Security.HmacAuthentication
Security.HmacAuthentication copied to clipboard
ademcaglin
asp.net core authentication with .Map()
i'm trying to use hmac authentication on specific api controllers which starts with/api/extso i added these configuration on startup class
app.Map("/api/ext", builder =>
{
builder.UseHmacAuthentication(new HmacAuthenticationOptions
{
SecretKey = "abc670d15a584f4baf0ba48455d3b155",
AppId = "jDEf7bMcJVFnqrPd599aSIbhC0IasxLBpGAJeW3Fzh4=",
AutomaticAuthenticate = true
});
builder.UseMvc();
});
but when i send the request i'm getting 404 not found error but when i remove above code it hits the controller action.
and then i came up with this
bool IsApiRequest(HttpContext context) => context.Request.Path.ToString().StartsWith("/api/ext/");
app.UseWhen(IsApiRequest, builder =>
{
builder.UseHmacAuthentication(new HmacAuthenticationOptions
{
SecretKey = "abc670d15a584f4baf0ba48455d3b155",
AppId = "jDEf7bMcJVFnqrPd599aSIbhC0IasxLBpGAJeW3Fzh4=",
AutomaticAuthenticate = true
});
});
seems it works now (validate properly and hit controller action)
then on controller action public async Task<IActionResult> Test([FromBody] ApiIdentityUser model) model gets null but when i remove middleware authentication gets values.. any thought?
@empitegayan @ademcaglin I have ported the code over to ASP.NET Core 2.0: https://github.com/markuspalme/Security.HmacAuthentication
@markuspalme, thanks for porting this over to Core 2.0. Unfortunately, much like this port (https://github.com/RredCat/WebApiHMACAuthentication), POST requests fail. Remove the auth and the POST request succeeds. Add it back in, and the request fails.
Interestingly, the auth seems to succeed, and then the request fails. I noticed none of your tests are POST requests. Any insight?
@PerryD I have opened an issue in my repository. Let me dig deeper and get back to you there.
https://github.com/markuspalme/Security.HmacAuthentication/issues/1