c# - How do i set up a default for ActiveAuthenticationSchemes? -


in asp.net core 2 project, have custom authenticationhandler middleware want plug in. 

public class basicauthenticationmiddleware : authenticationhandler<authenticationschemeoptions> {     public basicauthenticationmiddleware(ioptionsmonitor<authenticationschemeoptions> options,         iloggerfactory logger, urlencoder encoder, isystemclock clock)         : base(options, logger, encoder, clock)     {     }     protected override task<authenticateresult> handleauthenticateasync()     {         var principal = new genericprincipal(new genericidentity("user"), null);         var ticket = new authenticationticket(principal, new authenticationproperties(), "basicauth");         return task.fromresult(authenticateresult.success(ticket));     } }

in startup have following:

public void configureservices(iservicecollection services) {     services.addmvc();     services.addauthentication(options =>     {         options.defaultauthenticatescheme = "basicauth";         options.defaultchallengescheme = "basicauth";         options.addscheme("basicauth", x => {             x.displayname = "basicauthenticationmiddleware";             x.handlertype = typeof(basicauthenticationmiddleware);         });     }); }

and view controller:

[route("api/[controller]")] public class valuescontroller : controller {     // api/values/works     [httpget]     [route("works")]     [authorize(activeauthenticationschemes = "basicauth")]     public string works()     {         return "works";     }      // api/values/doesnotwork     [httpget]     [route("doesnotwork")]     [authorize]     public string doesnotwork()     {         return "does not work";     }  }

my authenticator handleauthenticateasync called when specify activeauthenticationschemes scheme name, otherwise not. have demo app showing behavior here: https://github.com/johnpaguirre/authenticationschemaproblem

i want basicauthenticationmiddleware log in demo logic. how can make activeauthenticationschemes default "basicauth" requests?

anyone have ideas on missing?

i don't think can set default, have other options.

  1. create own custom authorisation attribute:

    public class basicauthauthorizeattribute : authorizeattribute {     public basicauthauthorizeattribute()     {         activeauthenticationschemes = "basicauth";     } }

    and use on actions before:

    [basicauthauthorize] public string someaction() {     //snip }

  2. add authorize attribute actions , override needed. that, in `` method:

    public void configureservices(iservicecollection services) {     services.addmvc(options =>     {         options.filters.add(new authorizeattribute         {             activeauthenticationschemes = "basicauth"          });      });      //snip }

    and overriding it:

    [allowanonymous] public string unsecureaction() {     //snip }

Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more