Custom attribute validation in ASP.NET Core is running before JWT token is processed

Question

asp.net core authorization

I am trying to use a custom authorization attribute to have finer control over my controller actions like this (somewhat similar to How do you create a custom AuthorizeAttribute in ASP.NET Core?)

[MyCustomAuth(Permissions="Products/Read")]
public IActionResult SomeMethod()
{
    .....
}



public class MyCustomAuthAttribute : AuthorizeAttribute, IAuthorizationFilter
    {
        public string Permissions { get; set; } //Permission string to get from controller

        public void OnAuthorization(AuthorizationFilterContext context)
        {
            //
            //read jwttoken
            //and process permissions string
            //to decide if user can run controller method
            //
            ..
        }
    }

Unfortunately the JWT authorization handler that is built into ASP.NET core (configured in startup.cs) is run only AFTER this custom attribute is code is run so I can't seem to access the JWT token and THEN process the custom auth parameters.

Is there anyway to force the JWT token to be processed first and then do an extra validation using the custom attribute?

Soundar Rajan · Answer 1 · 2020-11-11T05:29:37.877

0

I think I found a solution...it seems to work..but could someone please confirm this is the right way?

Just implement IOrderedFilter interface and set Order to a high number. This means JWT authentication will be called first and then your custom authorization filter.

public class MyCustomAuthAttribute : AuthorizeAttribute, IAuthorizationFilter
{
 ... 
 public int Order => 9999;
...
}

edited Nov 11 '20 at 05:29

answered Nov 11 '20 at 05:15

Soundar Rajan

153
1
10

Custom attribute validation in ASP.NET Core is running before JWT token is processed

1 Answers1