Good day everyone,
I am building a Custom Authorization handler. Within the handler, there is a context value that I need to handle.
This value is data protected via IDataProtector.
This works fine throughout my application, but I'm having trouble adding this capability to my custom handler, thus I am unable to Unprotect my context value.
Here is how I successfully implemented data protection in my controllers:
Code:
public class FlowerController(IDataProtectionProvider dataProtectionProvider)
{
private readonly IDataProtector _dataProtector = dataProtectionProvider.CreateProtector("Petunias");
public IActionResult Index(string id)
{
if (id != null)
{
string unprotectedString;
try
{
unprotectedString = _dataProtector.Unprotect(id);
}
}
}
}
The above code works without a hitch.
Here is what I built for CustomAuthorization:
Code:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public sealed class CustomAuthorizeAttribute : Attribute, IAsyncAuthorizationFilter
{
private readonly string _roleName;
public CustomAuthorizeAttribute(string RoleName)
{
_roleName = RoleName;
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var user = context.HttpContext.User; //get user
var entityID = context.RouteData.Values["id"].ToString(); // get id
//do something
var isAuthorized = true;
if (!isAuthorized)
{
context.Result = new ForbidResult();
return;
}
}
}
The implementation within my controller:
Code:
[CustomAuthorize(RoleName: "Gardener, Pruner")]
public IActionResult Edit(string id)
{
// controller stuff
}
Now, here is my attempt at implementing a CustomAuthorization handler that employs Dataprotection:
Code:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public sealed class CustomAuthorizeAttribute : Attribute, IAsyncAuthorizationFilter
{
private readonly string _roleName;
private readonly IDataProtector _dataProtector;
public CustomAuthorizeAttribute(string RoleName, IDataProtectionProvider dataProtectionProvider)
{
_roleName = RoleName;
_dataProtector = dataProtectionProvider.CreateProtector("Petunias");
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var user = context.HttpContext.User; //get user
var entityID = context.RouteData.Values["id"].ToString(); //get id (protected)
var unprotectedText = _dataProtector.Unprotect(entityID); //unprotect id
//do something
var isAuthorized = true;
if (!isAuthorized)
{
context.Result = new ForbidResult();
return;
}
}
}
In my controller, there is an error being thrown by the custom authorization tag that an argument is missing (There is no argument given that corresponds
to the required parameter 'dataProtectionProvider' of 'CustomAuthorizeAttribute.CustomAuthorizeAttribute(string, IDataProtectionProvider)'
How can I inject the Data Protection service into my handler without having to pass the argument from my Controller? Or, if I have to, the solution to my error message.
Thanks,
HM