Open yorek opened 1 year ago
When setting "authenticate-devmode-requests": true
in the Host section of the runtime config, this will allow you to define any role in the x-ms-api-role header and have that role honored for your request. Have you utilized that?
Ah thanks for the clarification @seantleonard. No, I haven't tried as I understood it would only simulate the authenticated
system role. I'll try it ASAP and update the documentation accordingly. Thanks!
I tried setting
"authenticate-devmode-requests": false,
but I couldn't set the desired role by sending the X-MS-API-ROLE
with the role I want to test. For example this request:
curl --request GET \
--url http://localhost:5000/api/books \
--header 'X-MS-API-ROLE: author'
was always treated as anonymous
Related to #865
"authenticate-devmode-requests": false,
@yorek, I believe you need to set it to true
to get the desired effect of honoring the author
role set in X-MS-API-ROLE
With #899 merged in, need to evaluate if we still need any additional settings.
Revising title to "Simulating authenticated user claims using config" to capture the latest feature ask.
When "mode" != "development" && "provider.name" == "emulator" then Error.
When running in development mode, there should be an option to tell DAB to automatically assume that the request is authenticated and consider any role passed in via X-MS-API-ROLE valid, to facilitate debugging and testing of defined permissions. For example, this could be a configuration that defines what I just described:
The
emulator
provide could also, in future, allow for more configuration so that also claims could be injected in the context that is available to the developer, in order to also more easily debug policies.For example: