search

unosquare / embedio

A tiny, cross-platform, module based web server for .NET
http://unosquare.github.io/embedio
Other
1.45k stars 175 forks source link

Authentification by route #538

Open odlex opened 2 years ago

odlex commented 2 years ago

**Is your feature request related to a problem? I use bearer token module with ApiModule and i would like to implement in a same controller (same base path), free access entry point (read data) and other limited access (write) exemple: GET /data -> open access PUT /data -> need authenticate user

Describe the solution you'd like

Describe alternatives you've considered i try to override BearerTokenModule to Comment lines bellow (l.96):

if (securityToken != null)
{
    return;
}

context.Rejected();
context.SetHandled();
private string RequestBody { get; set; }

protected override void OnBeforeHandler()
{
    RequestBody = HttpContext.GetRequestBodyAsStringAsync().Result;
    //request logging
}

It work but anyone can have a better solution. Thank's by advance.

rdeago commented 2 years ago

Hello @odlex, thanks for using EmbedIO. Also, sorry for the very late answer.

Each controller should be have a method to check access or throw HttpException.Forbidden()

That's a good use case for OnBeforeHandler, as you have guessed.

also this method should be override to implement better granularity permissions

You'll have to do additonal checks at the beginning of every affected controller method. I agree this is less than optimal.

OR doing that with Attribute in completion of route to mark as secure

That would require some serious changes to WebApiModuleBase. I'm not sure there's a strong enough case to make it a priority, but I promise I'll look into it as soon as v4.0 is out.