How do we allow unauthenticated requests be executed against Authorized endpoints on ASP.NET? Let's take a look.
Photo by Philipp Katzenberger
In a previous article, I described how to extend the ASP.NET pipeline with custom security. Turns out that certain endpoints were still required to operated unauthenticated. How do we allow those requests to be processed? The solution relies on:
- Decorating the security attribute with the AllowAnonymous as discussed on the previous post.
- Detecting the current request is an ActionExecutingContext and allowing the request to proceed conditionally.
Writing a custom ActionFilter Attribute
Writing a custom ActionFilter attribute isn't complicated. Here's one code that demonstrates how to do that elegantly:Using the Attribute
Next, we ca use our attribute to decorate our actions so it runs as soon as our endpoint is hit:Conclusion
This was a quick post extending the previous discussion on how to implement custon action filters to have a better control over the requests agains our application. On this post I eexplained how you could intercept requests on your application and react to them using these attributes. For a complete understanding of the project, please the original discussionSee Also
- Adding Application Insights telemetry to your ASP.NET Core website
- Building a custom security framework with ASP.NET applications
- Security and development: how much is being done?
- Security is only as strong as the weakest link
- The Laws of security
- Privacy and Ethics
- Integrated security vulnerability alerts on GitHub - Why it matters
- Building and Running Asp.Net Core apps on Linux
