If I understand the issue correctly you would do this via some custom middleware. I usually see authorization being done using the claims based policy stuff nowadays.
On Tue, Jul 27, 2021 at 6:31 PM Greg Keogh <[email protected]> wrote: > It's not Friday, but I've got a complaint. > > In a fresh .NET 5 Web Api I want to implement the simplest authorization > technique using a header like x-auth-key: xyzzy. I could do this my old > legacy way of using an IActionFilter class OnActionExecuting to inspect the > headers and cause an error response (that works). But I wanted to do it > "the formal modern way" so I went looking for guidance. After about 7 hours > of searching and experiments I have found nothing that works. I found at > least a dozen samples that used completely different classes, interfaces > and configuration, but some won't compile, some have no effect, some are > too complex to bother coding, and those that do work do not have enough > context information available to complete my logic or I don't know how to > set return values. > > I read years ago that an aim of Core was to unify and > simplify configuration to make it more extensible. Most of my time wasted > today was fumbling around in Startup.cs with extension methods, lambas, > fluent syntax and a hundred unfamiliar classes. Microsoft hasn't made > config easier, they've made it harder than solving differential equations > in a maze in the dark. I also spent an hour fumbling around configuring > Swagger as well because it's now part of the problem. > > Overall, I'm getting progressively more upset and depressed about the > complexity of some large parts of the .NET ecosystem. Things aren't getting > easier! > > *Greg K* >
