SteveT SteveT - 3 months ago 54
C# Question

Bypass Authorize Attribute in .Net Core for Release Version

Is there a way to "bypass" authorization in asp.net core? I noticed that the Authorize attribute no longer has a AuthorizeCore method with which you could use to make decisions on whether or not to proceed with auth.

Pre .net core you could do something like this:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// no auth in debug mode please
#if DEBUG
return true;
#endif

return base.AuthorizeCore(httpContext);
}


I hope I'm not missing something blatantly obvious but it would be nice to be able to skip the auth workflow in DEBUG if needed. I just haven't been able to find it for .net core

Answer

As pointed out in the comments, you can create a base class for all your requirement handlers.

public abstract class RequirementHandlerBase<T> : AuthorizationHandler<T> where T : IAuthorizationRequirement
{
    protected sealed override Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement)
    {
#if DEBUG
        context.Succeed(requirement);

        return Task.FromResult(true);
#else
        return HandleAsync(context, requirement);
#endif
    }

    protected abstract Task HandleAsync(AuthorizationHandlerContext context, T requirement);
}

Then derive your requirement handlers from this base class.

public class AgeRequirementHandler : RequirementHandlerBase<AgeRequirement>
{
    protected override HandleAsync(AuthorizationHandlerContext context, AgeRequirement requirement)
    {
        ... 
    }
}

public class AgeRequirement : IRequrement 
{
    public int MinimumAge { get; set; }
}

And then just register it.

services.AddAuthorization(options =>
{
    options.AddPolicy("Over18",
                      policy => policy.Requirements.Add(new AgeRequirement { MinimumAge = 18 }));
});
Comments