Simple token based authentication/authorization in asp.net core for Mongodb datastore

by

Let me clarify a little @Adem’s answer. You need to to implement custom middleware in specific way. There is 3 abstract classes that need to be implemented to implementing this (answer is correct for asp.net core rc2btw):

Microsoft.AspNetCore.Builder.AuthenticationOptions
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware<TOptions>
Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions>

and then add this middleware to your startup class.

Code example:

public class TokenOptions : AuthenticationOptions
    {
        public TokenOptions() : base()
        {
            AuthenticationScheme = "Bearer";
            AutomaticAuthenticate = true;
        }
    }

public class AuthMiddleware : AuthenticationMiddleware<TokenOptions>
{
    protected override AuthenticationHandler<TokenOptions> CreateHandler()
    {
       return new AuthHandler(new TokenService());
    }

    public AuthMiddleware(RequestDelegate next, IOptions<TokenOptions> options, ILoggerFactory loggerFactory, UrlEncoder encoder) : base(next, options, loggerFactory, encoder)
    {
    }
}

public class AuthHandler : AuthenticationHandler<TokenOptions>
{
    private ITokenService _tokenService;

    public AuthHandler(ITokenService tokenService)
    {
        _tokenService = tokenService;
    }

    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        string token = null;
        AuthenticateResult result = null;
        string token = Helper.GetTokenFromHEader(Request.Headers["Authorization"]);
        // If no token found, no further work possible
        if (string.IsNullOrEmpty(token))
        {
            result = AuthenticateResult.Skip();
        }
        else
        {
            bool isValid = await _tokenService.IsValidAsync(token);
            if (isValid)
            {
                //assigning fake identity, just for illustration
                ClaimsIdentity claimsIdentity = new ClaimsIdentity("Custom");
                var claims = new List<Claim>();
                claims.Add(new Claim(ClaimTypes.Name, "admin"));
                claims.Add(new Claim(ClaimTypes.NameIdentifier, "admin"));
                claims.Add(new Claim(ClaimTypes.Role, "admin"));
                ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
                result =
                    AuthenticateResult.Success(new AuthenticationTicket(claimsPrincipal,
                        new AuthenticationProperties(), Options.AuthenticationScheme));
            }
            else
            {
                result = AuthenticateResult.Skip();
            }
        }

        return result;
    }
}`

p.s. The code is just for illustration of idea. You will need to implement your own handler of course.

More Related Contents:

  1. How do you create a custom AuthorizeAttribute in ASP.NET Core?
  2. Token Based Authentication in ASP.NET Core (refreshed)
  3. Custom Authentication in ASP.Net-Core
  4. ASP.NET Core 2.0 disable automatic challenge
  5. ASP.NET 5 Authorize against two or more policies (OR-combined policy)
  6. Increase upload file size in Asp.Net core
  7. How to read ASP.NET Core Response.Body?
  8. Timeouts with long running ASP.NET MVC Core Controller HTTPPost Method
  9. Token Based Authentication in ASP.NET Core
  10. ASP.NET Core 2.0 authentication middleware
  11. How to update values into appsetting.json?
  12. Render Razor View to string in ASP.NET Core
  13. How to return a specific status code and no contents from Controller?
  14. ASP.NET Core 2.0 LDAP Active Directory Authentication
  15. Store complex object in TempData
  16. .NET Core Identity Server 4 Authentication VS Identity Authentication
  17. Unable to create migrations after upgrading to ASP.NET Core 2.0
  18. How to implement custom authentication in ASP.NET MVC 5
  19. Windows authentication in asp.net 5
  20. ASP.NET Core disable authentication in development environment
  21. Convert IHtmlContent/TagBuilder to string in C#
  22. ToArrayAsync() throws “The source IQueryable doesn’t implement IAsyncEnumerable”
  23. Unable to resolve service for type while attempting to activate
  24. Change the JSON serialization settings of a single ASP.NET Core controller
  25. Dependency injection, inject with parameters
  26. How to return HTTP 500 from ASP.NET Core RC2 Web Api?
  27. How to stream with ASP.NET Core
  28. ‘HttpPostedFileBase’ in Asp.Net Core 2.0
  29. How to implement a “pure” ASP.NET Core Web API by using AddMvcCore()
  30. ASP.NET Core – Authorization Using Windows Authentication

Leave a Comment