FluentSecurity
FluentSecurity copied to clipboard
kristofferahl
Support for ASP.NET Web API
Hi
Is there any plans to support Web API? According to http://www.asp.net/web-api ASP.NET MVC 4 includes ASP.NET Web API.
Thaanks! Z
As soon as version 2.0 is released I will be looking into what could be done for Web API. But as I am not using Web API in any of my current projects I have to admin it's not very high on my priority list at the moment. Would probably need to team up with a Web API specialist. But feel free to fork the code base and give it a spin if you don't want to wait. Let me know if you need any help getting started.
I'm working on a version to support WebAPI.
I started working on it today, so I'll probably have several questions. =)
Basically, WebAPI should return a HttpResponseMessage instead of traditional ActionResult containing the correct HTTP status (401 in the case of access denied).
So I created a new project called FluentSecurity.WebApi where intend to implement all features that work with FluentSecurity, then I make ISecurityHandler generic interface.
I created a new project for which there is no dependence between the FluentSecurity and WebAPI.
public interface ISecurityHandler<TResult>
{
TResult HandleSecurityFor(string controllerName, string actionName, ISecurityContext securityContext);
}
In this new project added a new class HandleHttpSecurityAttribute (Asp.net MVC ActionFilters are different from Asp.net Web API).
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public class HandleHttpSecurityAttribute : ActionFilterAttribute
{
internal ISecurityHandler<HttpResponseMessage> Handler { get; private set; }
public HandleHttpSecurityAttribute() : this(ServiceLocator.Current.Resolve<ISecurityHandler<HttpResponseMessage>>()) { }
public HandleHttpSecurityAttribute(ISecurityHandler<HttpResponseMessage> securityHandler)
{
Handler = securityHandler;
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
var controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.FullName;
var securityContext = SecurityContext.Current;
securityContext.Data.RouteValues = actionContext.ControllerContext.RouteData.Values;
var overrideResult = Handler.HandleSecurityFor(controllerName, actionName, securityContext);
if (overrideResult != null) actionContext.Response = overrideResult;
}
}
In this line ServiceLocator.Current.... how can I solve this dependence without creating a new dependency with Asp.net Web API?
Hey, that's awesome!
Could you get in touch with me through email (mail [at] 77dynamite.com)? Think we need to have a proper chat.
Is there a fork for these changes? I'd be interested in looking at the code and possibly using it in an upcoming project.
Had a quick look at the repository of @Ridermansb but could not find anything there. Or did I perhaps miss it?
There is not a fork, for now. I was just reviewing the project to see what changes would be needed.
This change is a bit more complex and have not had time to work on it.
I know this will be a great feature, and I am working on a project that uses Web API. Soon I will need this feature and I'll work on it.
Sorry for the delay, next week I will try to work on this feature
Riderman de Sousa Barbosa web developer at Bind Solution http://bindsolution.com/ careers.stackoverflow.com/ridermansb about.me/ridermansb @ridermansb https://twitter.com/#!/ridermansb On Fri, Oct 26, 2012 at 6:40 PM, Kristoffer Ahl [email protected]:
Had a quick look at the repository of @Ridermansbhttps://github.com/Ridermansbbut could not find anything there. Or did I perhaps miss it?
— Reply to this email directly or view it on GitHubhttps://github.com/kristofferahl/FluentSecurity/issues/19#issuecomment-9826262.
To tell you the truth, my guess is that the changes required are too big for it to be included in v.2.0. However, I've been getting more and more requests for this feature and I'm also doing more and more WebApi work myself. So I really want to see WebApi supported by FluentSecurity.
My thought is that we could start by doing a SPIKE, getting it to work and trying it out in our projects. We could probably produce nugets and release it as a separate package. One thing to have in mind though is that we should try to avoid tying it too much to WebApi. I see a possebility for this to be used in other frameworks (like NancyFx etc) and would love it if we could build a solid core and have multiple implementations (Mvc, WebApi, Nancy, ...).
When/if you decide to start working on this, please keep me in the loop and share your work as early as possible. I have a pretty solid idea of how I would like things to progress.
I'm also interested in making FluentSecurity work with Web API. I don't have a whole lot of experience with FluentSecurity, but am using it in an MVC project, where I'm introducing Web API as well. I'd like to be able to consolidate on FS for securing both MVC and Web API controllers.
@aknuds1 Cool! I'll ping everybody in this thread when it's time to roll up the sleeves and get going.
Hi,
what is the status of this? Should be expect some version with WebAPI support in a very near future? :) Thank you!
P.S.: working on a project atm that could use it :)
is there any fork which can be progressed to completion to support WebApi support
@swapneeld I'm afraid I don't know of any forks that have completed WebApi support. However, I am currently working on a branch refactoring the core of FluentSecurity so that it should be quite easy to implement WebApi support as well. Will post here when there is something we can work from.
OK, so it's time for an update on our progress with WebApi support in FluentSecurity...
We are currently working on a SPIKE that will add basic support for handling WebApi security with FluentSecurity. It is still pretty rough but we have reached the point where we need you, the community, to help us evaluate and test what we have. To begin with, we are looking for a few pre alpha testers who can provide us with feedback.
So if you want to be the first to try FluentSecurity with WebApi support, please send us an email ([email protected]) or ping us on twitter (@FluentSecurity) and we can hook you up! First-come, first-served!
We need you're feedback!
I just finished packaging up a new pre alpa package and we could use some more feedback. So follow and ping us on twitter (@FluentSecurity) or drop us an email at [email protected]. First-come, first-served!
Has this progressed at all? Just tried using FluentSecurity on a WebApi project I'm just creating and it's complaining that my ApiController must be convertible to System.Web.Mvc.Controller. I've got version 2.1 installed. If the package has progressed, but is not yet released then I'd be happy to test it.
Thanks!
