using System.Net; using System.Security.Claims; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Mvc; var builder = WebApplication.CreateBuilder(args); // Add services to the container. // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); #region Basic const string AuthCookie = "auth"; app.MapGet("/secured-method", (HttpContext ctx) => { // authentication if (ctx.Request.Cookies.ContainsKey(AuthCookie)) { var cookie = ctx.Request.Cookies[AuthCookie]; var parts = cookie!.Split("&").ToList(); var entityType = parts[1].Split(":")[1]; // authorization if (entityType == "admin") { return "secured message"; } else if (entityType == "user") { return "common message"; } } ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; return "Unauthorized"; }); app.MapGet("/login-admin", (HttpContext ctx) => { var cookie = "user:ivan&type:admin"; ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}"; }); app.MapGet("/login-user", (HttpContext ctx) => { var cookie = "user:danil&type:user"; ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}"; }); #endregion #region Secured //todo: add to services //builder.Services.AddDataProtection(); const string DataProtectorName = "cookie-protector"; // https://learn.microsoft.com/ru-ru/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-8.0 app.MapGet("/login-user-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); var cookieProtected = dp.Protect("user:danil&type:user"); ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}"; }); app.MapGet("/secured-method-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); // authentication if (ctx.Request.Cookies.ContainsKey(AuthCookie)) { var cookie = ctx.Request.Cookies[AuthCookie]!; var cookieUnprotected = dp.Unprotect(cookie); var parts = cookieUnprotected.Split("&").ToList(); var entityType = parts[1].Split(":")[1]; // authorization if (entityType == "admin") { return "secured message"; } else if (entityType == "user") { return "common message"; } } ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; return "Unauthorized"; }); #endregion #region Claims //todo: uncomment // // app.Use((ctx,next) => // { // var protector = ctx.RequestServices.GetService(); // var dp = protector.CreateProtector(DataProtectorName); // // // authentication // if (ctx.Request.Cookies.ContainsKey(AuthCookie)) // { // var cookie = ctx.Request.Cookies[AuthCookie]!; // // var cookieUnprotected = dp.Unprotect(cookie); // // var parts = cookieUnprotected.Split("&").ToList(); // var entityType = parts[1].Split(":")[1]; // var entityName = parts[0].Split(":")[1]; // // // authorization // var claims = new List(); // claims.Add(new Claim("Type", entityType)); // claims.Add(new Claim("Name", entityName)); // // var identity = new ClaimsIdentity(claims); // var user = new ClaimsPrincipal(identity); // ctx.User = user; // // return next(); // } // // ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; // return Task.CompletedTask; // }); app.MapGet("/login-user-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); var cookieProtected = dp.Protect("user:danil&type:user"); ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}"; }); app.MapGet("/secured-method-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var user = ctx.User; if (user.FindFirst("Type")?.Value == "admin") { return "secured message"; } else if (user.FindFirst("Type")?.Value == "user") { return "common message"; } return null; }); #endregion app.Run();