The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.

master
Tudor Stanciu 2023-04-07 19:12:14 +03:00
parent d85ed53cdf
commit ebb0f4de62
6 changed files with 29 additions and 4 deletions

View File

@ -1,7 +1,7 @@
<Project>
<Import Project="dependencies.props" />
<PropertyGroup>
<Version>2.4.0</Version>
<Version>2.4.1</Version>
<Authors>Tudor Stanciu</Authors>
<Company>STA</Company>
<PackageTags>Tuitio</PackageTags>

View File

@ -95,4 +95,12 @@
◾ Each user group can have roles that will be applied to all users who are part of the group.
</Content>
</Note>
<Note>
<Version>2.4.1</Version>
<Date>2023-04-07 19:12</Date>
<Content>
Authentication handler changes
◾ The authentication handler has been updated to skip the token validation if the method from controller is marked with [AllowAnonymous] attribute.
</Content>
</Note>
</ReleaseNotes>

View File

@ -1,4 +1,6 @@
using Microsoft.AspNetCore.Authentication;
// Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.DependencyInjection;
using Tuitio.Application.Abstractions;

View File

@ -1,4 +1,8 @@
using Microsoft.AspNetCore.Authentication;
// Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using System.Collections.Generic;
@ -25,6 +29,12 @@ namespace Tuitio.Authentication
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var endpoint = Context.GetEndpoint();
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
{
return AuthenticateResult.NoResult();
}
var token = GetAuthorizationToken();
if (token == null)
return AuthenticateResult.Fail("AUTHORIZATION_HEADER_IS_MISSING");

View File

@ -1,4 +1,6 @@
using Microsoft.AspNetCore.Http;
// Copyright (c) 2020 Tudor Stanciu
using Microsoft.AspNetCore.Http;
using System.Linq;
using System;
using Tuitio.Application.Abstractions;

View File

@ -1,12 +1,14 @@
// Copyright (c) 2020 Tudor Stanciu
using MediatR;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;
using Tuitio.Application.CommandHandlers;
namespace Tuitio.Controllers
{
[Authorize]
[ApiController]
[Route("account")]
public class AccountController : ControllerBase
@ -18,6 +20,7 @@ namespace Tuitio.Controllers
_mediator = mediator;
}
[AllowAnonymous]
[HttpPost("login")]
public async Task<IActionResult> Login([FromQuery] string userName, string password)
{