0

I have implemented the ClaimRequirementFilter, but the OnAuthorization method isn't called. The next line of code is added to the ConfigureServices method of the Startup class:

services.AddMvc(config => config.Filters.Add(typeof(ClaimRequirementFilter)));

I am using the next namespaces:

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
Odrai
  • 1,793
  • 1
  • 23
  • 46
  • Do you add authorization and authentication ? – agua from mars Sep 13 '18 at 14:02
  • @aguafrommars I have implemented public AuthenticationFilter(RequestDelegate next) and used app.UseMiddleware(); in the Startup class. If you mean something else, could you please explain the correct way to implement the authenication/ authorization parts. I would like to authenticate (calling an SSO api in the AuthenticationFilter) and within the ClaimRequirementFilter I want to check if the logged in user has a certain permission to execute a request. – Odrai Sep 13 '18 at 14:19
  • Personnaly I prefer to use a Policy to check for claims : https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1 – agua from mars Sep 13 '18 at 14:26
  • And use OpenIdConnect and Authentication middleware : https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x?view=aspnetcore-2.1 – agua from mars Sep 13 '18 at 14:30
  • What's your SSO ? I don't think you need a custom Authentication middleware – agua from mars Sep 13 '18 at 14:32
  • @aguafrommars The SSO is created by one of our teams. We are using a permission based strategy, so every function will get a Permission attribute. I don't like the Policy check, because I would have to define one policy for every permission. Could you indicate why the current implementation doesn't work? – Odrai Sep 13 '18 at 14:41
  • Did you register your filter in DI like sevice.AddScopped() ? – agua from mars Sep 13 '18 at 14:54
  • Did you add Authorization ? `services.AddAuthorization()` – agua from mars Sep 13 '18 at 15:01
  • @Odrai I fail to reproduce your issue with implementing `ClaimRequirementFilter`. Is there any reproducable project? Here is my test project [ClaimRequirementFilter](https://github.com/Edward-Zhou/AspNetCore/blob/master/MVCPro/ActionFilters/ClaimRequirementFilter.cs). – Edward Sep 14 '18 at 06:31
  • @TaoZhou Thanks for the test project, the OnAuthorization method is called! I have implemented the 'ClaimRequirementAttribute' as wel, but it results in a System.InvalidOperationException: Unable to resolve service for type 'System.Security.Claims.Claim' while attempting to activate 'MyNamespace.ClaimRequirementFilter'. Could you point me in the right direction to solve this issue? – Odrai Sep 14 '18 at 09:47

1 Answers1

0

For resolving op's issue related with OnAuthorization is not called, share the working demo.

Unable to resolve service for type 'System.Security.Claims.Claim' while attempting to activate 'MyNamespace.ClaimRequirementFilter'.

For this error, define your own Claim like 

  public class Claim
{
    public string Type { get; set; }
    public string Value { get; set; }
}

And register it in Startu.cs like 

services.AddTransient<Claim>();
        services.AddMvc(c =>
                        {
                            c.Filters.Add(typeof(RequestLoggerActionFilter));
                            c.Filters.Add(typeof(ClaimRequirementFilter));
                        }).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
Edward
  • 22,080
  • 7
  • 44
  • 80
  • Thanks, but this results in the next error: " A suitable constructor for type 'MyNamespace.ClaimRequirementFilter' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor." – Odrai Sep 14 '18 at 10:01
  • @Odrai you could download this [project](https://github.com/Edward-Zhou/AspNetCore/tree/master/MVCPro) for complete code. – Edward Sep 14 '18 at 10:02
  • I am using your test project, but it doesn't contain the attribute. – Odrai Sep 14 '18 at 10:10
  • The constructor of the ClaimRequirementFilter is called twice. The Claim object (parameter) properties are null during the first call and in the second they are filled. The OnAuthorization is only called once, using the null values. – Odrai Sep 14 '18 at 11:32