I have two api project
ConsumerApi
MasterApi
MasterApi is responsible for creating and validating a token. I need to protect ConsumerApi resources. That's why I have a LoginController with login method.
At first User hit this method and pass their UserName and Password. ConsumerApi then call MasterApi for a token and return the token to User. After then User use this JWT token in Authorization header as Bearer retrive_jwt_token to call ConsumerApi protected resources. To validate the token with MasterApi I have a CustomAuthorizeAttribute in ConsumerApi which I mention above this project Controllers or Methods.
Below is my CustomAuthorizeAttribute :
public class ExternalAuthorization : AuthorizeAttribute, IAuthorizationFilter
{
private readonly HttpClient _httpClient;
public ExternalAuthorization()
{
_httpClient = new HttpClient();
}
public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out var authHeader))
{
var accessToken = authHeader.ToString().Split(' ')[1];
var response = _httpClient.GetAsync(
$"https://localhost:44359/api/oauth/validate?token={accessToken}").Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
context.Result = new UnauthorizedResult();
}
}
}
}
I use this in one of my ConsumerApi controller method like below:
[ExternalAuthorization]
[HttpGet("getall")]
public IEnumerable<WeatherForecast> GetAll()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
But when I call this method I'm getting below exception
System.InvalidOperationException: Endpoint ConsumerApiClient.Controllers.WeatherForecastController.GetAll (ConsumerApi) contains authorization metadata, but a middleware was not found that supports authorization.
Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).
at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAuthMiddlewareException(Endpoint endpoint)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
HEADERS
=======
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,bn;q=0.7
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6InVzZXJfaWQiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJyZWd1bGFyIiwibmJmIjoxNTk0MTE1MDg4LCJleHAiOjE1OTQyMDE0ODgsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzU5LyIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzU5LyJ9.mOEaM_IuQ0w_CKGcMHXACXCdCOebzdc19ArSeOOgxek
Cache-Control: no-cache
Connection: close
Host: localhost:44326
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
dnt: 1
x-postman-interceptor-id: 9dc8740c-6d4d-eb6b-4376-3eefdb355cb8
postman-token: 3191c452-708a-efd0-237a-0c343eb16bd6
sec-fetch-site: none
sec-fetch-mode: cors
sec-fetch-dest: empty
Do I need to add this in StartUp.cs if so then how can I do this?
