using System.Net; using System.Security.Claims; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Mvc; var builder = WebApplication.CreateBuilder(args); // Add services to the container. // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); builder.Services.AddDataProtection(); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); #region Basic const string AuthCookie = "auth"; app.MapGet("/secured-method", (HttpContext ctx) => { // authentication if (ctx.Request.Cookies.ContainsKey(AuthCookie)) { var cookie = ctx.Request.Cookies[AuthCookie]; var parts = cookie!.Split("&").ToList(); var entityType = parts[1].Split(":")[1]; // authorization if (entityType == "admin") { return "secured message"; } else if (entityType == "user") { return "common message"; } } ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; return "Unauthorized"; }); app.MapGet("/login-admin", (HttpContext ctx) => { var cookie = "user:ivan&type:admin"; ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}"; }); app.MapGet("/login-user", (HttpContext ctx) => { var cookie = "user:danil&type:user"; ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}"; }); #endregion #region Secured //todo: add to services const string DataProtectorName = "cookie-protector"; // https://learn.microsoft.com/ru-ru/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-8.0 app.MapGet("/login-user-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); var cookieProtected = dp.Protect("user:danil&type:user"); ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}"; }); app.MapGet("/secured-method-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); // authentication if (ctx.Request.Cookies.ContainsKey(AuthCookie)) { var cookie = ctx.Request.Cookies[AuthCookie]!; var cookieUnprotected = dp.Unprotect(cookie); var parts = cookieUnprotected.Split("&").ToList(); var entityType = parts[1].Split(":")[1]; // authorization if (entityType == "admin") { return "secured message"; } else if (entityType == "user") { return "common message"; } } ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; return "Unauthorized"; }); #endregion #region Claims //todo: uncomment // app.Use((ctx,next) => { var protector = ctx.RequestServices.GetService(); var dp = protector.CreateProtector(DataProtectorName); // authentication if (ctx.Request.Cookies.ContainsKey(AuthCookie)) { var cookie = ctx.Request.Cookies[AuthCookie]!; var cookieUnprotected = dp.Unprotect(cookie); var parts = cookieUnprotected.Split("&").ToList(); var entityType = parts[1].Split(":")[1]; var entityName = parts[0].Split(":")[1]; // authorization var claims = new List(); claims.Add(new Claim("Type", entityType)); claims.Add(new Claim("Name", entityName)); var identity = new ClaimsIdentity(claims); var user = new ClaimsPrincipal(identity); ctx.User = user; return next(); } ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; return Task.CompletedTask; }); app.MapGet("/login-user-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var dp = protector.CreateProtector(DataProtectorName); var cookieProtected = dp.Protect("user:danil&type:user"); ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}"; }); app.MapGet("/secured-method-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) => { var user = ctx.User; if (user.FindFirst("Type")?.Value == "admin") { return "secured message"; } else if (user.FindFirst("Type")?.Value == "user") { return "common message"; } return null; }); #endregion app.Run();