I know you can assign a handler using convention-based routing, e.g:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
var tokenHandler = new TokenValidationHandler()
{
InnerHandler = new TokenValidationHandler()
{
InnerHandler = new HttpControllerDispatcher(config)
}
};
config.Routes.MapHttpRoute(
name: "someApi",
routeTemplate: "v1/{controller}/{id}",
defaults: new object { id = RouteParameter.Optional },
constraints: null,
handler: tokenHandler
);
}
}
Is it possible to do this with attribute routing instead? What I'm trying to do is restrict some routes with a bearer token but allow other routes to allow anonymous access. Should I be using Filtering instead?
I'm interested in this also, I want a global message handler that doesn't apply to certain request types or routes to a particular controller (similar to stonetip).
Currently I'm just bypassing all logic in my handler if the request is of that type or for that controller, however I don't think this is the most efficient method:
public class MyHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.Method != HttpMethod.Get)
{
System.Web.Http.Routing.IHttpRouteData routeInfo = request.GetRequestContext().RouteData;
object objController = routeInfo.Values["controller"];
if (objController == null || objController.ToString() != "excluded")
{
//handler code for all non-excluded routes
Related
Using Net Core 7 I have Razor Pages with a culture route parameter:
#page "/{culture:validculture}/about"
I created a custom route constraint to check if culture has a valid value.
When the culture value is invalid I am redirected to a 404 error page.
public class CultureRouteConstraint : IRouteConstraint {
private readonly RequestLocalizationOptions _options;
public CultureRouteConstraint(IOptionsSnapshot<RequestLocalizationOptions> options) {
_options = options.Value;
}
public Boolean Match(HttpContext? httpContext, IRouter? route, String routeKey, RouteValueDictionary values, RouteDirection routeDirection) {
String? culture = Convert.ToString(value, CultureInfo.InvariantCulture);
List<String>? cultures = _options.SupportedCultures?.Select(x => x.TwoLetterISOLanguageName).ToList();
if (culture != null && cultures != null)
return cultures.Contains(culture, StringComparer.InvariantCultureIgnoreCase);
}
}
This works great if I hardcode de valid cultures, e.g:
List<String>? cultures = new() { "en", "pt" };
But if I inject RequestLocalizationOptions I get the error:
RouteCreationException: An error occurred while trying to create an instance of 'CultureRouteConstraint'.
Maybe I need to use a Middleware for this? How can I do this?
Just because IOptionsSnapshot Is registered as Scoped and therefore can't be injected into a Singleton service.
You could try with IOptions (Not Options<>)instead If you don't have to update the options for different request),For Example,I tried as below and it works well in my case:
In program.cs:
builder.Services.Configure<RequestLocalizationOptions>(opts =>
{
var supportedcultures = new List<CultureInfo>()
{
new CultureInfo("en-US"),
new CultureInfo("zh-CN")
};
opts.SupportedCultures = supportedcultures;
opts.SupportedUICultures= supportedcultures;
});
builder.Services.AddRazorPages();
builder.Services.AddRouting(options =>
options.ConstraintMap.Add("validculture", typeof(CultureRouteConstraint)));
var app = builder.Build();
The constraint:
public class CultureRouteConstraint : IRouteConstraint
{
private readonly RequestLocalizationOptions _options;
public CultureRouteConstraint(IOptions<RequestLocalizationOptions> options)
{
_options = options.Value;
}
public Boolean Match(HttpContext? httpContext, IRouter? route, String routeKey, RouteValueDictionary values, RouteDirection routeDirection)
{
String? culture = Convert.ToString(values["culture"], CultureInfo.InvariantCulture);
List<String>? cultures = _options.SupportedCultures?.Select(x => x.TwoLetterISOLanguageName).ToList();
if (culture != null && cultures != null)
return cultures.Contains(culture, StringComparer.InvariantCultureIgnoreCase);
else
return false;
}
}
The Result:
You could also check the document related
Looks like you are using DI to inject the RequestLocalizationOptions into your CultureRouteConstraint class. However, the IRouteConstraint interface does not support DI, so you cannot inject dependencies into it directly.
One option you could consider is using a middleware to handle the routing constraint. The middleware could use DI to inject the RequestLocalizationOptions and then check the culture value before passing control to the appropriate Razor page.
Here's an example of what this might look like:
public class CultureMiddleware
{
private readonly RequestDelegate _next;
private readonly RequestLocalizationOptions _options;
public CultureMiddleware(RequestDelegate next, IOptionsSnapshot<RequestLocalizationOptions> options)
{
_next = next;
_options = options.Value;
}
public async Task InvokeAsync(HttpContext context)
{
// Check the culture value
string culture = context.Request.RouteValues["culture"].ToString();
if (!_options.SupportedCultures.Select(x => x.TwoLetterISOLanguageName).Contains(culture, StringComparer.InvariantCultureIgnoreCase))
{
// Redirect to a 404 page if the culture value is invalid
context.Response.StatusCode = 404;
return;
}
// If the culture value is valid, pass control to the next middleware
await _next(context);
}
}
Seems like you cannot use a DI constructor when working with implementations of IRouteConstraint, but you have the HttpContext in your Match method. So, you can resolve the IOptionsSnapshot from there. This should work:
var opts = ctx
.RequestServices
.GetService<IOptionsSnapshot<RequestLocalizationOptions>>();
I have two GET methods on my API controller. When I attempt to call the GetByCompanyId method, which I have decorated with the Route Attribute, the request instead is being routed to the GetById method. Below are the relevant code files.
global.ascx.cs
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
}
webApiConfig
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.EnableCors();
config.Formatters.JsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
route.config
public class RouteConfig
{
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
);
}
}
CompanyFunctionsController.cs
public IHttpActionResult GetById(int id)
{
var companyFunction = this._service.GetByKey(new object[] { id });
if (companyFunction != null)
{
var companyFunctionDto = Mapper.Map<CompanyFunctionDto>(companyFunction);
return Ok(companyFunctionDto);
}
return NotFound();
}
[Route("CompanyFunctions/GetByCompanyId", Name = "GetByCompanyId")]
[HttpGet]
public IEnumerable<CompanyFunctionDto> GetByCompanyId(int id)
{
var collection = this._service.GetAll().ToList().Where(x => x.CompanyId == id);
IEnumerable<CompanyFunctionDto> collectCompanyFunctionDtos = Mapper.Map<IEnumerable<CompanyFunctionDto>>(collection);
return collectCompanyFunctionDtos;
}
My HTTP request:
http://localhost:1317/api/CompanyFunctions/GetByCompanyId?id=1
If you want to have a route that starts with api like http://localhost:1317/api/CompanyFunctions/GetByCompanyId?id=1 then you must use the string api in your route attribute that you want it to go to.
[Route("api/CompanyFunctions/GetByCompanyId", Name = "GetByCompanyId")]
Otherwise it will only match based on the http verb (Get in this case).
Alternatively you can decorate the web api controller with the [RoutePrefix("api/CompanyFunctions")] attribute as well and change your Route attribute to [Route("GetByCompanyId", Name = "GetByCompanyId")]
Web API 2 supports a new type of routing, called attribute routing. As the name implies, attribute routing uses attributes to define routes. Attribute routing gives you more control over the URIs in your web API
You might use Attribute Routing in Web Api to solve your problems. Your Controller Action should be like this,
[Route("CompanyFunctions/GetByCompanyId/{companyId}"]
public IEnumerable<CompanyFunctionDto> GetByCompanyId(int companyId)
{
var collection = this._service.GetAll().ToList().Where(x => x.CompanyId == companyId);
IEnumerable<CompanyFunctionDto> collectCompanyFunctionDtos = Mapper.Map<IEnumerable<CompanyFunctionDto>>(collection);
return collectCompanyFunctionDtos;
}
and your HTTP request is http://localhost:1317/CompanyFunctions/GetByCompanyId/1
There is no easy way to get an access to a CookieContainer in response object running integration tests with AspNet.TestHost.TestServer. Cookies have to be set by the controller action. What is the best way to achieve that?
var client = TestServer.Create(app =>
{
app.UseMvc(routes =>
routes.MapRoute("default", "{controller}/{action}/{id?}"));
app.UseIdentity();
}).CreateClient();
var request = new HttpRequestMessage(HttpMethod.Get, "account/login");
var response = await client.SendAsync(request);
// how to get an access to cookie container ?????????
// response.Cookies prop doesn't exist
Assert.NotEmpty(response.Cookies["auth"]);
Solution that I see is to extend instance of the TestServer, return instance of a class CustomClientHandler : ClientHandler and override the whole process of sending a request in that handler, but it needs literally to change all logic except relatively small code of the TestServer.
Any better suggestion how to implement an access to Cookies in a response?
As an addition to #Oleh's response, you can achieve the same without reflection on newer frameworks like .NET 4.6.1+ / .NET Core
public class TestHttpClientHandler : DelegatingHandler
{
[NotNull]
private readonly CookieContainer cookies = new CookieContainer();
public TestHttpClientHandler([NotNull] HttpMessageHandler innerHandler)
: base(innerHandler) { }
[NotNull, ItemNotNull]
protected override async Task<HttpResponseMessage> SendAsync([NotNull] HttpRequestMessage request, CancellationToken ct)
{
Uri requestUri = request.RequestUri;
request.Headers.Add(HeaderNames.Cookie, this.cookies.GetCookieHeader(requestUri));
HttpResponseMessage response = await base.SendAsync(request, ct);
if (response.Headers.TryGetValues(HeaderNames.SetCookie, out IEnumerable<string> setCookieHeaders))
{
foreach (SetCookieHeaderValue cookieHeader in SetCookieHeaderValue.ParseList(setCookieHeaders.ToList()))
{
Cookie cookie = new Cookie(cookieHeader.Name.Value, cookieHeader.Value.Value, cookieHeader.Path.Value);
if (cookieHeader.Expires.HasValue)
{
cookie.Expires = cookieHeader.Expires.Value.DateTime;
}
this.cookies.Add(requestUri, cookie);
}
}
return response;
}
}
I've implemented custom HttpMessageHandler that tracks cookies.
It uses reflection to invoke the actual handler and just reads/sets Cookie headers.
class TestMessageHandler : HttpMessageHandler
{
delegate Task<HttpResponseMessage> HandlerSendAsync(HttpRequestMessage message, CancellationToken token);
private readonly HandlerSendAsync nextDelegate;
private readonly CookieContainer cookies = new System.Net.CookieContainer();
public TestMessageHandler(HttpMessageHandler next)
{
if(next == null) throw new ArgumentNullException(nameof(next));
nextDelegate = (HandlerSendAsync)
next.GetType()
.GetTypeInfo()
.GetMethod("SendAsync", BindingFlags.NonPublic | BindingFlags.Instance)
.CreateDelegate(typeof(HandlerSendAsync), next);
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
request.Headers.Add("Cookie", cookies.GetCookieHeader(request.RequestUri));
var resp = await nextDelegate(request, cancellationToken).ConfigureAwait(false);
if (resp.Headers.TryGetValues("Set-Cookie", out var newCookies))
{
foreach (var item in SetCookieHeaderValue.ParseList(newCookies.ToList()))
{
cookies.Add(request.RequestUri, new Cookie(item.Name, item.Value, item.Path));
}
}
return resp;
}
}
And then you create your HttpClient like this:
var httpClient = new HttpClient(
new TestMessageHandler(
server.CreateHandler()));
TestMessageHandler now takes care of tracking cookies.
For a dotnet core integration test approach like the one described in the docs here, you can get cookies with the following code:
public class CookieTests : IClassFixture<WebApplicationFactory<Startup>>
{
private readonly WebApplicationFactory<Startup> _factory;
public CookieTests(WebApplicationFactory<Startup> factory)
{
_factory = factory;
}
[Fact]
public async Task GetPage_ShouldSetCookie_CookieSet()
{
using (var client = _factory.CreateClient())
{
var response = await client.GetAsync("/cookie_setting_url");
response.EnsureSuccessStatusCode();
//or other assertions
Assert.True(response.Headers.TryGetValues(HeaderNames.SetCookie, out IEnumerable<string> cookies));
}
}
}
The proper way, using minimal code getting cookies
in Asp.Net Core Functional Tests is as follows, (I leave out init code for setting up WebApplicationFactory, which is known stuff)
The given examples above, require either reflection (Since I think MS made a design bug on not exposing the default handlers) or require cookie parsing, which is annoying in 2023.
private (HttpClient, CookieContainerHandler) GetHttpClient()
{
CookieContainerHandler cookieContainerHandler = new();
var client = _factory.WithWebHostBuilder(builder =>
{
builder.ConfigureTestServices(services =>
{
services.AddAuthentication(defaultScheme: "YourSchema")
.AddScheme<AuthenticationSchemeOptions, TestAuthHandler>(
"TestAzure", options => { });
});
}).CreateDefaultClient(cookieContainerHandler);
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(scheme: "YourSchema");
return (client, cookieContainerHandler);
}
[Fact]
public async Task MyUnitTest()
{
// Arrange
var (client, cookieHandler) = GetHttpClient();
// Act PUT/GET/POST etc
var response = await client.PutAsync("youruri", null);
var sessionCookie = cookieHandler.Container.GetAllCookies().FirstOrDefault(f => f.Name == "yourcookie"); // note this ignores cookie domain policy
}
I am trying to write my own authentication, so I inherited CredentialsAuthProvider and have overridden the Authenticate method. Auth is working fine, also when i call another service i can see all data that i saved in the session.
The Problem is: When i try add the Authenticate attribute and call it from a client, it goes and throws an Unauthorized exception, even if i want to use Requered Role.
Auth service is:
public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
return true;
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request)
{
session.FirstName = "Name";
//...
session.Authenticate = true;
session.UserName = request.UserName;
session.Roles = new List<string>;
session.Roles.Add("admin")
//....
authService.SaveSession(session, SessionExpiry);
// Return custom object
return new UserAuthResponse { SessionId = session.Id ......};
}
AppHost is:
public override void Configure(Container container)
{
Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] {
new CustomCredentialsAuthProvider()
}));
Plugins.Add(new RegistrationFeature());
container.Register<ICacheClient>(new MemoryCacheClient());
var userRep = new InMemoryAuthRepository();
container.Register<IUserAuthRepository>(userRep);
}
and test service:
[Authenticate]
public class TestService : Service {
public object Any(UserRequest request) {
return new UserResponse{Name = request.Name};
}
}
It is not real code, so sorry for syntax mistake!))))
But the idea is the same! Help me please what is wrong, why I got Unauthorized exception when i call Test service??????????
When I had this issue, I had to create a custom authenticate attribute [CustomAuthenticate] with guidance from this gist -> https://gist.github.com/joeriks/4518393
In the AuthenticateIfBasicAuth method, I set provider to use MyAuthProvider.Name instead of BasicAuthProvider.Name
Then,
[CustomAuthenticate]
public class TestService : Service {
public object Any(UserRequest request) {
return new UserResponse{Name = request.Name};
}
}
Also see: http://joeriks.com/2013/01/12/cors-basicauth-on-servicestack-with-custom-authentication/
I'm building a Web API service using OData, and would like to expose a method as an Action in the service as follows.
http://myServer/odata/myAction
I'm currently mapping the OData routes as follows:
Dim modelBuilder As ODataModelBuilder = New ODataConventionModelBuilder
modelBuilder.EntitySet(Of Product)("Products")
Dim myAction = modelBuilder.Action("myAction")
myAction.Parameter(Of String)("Parameter1")
myAction.Returns(Of Boolean)()
Dim model As IEdmModel = modelBuilder.GetEdmModel
config.Routes.MapODataRoute("ODataRoute", "odata", model)
This wonderful tutorial shows how to associate an action with an entity like this:
http://myServer/odata/Products(1)/myAction
Following the tutorial, I can then write the method for the action in the ProductsController class after creating the model with the following line:
Dim myAction = modelBuilder.Entity(Of Product).Action("myAction")
However, if I don't want to associate the action with an entity, where would I write the method for the action? Is there a DefaultController class I need to write?
We currently do not have support for this out of the box, but its very easy to do it yourself. Example below (This nice sample is actually from Mike Wasson which is yet to be made public :-))
------------------------------------------------------
// CreateMovie is a non-bindable action.
// You invoke it from the service root: ~/odata/CreateMovie
ActionConfiguration createMovie = modelBuilder.Action("CreateMovie");
createMovie.Parameter<string>("Title");
createMovie.ReturnsFromEntitySet<Movie>("Movies");
// Add a custom route convention for non-bindable actions.
// (Web API does not have a built-in routing convention for non-bindable actions.)
IList<IODataRoutingConvention> conventions = ODataRoutingConventions.CreateDefault();
conventions.Insert(0, new NonBindableActionRoutingConvention("NonBindableActions"));
// Map the OData route.
Microsoft.Data.Edm.IEdmModel model = modelBuilder.GetEdmModel();
config.Routes.MapODataRoute("ODataRoute", "odata", model, new DefaultODataPathHandler(), conventions);
--------------------------------------------------------------
// Implements a routing convention for non-bindable actions.
// The convention maps "MyAction" to Controller:MyAction() method, where the name of the controller
// is specified in the constructor.
public class NonBindableActionRoutingConvention : IODataRoutingConvention
{
private string _controllerName;
public NonBindableActionRoutingConvention(string controllerName)
{
_controllerName = controllerName;
}
// Route all non-bindable actions to a single controller.
public string SelectController(ODataPath odataPath, System.Net.Http.HttpRequestMessage request)
{
if (odataPath.PathTemplate == "~/action")
{
return _controllerName;
}
return null;
}
// Route the action to a method with the same name as the action.
public string SelectAction(ODataPath odataPath, System.Web.Http.Controllers.HttpControllerContext controllerContext, ILookup<string, System.Web.Http.Controllers.HttpActionDescriptor> actionMap)
{
if (controllerContext.Request.Method == HttpMethod.Post)
{
if (odataPath.PathTemplate == "~/action")
{
ActionPathSegment actionSegment = odataPath.Segments.First() as ActionPathSegment;
IEdmFunctionImport action = actionSegment.Action;
if (!action.IsBindable && actionMap.Contains(action.Name))
{
return action.Name;
}
}
}
return null;
}
}
--------------------------------------------------
// Controller for handling non-bindable actions.
[ODataFormatting]
[ApiExplorerSettings(IgnoreApi = true)]
public class NonBindableActionsController : ApiController
{
MoviesContext db = new MoviesContext();
[HttpPost]
public Movie CreateMovie(ODataActionParameters parameters)
{
if (!ModelState.IsValid)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
string title = parameters["Title"] as string;
Movie movie = new Movie()
{
Title = title
};
db.Movies.Add(movie);
db.SaveChanges();
return movie;
}
protected override void Dispose(bool disposing)
{
db.Dispose();
base.Dispose(disposing);
}
}