzIjoidGVzdC10cmFuc2Zvcm1lciJ9.Cjfq2WjBlaMwIr6lXo4STrRaDLrryiAHcjJZSMBKUkE' -v

See also:

About

Simple .Net solution for claim-based authorization supported by AspnetCore out-of-the-box

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages