How to allow unauthenticated requests on authorized endpoints using ASP.NET? Let's take a look.
 |
| Photo by Philipp Katzenberger on Unsplash |
In a previous article, I described how to extend the ASP.NET pipeline with custom security. Turns out that certain endpoints were still required to operated unauthenticated. How do we allow those requests to be processed? The solution relies on:
- Decorating the security attribute with the AllowAnonymous as discussed on the previous post.
- Detecting the current request is an ActionExecutingContext and allowing the request to proceed conditionally.
Writing a custom ActionFilter Attribute
Writing a custom ActionFilter attribute isn't complicated. Here's one code that demonstrates how to do that elegantly:Using the Attribute
Next, we ca use our attribute to decorate our actions so it runs as soon as our endpoint is hit:Conclusion
This was a quick post extending the previous discussion on how to implement custom action filters to have a better control over the requests agains our application. On this post I explained how you could intercept requests on your application and react to them using these attributes. For a complete understanding of the project, please the original discussionSee Also
- My journey to 1 million articles read
- Adding Application Insights telemetry to your ASP.NET Core website
- Send emails from ASP.NET Core websites using SendGrid and Azure
- Creating ASP.NET Core websites with Docker
- Building a custom security framework with ASP.NET applications
- Hosting NuGet packages on GitHub
- How and why use stronger passwords
- Security and development: how much is being done?
- Security is only as strong as the weakest link
- The Laws of security
- Privacy and Ethics
- Integrated security vulnerability alerts on GitHub - Why it matters
- Building and Running ASP.NET Core apps on Linux