C#•2mo ago

Controller methods that rely on JWT authentication using another service

Is there a way to handle these methods without writing so much duplicated code? For example CRUD methods like this:

       [HttpPut("OnaAuth")]
       public async Task<ActionResult<UpMediaDto>> UpdateUpMediaByOnaToken([FromBody] UpMediaDto upMediaDto)
       {
           if (upMediaDto == null)
           {
               throw new InvalidOperationException("UpMediaDto is required.");
           }

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
           var user = await _userService.GetUserByOnaIdAsync(OnaId);
           ... other logic
       }

       [HttpPut("OnaAuth")]
       public async Task<ActionResult<UpMediaDto>> UpdateUpMediaByOnaToken([FromBody] UpMediaDto upMediaDto)
       {
           if (upMediaDto == null)
           {
               throw new InvalidOperationException("UpMediaDto is required.");
           }

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
           var user = await _userService.GetUserByOnaIdAsync(OnaId);
           ... other logic
       }

I need to repeat this chunk over and over in every method that relies on the JWT:

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);

What other ways are there?

5 Replies

surwrenOP•2mo ago

I tried making a custom Annotation to mark interceptor, but it didn't work; I registered the interceptor and everything ):

Pobiega•2mo ago

Why an interceptor? Seems a good fit for a normal actionfilter or just write your own authenticationhandler and use [Authorize]

Imtiaz•2mo ago

Have you considered using middlewares? Implementing a custom middleware could be an ideal solution.

WAASUL•2mo ago

As Pobiega mentioned. Just use the Authorize attribute. If you need further checks then you can create your own Authorization attribute.

surwrenOP•2mo ago

I did try, but I can't selectively apply the middleware to some endpoints only I tried creating a custom annotation for that but it would not work either I used the actionfilter in the end. I didn't really understand the [Authorize] thing I need to try soon, what are the main differences other than that [Authorize] integrates with the dotNET authentication?

Gaming

Programming

Controller methods that rely on JWT authentication using another service

Did you find this page helpful?