Tingle.AspNetCore.Authorization 4.7.0

.NET 6.0

dotnet add package Tingle.AspNetCore.Authorization --version 4.7.0

NuGet\Install-Package Tingle.AspNetCore.Authorization -Version 4.7.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Tingle.AspNetCore.Authorization" Version="4.7.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add Tingle.AspNetCore.Authorization --version 4.7.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Tingle.AspNetCore.Authorization, 4.7.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install Tingle.AspNetCore.Authorization as a Cake Addin
#addin nuget:?package=Tingle.AspNetCore.Authorization&version=4.7.0

// Install Tingle.AspNetCore.Authorization as a Cake Tool
#tool nuget:?package=Tingle.AspNetCore.Authorization&version=4.7.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Tingle.AspNetCore.Authorization

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.

Authorization is orthogonal and independent of authentication. However, authorization requires an authentication mechanism. Authentication is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.

Below are some of the functionalities that the library provides to aid with authorization work flows.

IP Address Based Authorization

User Defined IPs

It is a common scenario whereby we may require to only allow HTTP requests from certain IPs.

In appsettings.json ...

{
    "AllowedNetworks": [
      "::1/128",
      "127.0.0.1/32"
    ]
}

In Program.cs ...

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("my_auth_policy", policy =>
    {
        policy.AddAuthenticationSchemes("my_auth_scheme")
              .RequireAuthenticatedUser()
              .RequireApprovedNetworks(Configuration.GetSection("AllowedNetworks"));
    });
});

// add accessor for HttpContext i.e. implementation of IHttpContextAccessor
builder.Services.AddHttpContextAccessor();

// add IAuthorizationHandler for approved networks
builder.Services.AddApprovedNetworksHandler();

Details of the implementation of my_auth_scheme authentication scheme have been omitted here since it is beyond the scope of this discussion. More details on how to handle authentication in ASP.NET Core can be found here.

The above code section defines my_auth_policy authorization policy which ensures the user who has been authenticated via the my_auth_scheme has access to the resource they're trying to gain access to. Using RequireApprovedNetworks extension method on the AuthorizationPolicyBuilder we can then add a comma separated list of IP networks that are approved to access the resource from.

We also have added a call to the services.AddHttpContextAccessor() extension method in order to allow us to gain access to the HttpContext which contains the details of the IP address that the request is originating from.

Finally, we have a call to the services.AddApprovedNetworksHandler() which adds an instance of the ApprovedIPNetworkHandler. This authorization handler then makes a decision if authorization is allowed by checking if the request IP is among the networks provided in the authorization policy.

Now, we can use this functionality to authorize access to a controller as shown below:

[Authorize("my_auth_policy")]
public class DummyController : ControllerBase
{
    ...
}

Is that it?... Wait there's more!

Fully Qualified Domain Names

Alternatively, you can provide a list of fully qualified domain names and each of them will be resolved to the list of IP addresses. Let us see how to do this with an example:

In appsettings.json ...

{
    "AllowedDomains": ["contoso.com", "northwind.com"]
}

In Program.cs ...

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("my_auth_policy", policy =>
    {
        policy.AddAuthenticationSchemes("my_auth_scheme")
              .RequireAuthenticatedUser()
              .RequireNetworkFromDns(Configuration.GetSection("AllowedDomains"));
    });
});

// add accessor for HttpContext i.e. implementation of IHttpContextAccessor
builder.Services.AddHttpContextAccessor();

// add IAuthorizationHandler for approved networks
builder.Services.AddApprovedNetworksHandler();

Azure IPs

For developers who are working with Microsoft Azure, and they'd wish to allow all their IP addresses they can do that easily as demonstrated below:

In Program.cs

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("my_auth_policy", policy =>
    {
        policy.AddAuthenticationSchemes("my_auth_scheme")
              .RequireAuthenticatedUser()
              .RequireAzureIPNetworks();
    });
});

// add accessor for HttpContext i.e. implementation of IHttpContextAccessor
builder.Services.AddHttpContextAccessor();

// add IAuthorizationHandler for approved networks
builder.Services.AddApprovedNetworksHandler();

If you however do not wish to allow the entire range of Azure IPs in a given cloud, you can provide service and region parameters to RequireAzureIPNetworks to scope the range of IPs based on the Azure service and/or region. For example:

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("my_auth_policy", policy =>
    {
        policy.AddAuthenticationSchemes("my_auth_scheme")
              .RequireAuthenticatedUser()
              .RequireAzureIPNetworks(cloud: AzureCloud.Public, service: "AzureAppService", region: "westeurope");
    });
});

// add accessor for HttpContext i.e. implementation of IHttpContextAccessor
builder.Services.AddHttpContextAccessor();

// add IAuthorizationHandler for approved networks
builder.Services.AddApprovedNetworksHandler();

Product	Compatible and additional computed target framework versions.
.NET	net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net6.0
- AzureIPNetworks (>= 1.7.0)
net7.0
- AzureIPNetworks (>= 1.7.0)
net8.0
- AzureIPNetworks (>= 1.7.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
4.7.0	123	3/25/2024
4.6.0	172	3/8/2024
4.5.0	763	11/22/2023
4.4.1	146	11/20/2023
4.4.0	144	11/15/2023
4.3.0	261	10/18/2023
4.2.2	267	9/20/2023
4.2.1	478	8/4/2023
4.2.0	593	5/31/2023
4.1.1	148	5/26/2023
4.1.0	165	5/22/2023
4.0.0	694	3/14/2023
2.5.0	971	11/21/2022
2.4.2	2,008	7/25/2022
2.4.1	2,351	3/22/2022
2.4.0	1,971	11/10/2021
2.3.1	1,585	9/20/2021
2.3.0	912	7/22/2021

Total 13.8K

Current version 123

Per day average 13

authorization