Ocelot icon indicating copy to clipboard operation
Ocelot copied to clipboard

Published 20 hours ago verified publisher icon ThreeMammals

How can I implement policy based authorization with Ocelot?

Open tmkhan opened this issue 4 years ago • 8 comments

Feature

Actual Behavior

Further, I tried to access claims with HttpContext.User.Identities, but it giving null.

tmkhan avatar Dec 17 '20 06:12 tmkhan

i have same problem. i tried to access to Claims with context.User.Claims but it return null. there was no problem in version 14.0.9 before

aliprogrammer69 avatar Jan 31 '21 16:01 aliprogrammer69

I have the same problem. This has to be a bug. I cannot upgrade until I figure out why this is happening.

andrei-manulife avatar Feb 10 '21 19:02 andrei-manulife

i checked the source code and found the problem. this problem accouris because of "MultiplexingMiddleware:46" which this is inevitable. to solve the problem, read authorization infos (identities, claims and etc) from PreAuthenticationMiddleware

aliprogrammer69 avatar Feb 14 '21 09:02 aliprogrammer69

i checked the source code and found the problem. this problem accouris because of "MultiplexingMiddleware:46" which this is inevitable. to solve the problem, read authorization infos (identities, claims and etc) from PreAuthenticationMiddleware

This is bad!!! If MultiplexingMiddleware DO NOT Passing HttpContext.User, ClaimsToHeadersMiddleware will not work because it will get default ClaimsPrincipal and its claims is empty!

No source.User reference : https://github.com/ThreeMammals/Ocelot/blob/3ef6abd7465fc77632e4b2d5189fbbf47b457867/src/Ocelot/Multiplexer/MultiplexingMiddleware.cs#L163-L188

httpContext.User where create from MultiplexingMiddleware.Copy: https://github.com/ThreeMammals/Ocelot/blob/3ef6abd7465fc77632e4b2d5189fbbf47b457867/src/Ocelot/Headers/Middleware/ClaimsToHeadersMiddleware.cs#L34

Kation avatar May 28 '21 09:05 Kation

The bug has been accepted due to ready PR #1462

  • #1462

raman-m avatar Aug 24 '23 13:08 raman-m

@raman-m we should keep in mind that issue when refactoring the multiplexing middleware. https://github.com/ThreeMammals/Ocelot/pull/1826

ggnaegi avatar Feb 13 '24 20:02 ggnaegi

@ggnaegi I'd like to prioritize #1462 to merge it before your #1826

raman-m avatar Feb 13 '24 20:02 raman-m

@tmkhan on Dec 17, 2020

Hi! Regarding your question:

How can I implement policy based authorization with Ocelot?

Policy-based authentication can be implemented all time for each regular ASP.NET app mostly for all Ocelot versions. See Microsoft docs:

In version 23.0 we've delivered new Multiple Authentication Schemes feature which allows not grouping schemes but try to authenticate multiple times. Another approach is definition of custom auth-policy grouping all required schemes and use it for authentication. But such definitions of policies are outside of Ocelot's responsibilities.

raman-m avatar Feb 15 '24 10:02 raman-m