How does ASP.NET Core AuthorizeAttribute work under the hood?
ASP.NET Core AuthorizeAttribute is just a marker containing a little data and no behavior (source). Whatever visits the attribute must contain the behavior.
What visits AuthorizeAttribute and what does it do?
Solution
AuthorizeAttribute implemented IAuthorizeData interface
public class AuthorizeAttribute : Attribute, IAuthorizeData
app.UseAuthorization() middleware visits AuthorizeAttribute From endpoint metadata accroding to the source code:
var endpoint = context.GetEndpoint();
......
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
then it could access the scheme,policy,roles you defined when you add the Authorize attribute
You could try similar in a middleware:
app.Use(async (context, next) =>
{
var endpoint = context.GetEndpoint();
var authdata = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>();
await next.Invoke();
});
Result:
- Not much difference between ASP.NET Core sync and async controller actions
- Html number input handling in blazor
- Command dotnet ef not found
- Official documentation for JwtBearer middleware/configuration via appsettings.json?
- There was no runtime pack for Microsoft.AspNetCore.App available for the specified RuntimeIdentifier 'browser-wasm'
- Azure Blob Upload not working in ASP .Net Core Application
- Page has a binding model issue, along with some strange behaviour in the OnPost method
- The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)
- How to detect how long since a user's payment failed?
- How to model a target class for receiving a JSON HTML response in .NET 5
- BindRequired on DateTime
- How to override ASP.NET Core configuration array settings using environment variables
- How to disable warnings at solution level in .NET projects
- Get Current User in a component
- Frontend not available when front and back on same Web App Azure
- Dependency injection in custom attribute
- Blazor: Reference to child page displayed by RenderFragment Body
- How to predefine subscription prices and trial period?
- EF Core Many to Many Join Table with Extra Properties Not Working
- .net-core middleware return blank result
- Unable to resolve service for type 'System.String' while attempting to activate 'MyService'
- Publishing web api with swagger on IIS
- "Authorize" button not showing in Swagger UI (.NET 9)
- Migrate to .NET 9, Bad request (400) on controllers and API methods
- Add custom JwtBearerHandler to "AddMicrosoftIdentityWebApi" in .net7
- Stripe version 2 API?
- How to get view file content as plain string
- startup exception for aspnet core worker docker container attempting to set secret from env variable in Kubernetes
- Cannot resolve scoped service 'xx.IEnumerable`1[xx.IDbContextOptionsConfiguration`1[xx.ExampleDbContext]]...' after upgrading from .NET 8 to .NET 9
- Any luck in using AddMicrosoftIdentityWebApp in combination with IdentityServer4?