Skip to content

Instantly share code, notes, and snippets.

@deepumi

deepumi/BearerAuthorizeFilter.cs

Created May 24, 2020 08:06
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save deepumi/6e3bacb86066ae86fcfdc9caf5f1ce35 to your computer and use it in GitHub Desktop.
Save deepumi/6e3bacb86066ae86fcfdc9caf5f1ce35 to your computer and use it in GitHub Desktop.
Download ZIP
Custom bearer authorize filter for ASP.NET Core 5.0
Raw
BearerAuthorizeFilter.cs
public sealed class BearerAuthorizeFilter : IAsyncAuthorizationFilter
{
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context?.HttpContext?.Request?.Headers == null) throw new ArgumentNullException(nameof(context));
if (!context.HttpContext.Request.Headers.ContainsKey("Authorization"))
context.Result = CreateUnauthorized();
var policyEvaluator = context.HttpContext.RequestServices.GetRequiredService<IPolicyEvaluator>();
var authenticateResult = await policyEvaluator.AuthenticateAsync(default, context.HttpContext);
var authorizeResult = await policyEvaluator.AuthorizeAsync(default, authenticateResult, context.HttpContext, context);
if (authorizeResult.Challenged)
{
context.Result = CreateUnauthorized();
return;
}
context.HttpContext.User = authenticateResult.Principal;
static IActionResult CreateUnauthorized() => new UnauthorizedObjectResult(new ErrorMessage("Unauthorized", 401));
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment