Closed szalapski closed 4 years ago
@szalapski,interesting question. Do you have a link or an example for this pattern in "vanilla" ASP.NET Core route mapping?
Yes, here it is https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-3.1. If I have controllers with [Authorize(...)] on them, I would like to convert them to .Map so that I can eliminate the controllers, but still have authorization on them.
I don’t see the .Map
example in your link. I might be missing it?
Let's take an example similar to those in that link. Suppose inside of the following controller method was nothing but a call to this.HttpProxyAsync
:
public class AdministrationController : Controller
{
[Authorize(Roles = "Administrator")]
public Task SetTime() => this.HttpProxyAsync(...);
}
Is there or could there be any way to convert this to .Map syntax, so that I can get rid of the controller, while still retaining the [Authorize] attribute on that route?
@szalapski, maybe something like this health checks example?
You mean via middleware? Middleware .UseAuthorization
is already in place, and it needs attributes on methods and/or classes to determine what routes to subject to middleware. Not sure how I could do this with a route requested with Map
.
@szalapski, were you able to work around this?
Only with explicit controllers.
On Fri, Jul 31, 2020, 5:38 PM Aaron Roney notifications@github.com wrote:
@szalapski https://github.com/szalapski, were you able to work around this?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/twitchax/AspNetCore.Proxy/issues/53#issuecomment-667414434, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUY5MIZ2TBNPQKOQF2NK4TR6NBWLANCNFSM4NNINGXA .
Have you tried using WithIntercept
?
app.UseProxies(proxies => {
proxies.Map(proxy => proxy.UseHttp("http://google/com/", http => http.WithIntercept(async context => {
if(!context.User.IsInRole("Admin") /* Or whatever else you need to check here. */)
{
context.Response.StatusCode = 401;
await context.Response.WriteAsync("You need to be an admin!");
return true;
}
return false;
})));
});
Cool...I think that should work. I wonder if there could be a way to use an actual AuthorizeAttribute with this? My only concern over the "manual" way you specify above is that future developers might only look for [Authorize] and not think about custom code like the above. But I suppose that might not be too big a concern.
Yeah, I can see that as being a problem, for sure. Any specific reason you are trying to stay away from controllers?
Is there any way to add an AuthorizeAttribute on
Map
ped proxy routes without creating a controller for them?