I am currently trying to develop a WebAPI (.NET Core) which has some controller actions that should use HTTP Basic Authentication. To implement this, I have written an ActionFilterAttribute which I can then use in my controller to restrict access to certain actions. This all workes well if I do something like this:
BasicAuthAttribute.cs
public class BasicAuthAttribute : ActionFilterAttribute{
private string _username { get; set; }
private string _password { get; set; }
public BasicAuthAttribute(string username, string password) {
_username = username;
_password = password;
}
public override void OnActionExecuting(ActionExecutingContext actionContext) {
//do Auth check...
}
}
In the controller I then use it as following:
SomeController.cs
[BasicAuth("testuser","testpassword")]
[HttpGet("{id}")]
public IActionResult Get(string id) {
return new ObjectResult("Test");
}
Now I do not want to specify username ond password in SomeController.cs. Instead I would like to store them in appsettings.json. How is it possible to access values stored in appsettings.json in the OnActionExecuting method in the ActionFilterAttribute?
If I change the constructor of BasicAuthAttribute to the following, .Net expects me to pass the settings, which is not possible. Dependency Injection seems not to work here.
public BasicAuthAttribute(IOptions<AppSettings> appSettings) {}
Any help or ideas would be appreciated
UPDATE based on Set's answer:
I ended up changing the attribute to a filter. In case anybody else needs it see the working solution below:
BasicAuthFilter.cs
public class BasicAuthFilter : IActionFilter {
protected AppSettings _settings { get; set; }
public BasicAuthAttribute(IOptions<AppSettings> appSettings) {
_settings = appSettings;
}
public void OnActionExecuted(ActionExecutedContext context) {
//nothing to do here
}
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
//do Auth check...
}
}
SomeController.cs
public class SomeController : Controller {
[TypeFilter(typeof(BasicAuthFilter))]
[HttpGet("{id}")]
public IActionResult Get(string id) {
return new ObjectResult("Test");
}
}
The appsettings. json file is an application configuration file used to store configuration settings such as database connections strings, any application scope global variables, etc. If you open the ASP.NET Core appsettings. json file, then you see the following code by default which is created by visual studio.
appsettings. json is one of the several ways, in which we can provide the configuration values to ASP.NET core application. You will find this file in the root folder of our project. We can also create environment-specific files like appsettings.
Filters section in ASP.NET Core documentation explains how to use DI:
If your filters have dependencies that you need to access from DI, there are several supported approaches. You can apply your filter to a class or action method using one of the following:
ServiceFilterAttribute
TypeFilterAttribute
IFilterFactory
implemented on your attributeIf you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With