Authentication variable in Web API header - asp.net-core-webapi

I am creating an ASP.NET Core 6.0 Web API.
This is my controller
public virtual IActionResult GetStatus([FromHeader][Required()] string authorization, [FromRoute][Required] string requestId)
{ }
Problem is the request header is not accepting a parameter with name authorization. If I change name to something else it works fine. But when I change name to authorization, it is not working. I added a middleware and see that the request header does not have authorization in header.
My organization specification wants the name to be authorization only so I can not have any other name here.
Is there any way a Web API endpoint can accept a parameter named "authorization".
I tried creating a custom AuthenticationHandler, it does not solve the problem.

Is there any way a Web API endpoint can accept a parameter named
"authorization"
Reason: 1
Well, your issue is pretty obvious. You may hear about reserved keyword. Like in C# there are some compiler-reserve key for example static, class public and so on. We cannot set variable name as reserve key word.
If you navigate to System.Net.Http.Headers namespace and then move to below details, you would see Authorization is a reserve key word for HttpClientb request and its not wise to manipulate that system reserve word at all.
client.DefaultRequestHeaders.Authorization
Reason: 2
Likewise, if you use or attached Swagger in your program.cs so no longer you cannot use authorization, Content-Type, Accept as your self defined parameter, even if you use it will be skipped. However, Postman can allow you to do that. You can check swagger official reference here.
You can see the example below:
Swagger Request:
Postman Request:
Note:
Apparently, you can ommit swagger then it might work. Nonetheless, if you are using Authorization and Authentication within your application, then you might face unexpected issues if you still stick to use authorization as your custom parameter.

Related

Get the entire request being sent to Pact from Provider - C#

I need to add a signature to my request before it is tested. Hence before Pact testing happens on provider side, i need to add a signature which is generated based on the entire request. Is there a way to get the request before Pact Verification happens, so i can generate and add the signature ?
PS: I already added some other headers using CustomHeaders. But i need the request itself to generate the signature. This is for C#

Automatically adding custom header to message based on request scope

RequestClients in my ApiGateway are injected (using default MS DI) in HTTP request handlers (in those handlers I have access to current request scope). What I want is to automatically, for each RequestClient, to add custom message header where I could put some data from request scope. Use case is to take JWT from request and add it to message as custom header. Then on consumer side I need, for each received request, check that custom header, verify JWT, and add some data from it to consumed request scope so I could access for example IUserContext or something like that. I want to avoid manually adding jwt to message contract for example.
How I can configure MassTransit on Client and Consumer side to achieve what I want? I already read docs about middleware and pipes and observers but still I can't figure it out...
Using RabbitMQ transport.
So, this is pretty complicated to put into a post, so I created a complete sample that shows how to use MassTransit Scoped Filters.
In this sample, an action filter is registered with the controllers to automatically extract the Token header and store it so that it can be used when publishing or sending messages from a controller. The MassTransit filters are configured on the bus, so they're available to all receive endpoints.

How to get Http header values in Apache Camel- Jersey Rest API

I have an application which uses Apache Camel to build an API. It basically uses blueprint.xml to define routes and processing is done by a bean(please note its not any processor bean. Just a plain Java bean). It uses Jersey client to invoke the backend system Rest API.
My requirement is to get the http headers in the code to be able to send them to our custom logging system.
a) I tried #httpHeaders annotation but this does not inject the headers on my code.
b) Since its not using any BeanProcessor i dont have an Exchange object from where i can get the header values.
Please help with a way to get header values on the code.
Add the request context to your class
#Context
private HttpServletRequest request;
and get the headers in your endpoint using request.getHeader
Returns the value of the specified request header as a String.

Symfony2 Routes only for sub-requests

I am creating an advanced app that uses websocket instead of ajax for dynamic interaction. My WebSocket messages are handled like HTTP Requests, they contain a json-encoded array of path and parameters, which will be converted to a Request. Now the HttpKernel handles this request like every other HTTP request (as sub-request). The only problem is, that the routes for websocket messages are public avaible.
Has anyone an idea how to allow only internal access for a route in this situation?
This answer explains why the firewall configuration can't be used to block routes by name as it uses the RequestMatcher which allows only path regexes and not route names.

Is there a default http request header to identify the user making a request?

In the data model behind my RESTful API there are several entities with the CreatedBy/ModifiedBy fields. The only access to this data is through my API, and as such, the fields should be populated with the user id of the user making the request to my API.
I have considered either adding these fields to the models exposed by my API or expecting a request header containing the user id on all PUT/POST/DELETE requests. I would be interested in any opinions as to which approach is best, or any other approach.
I like the idea of providing it in the header since it is necessary for every request and I am wondering if there is a standard request header to contain the information, or a common x-header.
I have seen the from request header; however, it seems to be defined as the email address of the user making the request and I need to pass the user id.
In our current implementation, we use the authorization header to authenticate the calling application with the API, and not for a specific user.
Which header would you use to pass information to identify the user making a request?
You can extend the Authorization header to add your own parameters. Both the Digest and OAuth authorization schemes support parameters. The Basic scheme already have the user credentials readable. Something like:
Authorization: OAuth realm="Photos",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131200",
oauth_nonce="wIjqoS",
oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready",
oauth_signature="74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D",
xoauth_user_guid="alganet"
Yahoo! does something similar with their OAuth implementation, but in another context.
http://developer.yahoo.com/oauth/guide/oauth-accesstoken.html.
However, if these fields are shown or exposed somehow in your public API, they belong to RESTful resources and should be represented always in the body, not the headers. If you GET the username in the message body, you should POST the username using the message body as well.
Assuming you can use HttpClient
HttpClient client = HttpClientManager.getNewClient();
HttpMethod get = new GetMethod(...);
get.addRequestHeader("x-newHeader", "value");
more here
OR using URLConnection using setRequestParameter

Resources