feat: cookies

Cookie.Basic/Program.cs

@@ -0,0 +1,174 @@
+using System.Net;
+using System.Security.Claims;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Mvc;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen();
+
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+}
+
+app.UseHttpsRedirection();
+
+#region Basic
+
+const string AuthCookie = "auth";
+
+app.MapGet("/secured-method", (HttpContext ctx) =>
+{
+    // authentication
+    if (ctx.Request.Cookies.ContainsKey(AuthCookie))
+    {
+        var cookie = ctx.Request.Cookies[AuthCookie];
+        var parts = cookie!.Split("&").ToList();
+        var entityType = parts[1].Split(":")[1];
+
+        // authorization
+        if (entityType == "admin")
+        {
+            return "secured message";
+        }
+        else if (entityType == "user")
+        {
+            return "common message";
+        }
+    }
+
+    ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
+    return "Unauthorized";
+});
+
+app.MapGet("/login-admin", (HttpContext ctx) =>
+{
+    var cookie = "user:ivan&type:admin";
+    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
+});
+
+app.MapGet("/login-user", (HttpContext ctx) =>
+{
+    var cookie = "user:danil&type:user";
+    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
+});
+
+#endregion
+
+#region Secured
+//todo: add to services
+//builder.Services.AddDataProtection();
+
+const string DataProtectorName = "cookie-protector";
+// https://learn.microsoft.com/ru-ru/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-8.0
+
+
+app.MapGet("/login-user-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
+{
+    var dp = protector.CreateProtector(DataProtectorName);
+    var cookieProtected = dp.Protect("user:danil&type:user");
+    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
+});
+
+app.MapGet("/secured-method-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
+{
+    var dp = protector.CreateProtector(DataProtectorName);
+    
+    // authentication
+    if (ctx.Request.Cookies.ContainsKey(AuthCookie))
+    {
+        var cookie = ctx.Request.Cookies[AuthCookie]!;
+        
+        var cookieUnprotected = dp.Unprotect(cookie);
+        
+        var parts = cookieUnprotected.Split("&").ToList();
+        var entityType = parts[1].Split(":")[1];
+
+        // authorization
+        if (entityType == "admin")
+        {
+            return "secured message";
+        }
+        else if (entityType == "user")
+        {
+            return "common message";
+        }
+    }
+
+    ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
+    return "Unauthorized";
+});
+
+#endregion
+
+#region Claims
+
+//todo: uncomment
+//
+// app.Use((ctx,next) =>
+// {
+//     var protector = ctx.RequestServices.GetService<IDataProtectionProvider>();
+//     var dp = protector.CreateProtector(DataProtectorName);
+//     
+//     // authentication
+//     if (ctx.Request.Cookies.ContainsKey(AuthCookie))
+//     {
+//         var cookie = ctx.Request.Cookies[AuthCookie]!;
+//         
+//         var cookieUnprotected = dp.Unprotect(cookie);
+//         
+//         var parts = cookieUnprotected.Split("&").ToList();
+//         var entityType = parts[1].Split(":")[1];
+//         var entityName = parts[0].Split(":")[1];
+//
+//         // authorization
+//         var claims = new List<Claim>();
+//         claims.Add(new Claim("Type", entityType));
+//         claims.Add(new Claim("Name", entityName));
+//         
+//         var identity = new ClaimsIdentity(claims);
+//         var user = new ClaimsPrincipal(identity);
+//         ctx.User = user;
+//         
+//         return next();
+//     }
+//
+//     ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
+//     return Task.CompletedTask;
+// });
+
+app.MapGet("/login-user-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
+{
+    var dp = protector.CreateProtector(DataProtectorName);
+    var cookieProtected = dp.Protect("user:danil&type:user");
+    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
+});
+
+app.MapGet("/secured-method-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
+{
+    var user = ctx.User;
+    
+    if (user.FindFirst("Type")?.Value == "admin")
+    {
+        return "secured message";
+    }
+    else if (user.FindFirst("Type")?.Value == "user")
+    {
+        return "common message";
+    }
+
+    return null;
+});
+
+#endregion
+
+
+app.Run();