-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add list of authorization policies to route configuration #1159
Comments
Hi, do you have any feedback on the relevance of this feature request? |
@TomPallister any thoughts/opinion on the relevance of this feature request would be appreciated! 😃 |
Tom doesn't develop, he doesn't merge PRs, he doesn't answer in discussion threads, and he doesn't manage this repo anymore since 2020... You need to ask me (repo maintainer) and other team members, see top 3 plz. Will you contribute? Sure we will provide you all required support! |
@michaellperry Welcome! |
@michaellperry Where are you? |
You have the right to reopen this issue in the future if you come with a PR ready |
New Feature
The policy would be injected in DI as a standard asp.net service and would only expose a single method called during the PreAuthorizationMiddleware phase:
The pipeline calls all registered policies for the ReRoute and stops if any returns false.
Motivation for New Feature
Provide an easier way to configure additional authorization checks.
Today there is a workaround based on ReRoute Key, but it is far from ideal.
For instance, let's imagine this route:
DELETE http://localhost:7000/users/123/items/456
And this configuration:
Notice that /users and /items are located in separate microservices.
Still the UI have both userId and itemId and I can expose in the gateway a route mixing both.
I first use RouteClaimsRequirement to check that the user accessed in the route is the one calling the api. Then I have this code in Startup to check that he is allowed to acces the item:
Let me know if you need more details or if anything need clarification.
Cheers,
Romain.
The text was updated successfully, but these errors were encountered: