Share via

Disable class authorize

Silvandro Oliveira 0 Reputation points
2023-02-28T12:06:43.4733333+00:00

I would like to know if it is possible to ignore authorization in just one class, because even if I add the [AllowAnonymous] attribute to the class, it needs the JWT token, but this class that will generate the token and it cannot go through the authorization process.

Developer technologies C#
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Farias 755 Reputation points
    2023-02-28T16:34:36.97+00:00

    Yes, it is possible to ignore authorization in just one class in ASP.NET Web API. You can achieve this by implementing a custom IAuthorizationFilter attribute and decorating your controller or action method with it. Here's an example of how you can do this:

    1. Create a custom AllowAnonymousFilter class that implements IAuthorizationFilter:
        using System.Web.Http.Controllers;
    using System.Web.Http.Filters;
    
    public class AllowAnonymousFilter : IAuthorizationFilter
    {
        public bool AllowMultiple => false;
    
        public Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
        {
            // Add logic to check if the request is for the class that generates the JWT token.
            // If it is, allow the request to proceed without performing authorization.
            if (actionContext.ControllerContext.Controller.GetType() == typeof(TokenController))
            {
                return continuation();
            }
    
            // Otherwise, perform the default authorization checks.
            // You can use the [Authorize] attribute to decorate other controllers or actions
            // that require authorization.
            var user = actionContext.RequestContext.Principal;
            if (user == null || !user.Identity.IsAuthenticated)
            {
                var response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
                {
                    ReasonPhrase = "Authentication failed"
                };
                var tsc = new TaskCompletionSource<HttpResponseMessage>();
                tsc.SetResult(response);
                return tsc.Task;
            }
    
            return continuation();
        }
    }
    ```
    
    
1. Decorate your controller or action method with the **`AllowAnonymousFilter`** attribute:
    
    
```aspx-csharp
    [AllowAnonymousFilter]
    public class TokenController : ApiController
    {
        // Your code for generating the JWT token goes here
    }
    ```
    
    
This will allow requests to the **`TokenController`** to proceed without performing authorization, even if the **`[AllowAnonymous]`** attribute is not working as expected. For all other controllers or actions that require authorization, you can continue to use the **`[Authorize]`** attribute as usual.


----------
**Please, if this answer is helpful, click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please let me know.**
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.