C
C#2d ago
surwren

Controller methods that rely on JWT authentication using another service

Is there a way to handle these methods without writing so much duplicated code? For example CRUD methods like this: 
       [HttpPut("OnaAuth")]
       public async Task<ActionResult<UpMediaDto>> UpdateUpMediaByOnaToken([FromBody] UpMediaDto upMediaDto)
       {
           if (upMediaDto == null)
           {
               throw new InvalidOperationException("UpMediaDto is required.");
           }

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
           var user = await _userService.GetUserByOnaIdAsync(OnaId);
           ... other logic
       }
       [HttpPut("OnaAuth")]
       public async Task<ActionResult<UpMediaDto>> UpdateUpMediaByOnaToken([FromBody] UpMediaDto upMediaDto)
       {
           if (upMediaDto == null)
           {
               throw new InvalidOperationException("UpMediaDto is required.");
           }

           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
           var user = await _userService.GetUserByOnaIdAsync(OnaId);
           ... other logic
       }
I need to repeat this chunk over and over in every method that relies on the JWT: 
           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
           if (!Request.Headers.TryGetValue("Authorization", out var authorizationHeader))
           {
               throw new InvalidOperationException("Authorization header is required.");
           }

           var token = authorizationHeader.ToString().Replace("Bearer ", string.Empty);
           if (string.IsNullOrEmpty(token))
           {
               throw new InvalidOperationException("Token is required.");
           }

           var userInfoUri = new Uri(new Uri(_apiSettings.BaseUrl), _apiSettings.UserInfoRoute);
           var client = _httpClientFactory.CreateClient();

           int OnaId = await HttpHandler.GetOnaIdAsync(client, userInfoUri, token);
What other ways are there?
4 Replies
surwren
surwrenOP2d ago
I tried making a custom Annotation to mark interceptor, but it didn't work; I registered the interceptor and everything ):
Pobiega
Pobiega2d ago
Why an interceptor? Seems a good fit for a normal actionfilter or just write your own authenticationhandler and use [Authorize]
Imtiaz
Imtiaz2d ago
Have you considered using middlewares? Implementing a custom middleware could be an ideal solution.
WAASUL
WAASUL2d ago
As Pobiega mentioned. Just use the Authorize attribute. If you need further checks then you can create your own Authorization attribute.
Want results from more Discord servers?
Add your server