Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Simple token based authentication/authorization in asp.net core for Mongodb datastore

Tags:

c#

authentication

asp.net-core

authorization

asp.net-core-mvc

I need to implement pretty simple auth mechanizm with basically 2 roles: Owners and Users. And I think that having Enum for that will be enough. App itself is SPA with webapi implemented via Asp.net core. I saw article - how to implement it using EF Identity, but their models looks much more complex than I actually need and EF oriented to SQL db, and I using mongo. So my user will looks something like:

class UserModel{
    Id, 
    Token, 
    Roles: ["Owners", "Users"],
    ...
}

So what interfaces I need to implement and add to DI to be able use [Authorize] and [Authorize(Roles="Users")] attribute and they worked correctly based on token I send in header?

like image 393
silent_coder Avatar asked May 23 '16 17:05

silent_coder

People also ask

Can you use MongoDB with ASP.NET Core?

Driver package allows . NET Core to connect to the MongoDB database. ou'll use the Microsoft. AspNetCore.

1 Answers

You can use custom middleware to authenticate user and set claims(name, roles etc.).

I will try to write a simple middleware:

First create a middlware class:

public class CustomMiddleware
{
    private readonly RequestDelegate _next;
    private readonly UserRepository _userRepository;

    public CustomMiddleware(RequestDelegate next, UserRepository userRepository)
    {
        _next = next;
        _userRepository = userRepository; 
    }

    public async Task Invoke(HttpContext context)
    {
        string token = context.Request.Headers["Token"];
        var user = _userRepository.Get(token);
        ClaimsIdentity claimsIdentity = new ClaimsIdentity("Custom");
        var claims = new List<Claim>();
        claims.Add(new Claim(ClaimTypes.Name, "admin"));
        claims.Add(new Claim(ClaimTypes.NameIdentifier, "admin"));
        foreach(var role in user.Roles)
        {
            claims.Add(ClaimTypes.Role, role);
        }
        ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
        context.User = claimsPrincipal;
        await _next(context);
    }
}

Then use middleware in Startup.cs like this:

   public void Configure(IApplicationBuilder app)
    {
        app.UseMiddleware<CustomMiddleware>();
        ...
    }

Finally use Authorize attribute:

[Authorize(Roles = "Users")]
public IActionResult Index()
{
}
like image 108
adem caglin Avatar answered Oct 09 '22 20:10

adem caglin
Sign in to Comment

Related questions

Calling dism.exe from System.Diagnostics.Process Fails
Proper way to use LINQ with CancellationToken
Check if a string contains date or not
Why KnownTypeAttribute need in WCF [closed]
An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
Injecting arrays with Unity
Make "default" text to appear in an empty TextBox without focus using XAML
C# Sort files by natural number ordering in the name?
Random DateTime between range - not unified output
Access Modifiers with Interfaces [closed]
When does Thread.CurrentThread.Join() make sense?
Converting Excel cell to percentage using epplus
How to create a Guid with all zero elements?
Can't select controls on my form
How to get a byte array length using LINQ to Entities?
Get the index of Item selected in ListView
wpf Button.MouseLeftButtonDown doesnt work at all
SQLite Error: The 'DbProviderFactories' section can only appear once per config file (IBM Client Access)
Ignoring case in Linq.Any, C#
List of distinct dates

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!