C#•3y ago

Authorising user access to API resource

How can I authorise user access to API resources? I can't access the request context in my ASP Controller methods

x0rld•4/13/23, 8:44 PM

how did you try to access to your context?

x0rld•4/13/23, 8:44 PM

it's clearly possible

Henkypenky•4/13/23, 8:45 PM

the general way you go around this, and let me say it again, this is the general way, there are others

Henkypenky•4/13/23, 8:46 PM

but you have a site, with user/password/2fac whatever

Henkypenky•4/13/23, 8:46 PM

and the user can create api keys for you /api

Henkypenky•4/13/23, 8:46 PM

then you validate the api key and authorize the request and serve whatever is assked within authorization scope

Henkypenky•4/13/23, 8:48 PM

the api key can go in headers or in the address

Henkypenky•4/13/23, 8:48 PM

you will see both, in a lot of api's

Henkypenky•4/13/23, 8:48 PM

it can also go in the body but that's not that popular afaik

x0rld•4/13/23, 8:48 PM

I've seen in headers or in query param most of the time

Henkypenky•4/13/23, 8:48 PM

yes

Bytes Don’t BiteOP•4/14/23, 3:23 AM

I want the token to be inside the headers. But do I use DI to get the request context to my controller?

Bytes Don’t BiteOP•4/14/23, 4:25 AM

I realised the base ControllerBase has all the information I need about the request