Enable authorization for proxy routes #265
Conversation
| { | ||
| endpointBuilder.Metadata.Add(AnonymousAuthorization); | ||
| } | ||
| else if (!string.IsNullOrEmpty(source.Authorization)) |
There was a problem hiding this comment.
Is there a way to add multiple Policy to a route?
There was a problem hiding this comment.
No, what would that mean?
This is the same as adding an Authorize attribute on a controller.
| { | ||
| endpointBuilder.Metadata.Add(AnonymousAuthorization); | ||
| } | ||
| else if (!string.IsNullOrEmpty(source.Authorization)) |
There was a problem hiding this comment.
Is there a way to set Authentication Scheme for AuthorizeAttribute?
There was a problem hiding this comment.
The auth schemes can be set on the policy, is that enough?
src/ReverseProxy/Abstractions/RouteDiscovery/Contract/AuthorizationContants.cs
Outdated
Show resolved
Hide resolved
| { | ||
| internal static class AuthorizationContants | ||
| { | ||
| internal const string Default = "Default"; |
There was a problem hiding this comment.
I believe it's better to set public visibility on type's member if the type itself is scoped internal.
There was a problem hiding this comment.
Why? You get the same behavior either way.
src/ReverseProxy/Abstractions/RouteDiscovery/Contract/ProxyRoute.cs
Outdated
Show resolved
Hide resolved
src/ReverseProxy/Abstractions/RouteDiscovery/Contract/AuthorizationConstants.cs
Outdated
Show resolved
Hide resolved
| using Microsoft.Extensions.DependencyInjection; | ||
| using Microsoft.Extensions.Options; | ||
|
|
||
| namespace Microsoft.ReverseProxy.Auth.Sample |
There was a problem hiding this comment.
Why is this sample doing auth with MVC?
There was a problem hiding this comment.
Because I needed something visual and self-contained.
Or do you mean I should use razor pages instead?
| hash ^= ClusterId.GetHashCode(); | ||
| } | ||
|
|
||
| if (!string.IsNullOrEmpty(AuthorizationPolicy)) |
There was a problem hiding this comment.
I just looked at this hash function and realized how crazy expensive this is. How often is it used? Not very I hope.
There was a problem hiding this comment.
Once per config reload.
5 participants
#122 This enables proxy routes to integrate with the existing ASP.NET Core authentication and authorization infrastructure.
This should unblock most users. I expect some feedback on the scenario for flowing user information to the destination server, we'll need to wait and see what people's scenarios are.