Comments (6)
Ok, understood.
You shouldn't return status codes from handlers - authentication and authorization should be a different middleware (being run before you actually hit your handlers, etc.). In that case, you can do simple extension methods such as this one. Within handlers, you can throw an exception, or build some additional decorators on top of them that will validate the incoming requests and plug it into the pipeline.
from convey.
Hey,
Are you looking for a way to get the UserId
(which can be any string) from the existing token? If that's the case, the solution is quite simple - it's a sub
claim, that you can get directly from JWT as its base64 encoded string (as you suggested) unless I'm not understanding you correctly.
from convey.
Sorry, to clarify - I don't see how to get the JWT token. Am I supposed to just inject an instance of IHttpContextAccessor
and pull it from the headers myself? If so, that's not a big deal. You have other services, middleware and services for interacting with auth but I didn't see anything explicit to pull the principle identity out easily.
Also, I'm not able to see an example for returning 401 Unauthorized
. I've seen how to send back a 201 Created
and a 404 Not Found
but I can't see how I am supposed to send back the 401
or mark a resource as requiring authorization in order to be hit. Again, if I have to manually check the auth for each resource handler then that's fine. If that's the case then I'll need to send back the 401 status code some how to the client.
from convey.
Thanks for the clarification. Well, to get a token, you could use IHttpContextAccessor
and pull it from the header as a string (it can be wrapped into a simple extension method), actually, I didn't think back then it might be needed.
Everything works with a standard authentication & authorization middleware, meaning that you can simply put [Authorize] attribute on top of your controllers/actions or add a custom middleware that might check the role/claims and set 401 response directly.
Speaking of custom methods such as Created()
, NotFound()
etc. - Unauthorized()
, Forbidden()
and a few have others have been just added.
from convey.
@spetz What if I'm just using handlers directly without any MVC middleware? All that I'm able to return back is a Task
on the Command handlers and the handler for Queries is constrained to the response body type of T
. I'm not sure how to specifically return back an HTTP status code from within a handler when not using MVC controllers.
For instance, in this handler I can't return 401 Unauthorized if I grab the token via IHttpContextAccessor
and determine this user is not authorized to hit use this query handler.
To your point about a custom middleware, I could do that. I'd have to do route inspection, discover the handler I'm routing to and compare against a store or attribute on what the required claims are per handler route. I can go that route - it wouldn't be a small amount of effort so I was hoping I had missed something and you had a means to handle it without MVC :)
from convey.
@spetz Awesome thanks for the guidance. I'll work towards handling things that way.
from convey.
Related Issues (20)
- Log payload deserialization exceptions HOT 2
- Update Open.Serialization Package
- Modify command, query and event dispatchers to allow generic types
- InboxMessages are not saving in EF when recieveing events and outbox is enabled and decorator added HOT 2
- UseSwaggerDocs() HOT 1
- [Question] Classes are create your own scope every time
- [Vault leases] app broken after max_ttl expires HOT 1
- Convey update v. 0.5.452 broke MessageBrokers outbox HOT 1
- [Vault leases] Wrong expiration time after renewing HOT 1
- RabbitMq JaegerPlugin Message Invalid cast exception HOT 3
- Outbox EntityFramework brak czyszczenia wygasłych/przedawnionych wpisów HOT 1
- Outbox EntityFramework - problem z mapowaniem OutboxMessage HOT 1
- Convey.Logging nuget package 0.5.491 is missing
- Convey is disposing `IConfiguration` object and breaks reloadable `IConfigurationProvider`s supplied to application HOT 3
- Filters won't work on webapi
- [RabbitMQ] Declare Quorum Queues HOT 2
- Azure Service Bus Support for MessageBrokers packages HOT 12
- [Consul] Provide service ID to health check
- HandlersLoggingDecorator Logs commands/events even if messages has been handled and stored in outbox HOT 1
- Call the custom filter before executing the handler HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from convey.