is there way "bypass" authorization in asp.net core? noticed authorize attribute no longer has authorizecore method use make decisions on whether or not proceed auth.
pre .net core this:
protected override bool authorizecore(httpcontextbase httpcontext) { // no auth in debug mode please #if debug return true; #endif return base.authorizecore(httpcontext); } i hope i'm not missing blatantly obvious nice able skip auth workflow in debug if needed. haven't been able find .net core
as pointed out in comments, can create base class requirement handlers.
public abstract class requirementhandlerbase<t> : authorizationhandler<t> t : iauthorizationrequirement { protected sealed override task handlerequirementasync(authorizationhandlercontext context, t requirement) { #if debug context.succeed(requirement); return task.fromresult(true); #else return handleasync(context, requirement); #endif } protected abstract task handleasync(authorizationhandlercontext context, t requirement); } then derive requirement handlers base class.
public class agerequirementhandler : requirementhandlerbase<agerequirement> { protected override handleasync(authorizationhandlercontext context, agerequirement requirement) { ... } } public class agerequirement : irequrement { public int minimumage { get; set; } } and register it.
services.addauthorization(options => { options.addpolicy("over18", policy => policy.requirements.add(new agerequirement { minimumage = 18 })); }); 
Comments
Post a Comment