m-lamonaca/dev-notes
1
0
Fork 0
mirror of https://github.com/m-lamonaca/dev-notes.git synced 2025-04-08 11:56:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add new auth setup notes

Browse source
This commit is contained in:
Marcello 2022-06-15 18:30:56 +02:00
parent 8c6c9ac4a4
commit 21e0b095af
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/dotnet/asp.net/minimal-api.md
View file

@ -239,6 +239,8 @@ builder.Services.AddAuthorization(options =>
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser(); .RequireAuthenticatedUser();
}) })
// or
builder.Authentication.AddJwtBearer(); // will automatically add required middlewares
// [...] // [...]
@ -249,4 +251,15 @@ app.UseAuthorization(); // must come before routes
app.MapGet("/alcohol", () => Results.Ok()).RequireAuthorization("<policy>"); // on specific endpoints app.MapGet("/alcohol", () => Results.Ok()).RequireAuthorization("<policy>"); // on specific endpoints
app.MapGet("/free-for-all", () => Results.Ok()).AllowAnonymous(); app.MapGet("/free-for-all", () => Results.Ok()).AllowAnonymous();
app.MapGet("/special-secret", () => "This is a special secret!")
.RequireAuthorization(p => p.RequireClaim("scope", "myapi:secrets"));
```
### Local JWT Tokens
The `user-jwts` tool is similar in concept to the existing `user-secrets` tools, in that it can be used to manage values for the app that are only valid for the current user (the developer) on the current machine.
In fact, the `user-jwts` tool utilizes the `user-secrets` infrastructure to manage the key that the JWTs will be signed with, ensuring its stored safely in the user profile.
```sh
dotnet user-jwts create # configure a dev JWT fot the current user
``` ```