Bearer Authentication policy for ASP.NET Core 5.0
| public sealed class BearerPolicyEvaluator : IPolicyEvaluator | |
| { | |
| private const string Scheme = "Bearer"; | |
| public Task<AuthenticateResult> AuthenticateAsync(AuthorizationPolicy _, HttpContext context) | |
| { | |
| if (!context.Request.Headers.ContainsKey("Authorization")) | |
| return Task.FromResult(AuthenticateResult.Fail("No Authorization header found!")); | |
| string authHeader = context.Request.Headers["Authorization"]; | |
| string bearerToken = authHeader?.Replace("Bearer ", string.Empty); | |
| if (!string.Equals(bearerToken, "authToken", StringComparison.Ordinal)) | |
| { | |
| return Task.FromResult(AuthenticateResult.Fail("Invalid token")); | |
| } | |
| var claims = new[] | |
| { | |
| new Claim(ClaimTypes.NameIdentifier, "1000"), | |
| new Claim(ClaimTypes.Name, "Deepu Madhusoodanan") | |
| }; | |
| var identity = new ClaimsIdentity(claims, Scheme); | |
| var principal = new ClaimsPrincipal(identity); | |
| var ticket = new AuthenticationTicket(principal, Scheme); | |
| var authenticateResult = AuthenticateResult.Success(ticket); | |
| return Task.FromResult(authenticateResult); | |
| } | |
| public Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy _, | |
| AuthenticateResult authenticationResult, HttpContext context, | |
| object resource) | |
| { | |
| var authorizeResult = authenticationResult.Succeeded | |
| ? PolicyAuthorizationResult.Success() | |
| : PolicyAuthorizationResult.Challenge(); | |
| return Task.FromResult(authorizeResult); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment