Auths/Cookie.Basic/Program.cs

using System.Net;
using System.Security.Claims;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Mvc;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();

#region Basic

const string AuthCookie = "auth";

app.MapGet("/secured-method", (HttpContext ctx) =>
{
    // authentication
    if (ctx.Request.Cookies.ContainsKey(AuthCookie))
    {
        var cookie = ctx.Request.Cookies[AuthCookie];
        var parts = cookie!.Split("&").ToList();
        var entityType = parts[1].Split(":")[1];

        // authorization
        if (entityType == "admin")
        {
            return "secured message";
        }
        else if (entityType == "user")
        {
            return "common message";
        }
    }

    ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
    return "Unauthorized";
});

app.MapGet("/login-admin", (HttpContext ctx) =>
{
    var cookie = "user:ivan&type:admin";
    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
});

app.MapGet("/login-user", (HttpContext ctx) =>
{
    var cookie = "user:danil&type:user";
    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
});

#endregion

#region Secured
//todo: add to services
//builder.Services.AddDataProtection();

const string DataProtectorName = "cookie-protector";
// https://learn.microsoft.com/ru-ru/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-8.0


app.MapGet("/login-user-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
{
    var dp = protector.CreateProtector(DataProtectorName);
    var cookieProtected = dp.Protect("user:danil&type:user");
    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
});

app.MapGet("/secured-method-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
{
    var dp = protector.CreateProtector(DataProtectorName);
    
    // authentication
    if (ctx.Request.Cookies.ContainsKey(AuthCookie))
    {
        var cookie = ctx.Request.Cookies[AuthCookie]!;
        
        var cookieUnprotected = dp.Unprotect(cookie);
        
        var parts = cookieUnprotected.Split("&").ToList();
        var entityType = parts[1].Split(":")[1];

        // authorization
        if (entityType == "admin")
        {
            return "secured message";
        }
        else if (entityType == "user")
        {
            return "common message";
        }
    }

    ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
    return "Unauthorized";
});

#endregion

#region Claims

//todo: uncomment
//
// app.Use((ctx,next) =>
// {
//     var protector = ctx.RequestServices.GetService<IDataProtectionProvider>();
//     var dp = protector.CreateProtector(DataProtectorName);
//     
//     // authentication
//     if (ctx.Request.Cookies.ContainsKey(AuthCookie))
//     {
//         var cookie = ctx.Request.Cookies[AuthCookie]!;
//         
//         var cookieUnprotected = dp.Unprotect(cookie);
//         
//         var parts = cookieUnprotected.Split("&").ToList();
//         var entityType = parts[1].Split(":")[1];
//         var entityName = parts[0].Split(":")[1];
//
//         // authorization
//         var claims = new List<Claim>();
//         claims.Add(new Claim("Type", entityType));
//         claims.Add(new Claim("Name", entityName));
//         
//         var identity = new ClaimsIdentity(claims);
//         var user = new ClaimsPrincipal(identity);
//         ctx.User = user;
//         
//         return next();
//     }
//
//     ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
//     return Task.CompletedTask;
// });

app.MapGet("/login-user-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
{
    var dp = protector.CreateProtector(DataProtectorName);
    var cookieProtected = dp.Protect("user:danil&type:user");
    ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
});

app.MapGet("/secured-method-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
{
    var user = ctx.User;
    
    if (user.FindFirst("Type")?.Value == "admin")
    {
        return "secured message";
    }
    else if (user.FindFirst("Type")?.Value == "user")
    {
        return "common message";
    }

    return null;
});

#endregion


app.Run();