Bearer Authentication policy for ASP.NET Core 5.0
public sealed class BearerPolicyEvaluator : IPolicyEvaluator | |
{ | |
private const string Scheme = "Bearer"; | |
public Task<AuthenticateResult> AuthenticateAsync(AuthorizationPolicy _, HttpContext context) | |
{ | |
if (!context.Request.Headers.ContainsKey("Authorization")) | |
return Task.FromResult(AuthenticateResult.Fail("No Authorization header found!")); | |
string authHeader = context.Request.Headers["Authorization"]; | |
string bearerToken = authHeader?.Replace("Bearer ", string.Empty); | |
if (!string.Equals(bearerToken, "authToken", StringComparison.Ordinal)) | |
{ | |
return Task.FromResult(AuthenticateResult.Fail("Invalid token")); | |
} | |
var claims = new[] | |
{ | |
new Claim(ClaimTypes.NameIdentifier, "1000"), | |
new Claim(ClaimTypes.Name, "Deepu Madhusoodanan") | |
}; | |
var identity = new ClaimsIdentity(claims, Scheme); | |
var principal = new ClaimsPrincipal(identity); | |
var ticket = new AuthenticationTicket(principal, Scheme); | |
var authenticateResult = AuthenticateResult.Success(ticket); | |
return Task.FromResult(authenticateResult); | |
} | |
public Task<PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy _, | |
AuthenticateResult authenticationResult, HttpContext context, | |
object resource) | |
{ | |
var authorizeResult = authenticationResult.Succeeded | |
? PolicyAuthorizationResult.Success() | |
: PolicyAuthorizationResult.Challenge(); | |
return Task.FromResult(authorizeResult); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment