C
C#•4d ago
Arch Leaders

Restrict register endpoint using ASP.NET Core Identity

I'm using ASP.NET Core Identity as my authentication flow in a simple Web API. However, because the register/login/etc endpoints are automatically created, I can't restrict any of the endpoints like I usually would. Is there a way to configure the default requirements (claims) for any one of the auto-generated endpoints? For example, I don't want /register to be public, I would like it to require an Admin claim. Is this possible?
6 Replies
Arch Leaders
Arch Leaders•4d ago
I can restrict all of them using this, however this also restricts /login which doesn't work for obvious reasons. 
app.MapIdentityApi<User>()
    .RequireAuthorization(x => x.RequireClaim("Admin"));
app.MapIdentityApi<User>()
    .RequireAuthorization(x => x.RequireClaim("Admin"));
Found an SO post that suggested just copying the extension class from MS and making my changes. I'm open to a cleaner solution though.
Joschi
Joschi•4d ago
I believe you could write a policy and conditionally apply the requirements based on the requested route in the AuthorizationHandler
tera
tera•4d ago
you could write a middleware but anyway that register endpoint is really meant to be used by the user creating their account, not an admin so you should rather just copy and edit it to suit your needs whole MapIdentityApi is not much code well ok 500ish lines 😂 but its not complicated stuff
tera
tera•4d ago
https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/IdentityApiEndpointRouteBuilderExtensions.cs
GitHub
aspnetcore/src/Identity/Core/src/IdentityApiEndpointRouteBuilderExt...
ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux. - dotnet/aspnetcore
tera
tera•4d ago
i feel like this is just meant as a starting point.. it's not gonna fit everyones needs you likely don't need everything that it includes actually nvm about this point, seems fine either way
Arch Leaders
Arch Leaders•3d ago
Hm, I'll look into it. Thanks!
Want results from more Discord servers?
Add your server
More Posts
Request for in depth material regarding auth implementation in. netI want to get a decent grasp of how to properly implement dotnet auth in core MVC. Material i foundThread when starting a process```cs System.Diagnostics.Process process = new System.Diagnostics.Process(); Microsoft DataFrame example not workingHello there, I'm trying to understand Microsoft DataFrames for a c# project where I need to sum dataProperly output caching an APII have a .Net 8 Web API (controllers) and I want to do the following: Cache the output of all succeTrying to get a small free database?Hi :D ! I am watching some youtube tutorials to read & write on an exel file but all the tutorials a✅ Strange parsing error with docker instanceSo I have a program that scrapes prices and parses them into longs with these lines of code ```cshaTidying and making a repeat column fasterHi, I'm making an website and i need to format string so that every symbol is formatted into its appnew command fixing memory leak.So i have been able to fix memory leak on Windows and forms but cant figure out how todo it with pag✅ Refresh Token + JWT + IdentityHi! I can't find a way how to implement refresh token part with Identity. Most tutorials online don'✅ Refresh token for IdentityHi! What's the correct way to implement refresh token in AspNetCore Identity? Can I use `.SetAuthent