wan24-ASP-Authorization 1.4.0

dotnet add package wan24-ASP-Authorization --version 1.4.0                
NuGet\Install-Package wan24-ASP-Authorization -Version 1.4.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="wan24-ASP-Authorization" Version="1.4.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add wan24-ASP-Authorization --version 1.4.0                
#r "nuget: wan24-ASP-Authorization, 1.4.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install wan24-ASP-Authorization as a Cake Addin
#addin nuget:?package=wan24-ASP-Authorization&version=1.4.0

// Install wan24-ASP-Authorization as a Cake Tool
#tool nuget:?package=wan24-ASP-Authorization&version=1.4.0                

wan24-ASP-Authorization

This library helps with ASP.NET authorization in case you'd like to use dynamic authorization (authZ) attributes.

NOTE: Authentication (authN) is required to be setup - otherwise ASP.NET won't authorize anything and fail.

How to get it

This library is available as NuGet package.

Usage

var builder = WebApplication.CreateBuilder(args);
...
// Sadly authorization won't work without authentication
builder.Services.AddAuthentication...;
...
// Will call builder.Services.AddAuthorization(), too
builder.AddWan24AuthZ();
...
var app = builder.Build();
...
// Mandatory..
app.UseAuthentication();
...
// Authorize after authentication (and routing, etc.)
app.UseAuthorization();
...
app.Run();

Or to use a fake authentication handler, which authenticates EVERYTHING:

var builder = WebApplication.CreateBuilder(args);
...
// CAUTION: Authenticates EVERYTHING!
builder.AddWan24FakeAuthN();
...
// Will call builder.Services.AddAuthorization(), too
builder.AddWan24AuthZ();
...
var app = builder.Build();
...
// Mandatory..
app.UseAuthentication();
...
// Authorize after authentication (and routing, etc.)
app.UseAuthorization();
...
app.Run();

CAUTION: The fake authentication handler authenticates EVERYTHING and makes it possible to use authorization in case you don't want to use authentication.

Create a custom authorization attribute

Your custom authorization attribute:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class YourAuthZAttribute() : AuthZAttributeBase()
{
	public override Task<bool?> HandleRequirementAsync(
		AuthorizationHandlerContext context, 
		HttpContext? httpContext, 
		AuthZRequirement requirement
		)
	{
		// Handle your authorization logic based on the given context informations and
		// return NULL, if you've called context.Succeed/Fail from within this method
		// return TRUE, if authorized
		// return FALSE, if unauthorized
	}
}

Usage in an API controller:

[YourAuthZAttribute]
public class YourController : ControllerBase
{
	...
}

Factory authorization attributes

These attributes are available from the wan24.ASP.Authorization.Attributes namespace:

Authorize networks

Using the NetworksAttribute you can authorize access based on the peers IP address (taken from HttpContext.Connection.RemoteIpAddress):

[Networks("127.0.0.1/32")]

The networks must be CIDR notated. You can also unauthorize specific networks using this attribute:

[Networks(deny: true, "127.0.0.1/32")]

NOTE: Multiple attributes are allowed.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.4.0 82 9/21/2024
1.3.0 87 9/9/2024
1.2.0 118 8/16/2024
1.1.0 102 5/11/2024
1.0.0 116 4/21/2024