The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.

2023-04-07 19:12:14 +03:00 · 2023-04-07 19:12:14 +03:00 · ebb0f4de62
parent d85ed53cdf
commit ebb0f4de62
6 changed files with 29 additions and 4 deletions
--- a/Directory.Build.props
+++ b/Directory.Build.props
@ -1,7 +1,7 @@
 <Project>
  <Import Project="dependencies.props" />
  <PropertyGroup>
-    <Version>2.4.0</Version>
+    <Version>2.4.1</Version>
    <Authors>Tudor Stanciu</Authors>
    <Company>STA</Company>
    <PackageTags>Tuitio</PackageTags>
--- a/ReleaseNotes.xml
+++ b/ReleaseNotes.xml
@ -95,4 +95,12 @@
      ◾ Each user group can have roles that will be applied to all users who are part of the group.
    </Content>
  </Note>
+  <Note>
+    <Version>2.4.1</Version>
+    <Date>2023-04-07 19:12</Date>
+    <Content>
+      Authentication handler changes
+      ◾ The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.
+    </Content>
+  </Note>
 </ReleaseNotes>
--- a/src/Tuitio/Authentication/AuthenticationExtensions.cs
+++ b/src/Tuitio/Authentication/AuthenticationExtensions.cs
@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Authentication;
+// Copyright (c) 2020 Tudor Stanciu
+
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection;
 using Tuitio.Application.Abstractions;

--- a/src/Tuitio/Authentication/AuthenticationHandler.cs
+++ b/src/Tuitio/Authentication/AuthenticationHandler.cs
@ -1,4 +1,8 @@
-using Microsoft.AspNetCore.Authentication;
+// Copyright (c) 2020 Tudor Stanciu
+
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using System.Collections.Generic;
@ -25,6 +29,12 @@ namespace Tuitio.Authentication

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
+            var endpoint = Context.GetEndpoint();
+            if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
+            {
+                return AuthenticateResult.NoResult();
+            }
+
            var token = GetAuthorizationToken();
            if (token == null)
                return AuthenticateResult.Fail("AUTHORIZATION_HEADER_IS_MISSING");
--- a/src/Tuitio/Authentication/HttpContextService.cs
+++ b/src/Tuitio/Authentication/HttpContextService.cs
@ -1,4 +1,6 @@
-using Microsoft.AspNetCore.Http;
+// Copyright (c) 2020 Tudor Stanciu
+
+using Microsoft.AspNetCore.Http;
 using System.Linq;
 using System;
 using Tuitio.Application.Abstractions;
--- a/src/Tuitio/Controllers/AccountController.cs
+++ b/src/Tuitio/Controllers/AccountController.cs
@ -1,12 +1,14 @@
 // Copyright (c) 2020 Tudor Stanciu

 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using System.Threading.Tasks;
 using Tuitio.Application.CommandHandlers;

 namespace Tuitio.Controllers
 {
+    [Authorize]
    [ApiController]
    [Route("account")]
    public class AccountController : ControllerBase
@ -18,6 +20,7 @@ namespace Tuitio.Controllers
            _mediator = mediator;
        }

+        [AllowAnonymous]
        [HttpPost("login")]
        public async Task<IActionResult> Login([FromQuery] string userName, string password)
        {