Windows Authentication & Authorization In ASP.NET Core + Angular Web Application
Introduction
Windows Authentication is used to authenticate users in ASP.NET Core application with the help of the operating system and Authorization helps us to restrict the access of applications based on the role of the user. Windows Authentication is very useful in intranet applications where users are in the same domain. Traditional MVC authorize filter approach will not work when you are dealing with API controller therefore we will see the claim based approach to authenticate and authorize the users in .net core web application.
Create a web application and Configure Windows authentication
We can create a core web application using Visual Studio by using the template. Select File >> New >> select ASP.NET Core Web Application>>Angular accordingly it will create project structure in the selected format.
After completing this step we need to configure windows authentication for the created project for that right-click on project name >>properties >> Debug >> Enable windows authentication.
Implementing class to handle authorization based on roles
ClaimsTransformer class is used to add Roles (which are just another type of claim) to a Principal. This is done by implementing IClaimsTransformation and it will run each time an action is called from a Controller that has Authorization Rules. I have used claiminfo.RoleClaimType below. This is important because Roles don’t always go by the same name when they are stored as Claims.
Code Base:
using System.Security.Claims;using System.Threading.Tasks;using Microsoft.AspNetCore.Authentication;using WinAuthentication;public class ClaimsTransformer : IClaimsTransformation{userService _userservice=new userService();public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal){var claiminfo = (ClaimsIdentity)principal.Identity;//performing operation for getting only windows username which is stored in databasestring[] Name = claiminfo.Name.Split(“\\”);//userservice call for getting role name for logged in id from databasevar role = _userservice.GetRoles(Name[1]);var c = new Claim(claiminfo.RoleClaimType, role);claiminfo.AddClaim(c);return Task.FromResult(principal);}}
userService is added to fetch the roles from the database for particular logged in username.
After creating this class you need to configure this class inside a startup.cs file as shown below,
Code Base:
public void ConfigureServices(IServiceCollection services){services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);// In production, the Angular files will be served from this directoryservices.AddSpaStaticFiles(configuration =>{configuration.RootPath = “ClientApp/dist”;});services.AddSingleton<IClaimsTransformation, ClaimsTransformer>();}
Declaring required roles on the Controllers with Authorize attribute
To restrict access to certain roles on your controller and controller routes, you must use the AuthorizeAtribute and set its Roles property to the roles that allowed to access the controller or method.
Thank You, See you in the next article !!
You can reach out to me here,
LinkedIn: https://www.linkedin.com/in/vaibhav-bhapkar
Email: vaibhavbhapkar.medium@gmail.com
