Set API authentication using Auth0. API endpoints require Authorized JWT

2026-06-06 00:36:39 +00:00 · 2020-02-19 22:47:41 +01:00 · 2020-02-19 22:47:41 +01:00 · 83dcab1c15
commit 83dcab1c15
parent e59676d04a
14 changed files with 44 additions and 48 deletions
--- a/Controllers/AppUsersController.cs
+++ b/Controllers/AppUsersController.cs
@ -1,15 +1,15 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
 using TicketManager.Models;
 using Microsoft.AspNetCore.Authorization;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/v1/[controller]")]
    [ApiController]
    public class UsersController : ControllerBase
--- a/Controllers/AssignmentsController.cs
+++ b/Controllers/AssignmentsController.cs
@ -1,8 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@ -10,6 +9,7 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/[controller]")]
    [ApiController]
    public class AssignmentsController : ControllerBase
--- a/Controllers/FilesController.cs
+++ b/Controllers/FilesController.cs
@ -1,8 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@ -10,6 +9,7 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/v1/[controller]")]
    [ApiController]
    public class FilesController : ControllerBase
--- a/Controllers/HistoriesController.cs
+++ b/Controllers/HistoriesController.cs
@ -1,8 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@ -10,6 +9,7 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/v1/[controller]")]
    [ApiController]
    public class HistoriesController : ControllerBase
--- a/Controllers/NotesController.cs
+++ b/Controllers/NotesController.cs
@ -1,8 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@ -10,6 +9,7 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/v1/[controller]")]
    [ApiController]
    public class NotesController : ControllerBase
--- a/Controllers/ProjectsController.cs
+++ b/Controllers/ProjectsController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@ -8,6 +9,8 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    // [Authorize(Roles = "Admin")]
    [Authorize]
    [Produces("application/json")]
    [Route("api/v1/[controller]")]
    [ApiController]
--- a/Controllers/TicketsController.cs
+++ b/Controllers/TicketsController.cs
@ -1,8 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using TicketManager.Data;
@ -10,6 +8,7 @@ using TicketManager.Models;
 namespace TicketManager.Controllers
 {
    [Authorize]
    [Route("api/v1/[controller]")]
    [ApiController]
    public class TicketsController : ControllerBase
--- a/README.md
+++ b/README.md
@ -41,7 +41,5 @@
 - Ensure Tickets Edits belong to Project Edits
 - Ensure Tickets Files belong to Project Files
 - Async model methods ?
 - setMembers & removeMembers from project api not working
 - Write a query class to refactor code and optimize perf on get queries (AsNoTracking)
 - repository + strategy to decouple controllers from DbContext. Easier testing
 - update assignments automatically from context
 - use PATCH instead of PUT
--- a/Scripts/cleanDevDb.sh
+++ b/Scripts/cleanDevDb.sh
@ -1,5 +0,0 @@
 rm -r Migrations
 rm app.db
 dotnet ef migrations add Migration1 
 dotnet ef database update
 dotnet run
--- a/Scripts/scaffoldControllers.sh
+++ b/Scripts/scaffoldControllers.sh
@ -1,6 +0,0 @@
 rm Controllers/AppUsersController.cs
 rm Controllers/TicketsController.cs
 rm Controllers/ProjectsController.cs
 dotnet aspnet-codegenerator controller -name AppUsersController -async -api -m AppUser -dc AppDbContext -outDir Controllers  
 dotnet aspnet-codegenerator controller -name TicketsController -async -api -m Ticket -dc AppDbContext -outDir Controllers  
 dotnet aspnet-codegenerator controller -name ProjectsController -async -api -m Project -dc AppDbContext -outDir Controllers  
--- a/Startup.cs
+++ b/Startup.cs
@ -19,6 +19,7 @@ using TicketManager.Data;
 using TicketManager.Models;
 using Microsoft.AspNetCore.Mvc.NewtonsoftJson;
 using Newtonsoft.Json;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 [assembly: ApiController]
 namespace TicketManager
@ -32,7 +33,6 @@ namespace TicketManager
        public IConfiguration Configuration { get; }
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddDbContext<AppDbContext>(options =>
@ -40,12 +40,26 @@ namespace TicketManager
            services.AddScoped<IProjectRepository, ProjectRepository>();
            services.AddScoped<IAppUserRepository, AppUserRepository>();
            services.AddScoped<ITicketRepository, TicketRepository>();
-            services.AddControllers()
+
-            .AddNewtonsoftJson(options =>
+            services.AddAuthentication(options =>
            {
-                options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; // avoid cycle ref errors
+                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.Authority = "https://dev-fyjrvohx.auth0.com/";
                options.Audience = "https://localhost:5001/api/V1/";
                //options.Authority = $"https://{Configuration["Auth0:Domain"]}/";
                //options.Audience = Configuration["Auth0:Audience"];
            });
            services.AddControllers()
                .AddNewtonsoftJson(options =>
                    {
                        options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; // avoid cycle ref errors
                    }
                );
            services.AddSpaStaticFiles(configuration =>
            {
                configuration.RootPath = "client/build";
@ -72,17 +86,12 @@ namespace TicketManager
            services.AddSwaggerGenNewtonsoftSupport(); // explicit opt-in - needs to be placed after AddSwaggerGen()
        }
        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
-                var repository = serviceProvider.GetRequiredService<IProjectRepository>();
+                // var repository = serviceProvider.GetRequiredService<IProjectRepository>();
                // InitializeDatabaseAsync(repository).Wait()
            }
            else
            {
@ -92,7 +101,6 @@ namespace TicketManager
            app.UseHttpsRedirection();
            app.UseDefaultFiles();
            app.UseSwagger();
            app.UseSwaggerUI(c =>
@ -100,11 +108,9 @@ namespace TicketManager
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "Ticket Manager API v1");
            });
            app.UseSpaStaticFiles();
            app.UseRouting();
-
+            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
@ -123,9 +129,4 @@ namespace TicketManager
            });
        }
    }
-}
+}
--- a/TicketManager.csproj
+++ b/TicketManager.csproj
@ -16,6 +16,9 @@
    <ItemGroup>
    </ItemGroup>
    <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.2.0" />
        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.2" />
        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.2" />
        <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="3.1.1" />
        <PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="3.1.1" />
        <PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="3.1.1" />
--- a/appsettings.json
+++ b/appsettings.json
@ -10,5 +10,9 @@
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "Sqlite": "Data Source=app.db"
  },
  "Auth0": {
    "Domain": "https://dev-fyjrvohx.auth0.com/",
    "Audience": "https://localhost:5001/api/V1/"
  }
 }
--- a/client/src/react-app-env.d.ts
+++ b/client/src/react-app-env.d.ts
@ -1 +0,0 @@
 /// <reference types="react-scripts" />