Claims-based authorization

When you want to authorize based on user claims, then we can use claims-based authorization. A real-world example would be when you are driving a vehicle and the traffic police stop you, suspecting you are younger than 18 years. Then, you take out your driving license and claim that you are a perfectly legal age to drive . The police accept your claim (since it is issued by a valid authority) and let you drive on. This is claims-based authorization. Claims-based authorization checks are also declarative and can be decorated on a controller or action. Claims requirements are policy-based, so like in the previous section, we need to register the policy at startup, expressing the claims requirement. In the preceding example, the code would look like this:

services.AddAuthorization(options =>
    {
        options.AddPolicy("RequireClaim", policy => 
        policy.RequireClaim("<<Claim Needed>>"));
    });

This discussion should have given you a pretty clear view of authentication and authorization, and you should now be able to dive deep into these topics and broaden and deepen your knowledge on these fundamental concepts.

We also notice that all authentication and authorization is implemented in the ConfigureServices() method of the Startup class where the pipeline is  configured and middleware is added. To complete the discussion, let's quickly understand the ASP.NET Core pipeline, and how it serves the requests. The following diagram illustrates how the request is served by ASP.NET Core in a step-by-step fashion:

Here is the flow:

  1. The browser sends the HTTP request to the server. The request is received by the reverse proxy.
  2. The request is forwarded by the reverse proxy to ASP.NET Core.
  3. The ASP.NET Core web server receives the request and routes it through its pipeline, through middleware. After passing through middleware, the request is processed by the ASP.NET Core application, which generates the response and passes it back.
  4. The ASP.NET Core web server sends the response to the reverse proxy.
  5. The HTTP response is sent to the browser.
A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. It can be defined as a software component that is responsible for receiving requests and forwarding them on to the appropriate web server. The reverse proxy is exposed directly to the internet, whereas the underlying web server is exposed only to the proxy. This setup has several benefits, primarily security and performance for web servers.

Let's look at the details of Step 3, as it talks about the ASP.NET Core web server and its pipeline, which is our area of interest. First things first. What is middleware?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset