2

Looking for suggestions of how to go about this:

I have an asp.net core 2 webapi project secured with JWT authentication and user role authorization.

I added a 3rd party middleware in my asp.net webapi that exposes metrics endpoints.

I can set the endpoint route and port in the metrics middleware but there is no option for authorization.

I would like to secure those endpoints the same as my own API endpoints so only a certain role can access them, but not sure how to go about this, perhaps some other custom middleware lower down the chain that spots those routes and checks for the JWT?

Improve this question
0

1 Answer 1

Reset to default
2

You have the right idea, below is an example of how you could secure that by endpoint.

public class MyAuthorizeMiddleware
{
    private readonly RequestDelegate _next;

    public MyAuthorizeMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task Invoke(HttpContext context)
    {
        if (context.Request.Path.StartsWithSegments("/endpoint")
            && !context.User.Identity.IsAuthenticated)
        {
            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
            return;
        }

        await _next.Invoke(context);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.