Merge pull request #16 from mihirdilip/5.0.0

5.0.0

Author: mihirdilip

README.md

@@ -54,10 +54,10 @@ public class Startup
 		services.AddControllers();
 
 		//// By default, authentication is not challenged for every request which is ASP.NET Core's default intended behaviour.
-		//// So to challenge authentication for every requests please use below option instead of above services.AddControllers().
-		//services.AddControllers(options => 
+		//// So to challenge authentication for every requests please use below FallbackPolicy option.
+		//services.AddAuthorization(options =>
 		//{
-		//	options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
+		//	options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 		//});
 	}
 
@@ -178,16 +178,20 @@ Required to be set. It is the name of the header if it is setup as in-header or
 #### Realm
 Required to be set if SuppressWWWAuthenticateHeader is not set to true. It is used with WWW-Authenticate response header when challenging un-authenticated requests.  
 
-#### ForLegacyIgnoreExtraValidatedApiKeyCheck
-Default value is false. 
-If set to true, IApiKey.Key property returned from IApiKeyProvider.ProvideAsync(string) method is not compared with the key parsed from the request.
-This extra check did not existed in the previous version. So you if want to revert back to old version validation, please set this to true.
-   
 #### SuppressWWWAuthenticateHeader
 Default value is false.  
 When set to true, it will NOT return WWW-Authenticate response header when challenging un-authenticated requests.  
 When set to false, it will return WWW-Authenticate response header when challenging un-authenticated requests.
 
+#### IgnoreAuthenticationIfAllowAnonymous
+Default value is false.  
+If set to true, it checks if AllowAnonymous filter on controller action or metadata on the endpoint which, if found, it does not try to authenticate the request.
+
+#### ForLegacyIgnoreExtraValidatedApiKeyCheck
+Default value is false. 
+If set to true, IApiKey.Key property returned from IApiKeyProvider.ProvideAsync(string) method is not compared with the key parsed from the request.
+This extra check did not existed in the previous version. So you if want to revert back to old version validation, please set this to true.
+
 #### Events
 The object provided by the application to process events raised by the api key authentication middleware.  
 The application may implement the interface fully, or it may create an instance of ApiKeyEvents and assign delegates only to the events it wants to process.
@@ -222,9 +226,9 @@ Please note that, by default, with ASP.NET Core, all the requests are not challe
 However, if you want all the requests to challenge authentication by default, depending on what you are using, you can add the below options line to *ConfigureServices* method on *Startup* class.
 
 ```C#
-services.AddControllers(options => 
-{ 
-    options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
+services.AddAuthorization(options =>
+{
+    options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
 });
 
 // OR

samples/SampleWebApi_2_0/SampleWebApi_2_0.csproj

@@ -12,7 +12,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="3.1.1" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.9" />
   </ItemGroup>
 

samples/SampleWebApi_2_2/SampleWebApi_2_2.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="3.1.1" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.2.0" PrivateAssets="All" />
   </ItemGroup>

samples/SampleWebApi_3_1/Properties/launchSettings.json

@@ -20,7 +20,7 @@
     "SampleWebApi_3_1": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "weatherforecast",
+      "launchUrl": "api/values",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },

samples/SampleWebApi_3_1/SampleWebApi_3_1.csproj

@@ -7,7 +7,7 @@
   <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
 
   <ItemGroup>
-    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="3.1.1" />
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
   </ItemGroup>
 
   <!--<ItemGroup>

samples/SampleWebApi_3_1/Startup.cs

@@ -50,6 +50,12 @@ public void ConfigureServices(IServiceCollection services)
                     //// Optional option to suppress the browser login dialog for ajax calls.
                     //options.SuppressWWWAuthenticateHeader = true;
 
+                    //// Optional option to ignore extra check of ApiKey string after it is validated.
+                    //options.ForLegacyIgnoreExtraValidatedApiKeyCheck = true;
+
+                    //// Optional option to ignore authentication if AllowAnonumous metadata/filter attribute is added to an endpoint.
+                    //options.IgnoreAuthenticationIfAllowAnonymous = true;
+
                     //// Optional events to override the ApiKey original logic with custom logic.
                     //// Only use this if you know what you are doing at your own risk. Any of the events can be assigned. 
                     options.Events = new ApiKeyEvents
@@ -154,10 +160,16 @@ public void ConfigureServices(IServiceCollection services)
                 // ALWAYS USE HTTPS (SSL) protocol in production when using ApiKey authentication.
                 //options.Filters.Add<RequireHttpsAttribute>();
 
-                // All the requests will need to be authorized. 
-                // Alternatively, add [Authorize] attribute to Controller or Action Method where necessary.
-                options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
             }); //.AddXmlSerializerFormatters()   // To enable XML along with JSON;
+
+            // All the requests will need to be authorized. 
+            // Alternatively, add [Authorize] attribute to Controller or Action Method where necessary.
+            services.AddAuthorization(options =>
+            {
+                options.FallbackPolicy = new AuthorizationPolicyBuilder()
+                    .RequireAuthenticatedUser()
+                    .Build();
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

samples/SampleWebApi_5_0/Controllers/ValuesController.cs

@@ -0,0 +1,35 @@
+using Microsoft.AspNetCore.Mvc;
+using System.Collections.Generic;
+using System.Text;
+
+namespace SampleWebApi_5_0.Controllers
+{
+    [Route("api/[controller]")]
+	[ApiController]
+	public class ValuesController : ControllerBase
+	{
+		// GET api/values
+		[HttpGet]
+		public ActionResult<IEnumerable<string>> Get()
+		{
+			return new string[] { "value1", "value2" };
+		}
+
+		[HttpGet("claims")]
+		public ActionResult<string> Claims()
+		{
+			var sb = new StringBuilder();
+			foreach (var claim in User.Claims)
+			{
+				sb.AppendLine($"{claim.Type}: {claim.Value}");
+			}
+			return sb.ToString();
+		}
+
+		[HttpGet("forbid")]
+		public new IActionResult Forbid()
+		{
+			return base.Forbid();
+		}
+	}
+}

samples/SampleWebApi_5_0/Program.cs

@@ -0,0 +1,20 @@
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Hosting;
+
+namespace SampleWebApi_5_0
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            CreateHostBuilder(args).Build().Run();
+        }
+
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureWebHostDefaults(webBuilder =>
+                {
+                    webBuilder.UseStartup<Startup>();
+                });
+    }
+}

samples/SampleWebApi_5_0/Properties/launchSettings.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:3920",
+      "sslPort": 44304
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "api/values",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "SampleWebApi_5_0": {
+      "commandName": "Project",
+      "dotnetRunMessages": "true",
+      "launchBrowser": true,
+      "launchUrl": "api/values",
+      "applicationUrl": "https://localhost:5001;http://localhost:5000",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

samples/SampleWebApi_5_0/SampleWebApi_5_0.csproj

@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net5.0</TargetFramework>
+  </PropertyGroup>
+
+  <Import Project="..\SampleWebApi.Shared\SampleWebApi.Shared.projitems" Label="Shared" />
+
+  <ItemGroup>
+    <PackageReference Include="AspNetCore.Authentication.ApiKey" Version="5.0.0" />
+  </ItemGroup>
+
+  <!--<ItemGroup>
+    <ProjectReference Include="..\..\src\AspNetCore.Authentication.ApiKey\AspNetCore.Authentication.ApiKey.csproj" />
+  </ItemGroup>-->
+
+</Project>