Comments (2)
horsdal
commented on August 28, 2024
I think the problem stems from requests that do not have the appropriate auth headers set.
In the Startup of HelloMicroservicesPlatform this code appears:
app.UseOwin()
.UseMonitoringAndLogging(ConfigureLogger(), HealthCheck)
.UseAuthPlatform("test-scope")
.UseNancy();
The important bit here is the UseAuthPlatform("test-scope") line which configures the auth middleware to require all requests to have an auth header and have the scope test-scope.
Unfortunately the auth middleware throws when there is no auth header instead of failing the request in a controlled manner. The bug is in line 18 of AuthorizationMiddleware.cs, which looks like this:
if (principal.HasClaim("scope", requiredScope))
When there is no auth header principal is null. Boom.
To fix it change that line to
if (principal != null && principal.HasClaim("scope", requiredScope))
Now you should get a proper 403 response when there are no auth headers.
Also worth noting is that the sample code in chapter 11 takes some fiddling to run because of the requirement for auth headers. -It's really more of an illustration than a ready to run solution.
You might consider taking out the auth platform bit and then see the other parts of the platform in action - that is the request logging, performance logging and monitor endpoints.
from microservices-in-dotnetcore.
redowl3
commented on August 28, 2024
Thanks for the update. Do you have an example request including auth headers and scope that we can try?
from microservices-in-dotnetcore.
Related Issues (9)
- Microservices in dotnet core
- Nancy latest version HOT 2
- MicroserviceNet.Platform unable to resolve for .NetCoreApp V1.1 HOT 3
- When will Chap04 converted to new .csproj? (would like to use dotnet build/run CLI) HOT 2
- Wrong chapter reference HOT 1
- Chapter 5: Empty JSON objects HOT 4
- You said in chapter 9of your book that we should use HttpClientFactory here, but in code you still use new HttpClient() I've done all as you said but my code doesn't compile, because on application startup we doesn't have dependency. Could you please clarify what should we do? HOT 1
- *.xproj cannot be opened HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from microservices-in-dotnetcore.