stackoom
  简体   繁体   中英

Role-based authorization in ASP.NET Web API - how to set roles on the principal?

 原文  2014-08-29 17:02:03       asp.net-web-api/ thinktecture-ident-model

Question

I am using recipe 10-3 in the newly released book ASP.NET Web Api 2 Recipes to support basic authentication in my Web API. This recipe utilizes a 3rd party library from Thinktecture. As seen from the below code, I am authentication the user against my own account service. 

using Thinktecture.IdentityModel.WebApi.Authentication.Handler;

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        ...            

        var authenticationConfiguration = new AuthenticationConfiguration();
        var accountService = ServiceLocator.Get<AccountService>();
        authenticationConfiguration.AddBasicAuthentication((userName, password) => accountService.Authenticate(userName, password));
        config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfiguration));

        ...
   }
}

Now I want to make role-based authorization in my controllers using the Authorize attribute: 

[Authorize(Roles="administrator")]
public IHttpActionResult Get()
{
    ...
}

My account service obviously knows about the users and their assigned roles, but this information is not available to the Authorize attibute (the roles are not set on the principal).

How do I accomplish this? Can the Thinktecture authentication handler be configured to set the roles on the principal? Or should I make my own custom Authorize attribute (deriving from the Authorize attribute)? And if so, should I override the OnAuthorization method to create and set the principal using my account service? Or maybe override the IsAuthorized method directly? Or maybe something else...

2 answers

solution1
 3  2014-08-30 09:09:20

The AuthenticationHandler only does authentication. You'd need to set the roles in a separate step (eg in a delegating handler).

If you are on Web API v2 - I'd rather recommend switching to the basic auth OWIN middleware

https://github.com/thinktecture/Thinktecture.IdentityModel/tree/master/source/Thinktecture.IdentityModel.Owin.BasicAuthentication

This gives you full control over the principal that gets created.

https://github.com/thinktecture/Thinktecture.IdentityModel/blob/master/samples/OWIN/AuthenticationTansformation/KatanaAuthentication/Startup.cs

There is also a nuget.

solution2
 2 ACCPTED  2014-08-30 22:27:31

I found out that the AddBasicAutentication method actually has an overload that takes a delegate for providing the roles. This is exactly what I was looking for. So now the call to AddBasicAuthentication looks like this, and everything works like a charm: 

authenticationConfiguration.AddBasicAuthentication((userName, password) => accountService.Authenticate(userName, password), (username) => accountService.GetRoles(username));

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to do role based authorization for asp.net mvc 4 web api How to do Role-based Web API Authorization using Identity Server 4 (JWT) Authorize Error - ASP.NET Web API with Token based authorization and Roles Authentication and Authorization in ASP.NET Web API with roles Role-based Authentication ASP.NET Core ASP.NET Core 3.1 Web API Role based authorization not working Implementing Authentication and role based authorization in ASP.NET MVC web API service and MVC client architecture How to create custom Authorization for ASP.NET MVC5 Web Api With Roles and Permitions for them? How to implement custom role based authorization in ASP.Net MVC Principal with new ASP.NET Web API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM