C#

Authorization in Dot NET Core 7.0 API - Part-2

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. In its most basi...

J
Joynal Abedin
August 24, 2023 · 3 min read
9

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. In its most basic form, applying the [Authorize] attribute to a controller, action, or Razor Page, limits access to that component to authenticated users. Now only authenticated users can access the Logout function.

Step_01: Go to Program.cs file & write down below code:

builder.Services.AddSwaggerGen(options =>
{
    options.AddSecurityDefinition(\"oauth2\", new OpenApiSecurityScheme
    {
        In = ParameterLocation.Header,
        Name = \"Authorization\",
        Type = SecuritySchemeType.ApiKey
    });

    options.OperationFilter();
});
builder.Services.AddAuthentication().AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuerSigningKey = true,
        ValidateAudience = false,
        ValidateIssuer = false,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetSection(\"AppSettings:Token\").Value!))
    };
});

\"\"

Step_02: Go to your Controller or method where you want to set Authorize role. I want to set WeatherForecastController get mehtod authorize role for Admin & User like below: 

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace JwtWebApiDotNet7.Controllers;

[ApiController]
[Route(\"[controller]\")]
public class WeatherForecastController : ControllerBase
{
    private static readonly string[] Summaries = new[]
    {
        \"Freezing\", \"Bracing\", \"Chilly\", \"Cool\", \"Mild\", \"Warm\", \"Balmy\", \"Hot\", \"Sweltering\", \"Scorching\"
    };

    private readonly ILogger _logger;

    public WeatherForecastController(ILogger logger)
    {
        _logger = logger;
    }

    [HttpGet(Name = \"GetWeatherForecast\"), Authorize(Roles = \"Admin, User\")]
    public IEnumerable Get()
    {
        return Enumerable.Range(1, 5).Select(index => new WeatherForecast
        {
            Date = DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
            TemperatureC = Random.Shared.Next(-20, 55),
            Summary = Summaries[Random.Shared.Next(Summaries.Length)]
        })
        .ToArray();
    }
}

Step_03: Finally set Admin & User role where you generated token like below:

        private string CreateToken(User user)
        {
            List claims = new List
            {
                new Claim(ClaimTypes.Name, user.Username),
                new Claim(ClaimTypes.Role, \"Admin\"),
                new Claim(ClaimTypes.Role, \"User\")
            };
            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.GetSection(\"AppSettings:Token\").Value!));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
            var token = new JwtSecurityToken(
                claims: claims,
                expires: DateTime.Now.AddDays(1),
                signingCredentials: creds
                );
            var jwt = new JwtSecurityTokenHandler().WriteToken(token);
            return jwt;
        }

c# dotNet API authorization
J

Written by Joynal Abedin

Passionate about technology, code, and sharing knowledge.

More Stories

0 Comments

Leave a Comment