StockportGovUK.AspNetCore.Attributes.TokenAuthentication

💻🚪🌈

Wonders lie ahead

The token authentication attribute enables simple basic token authentication, this will prohibit access to endpoints based on a client providing an API Key.

External Links GitHub | NuGet

_{Built with ❤︎ by Stockport Council and contributors}

Defaults for clients

By default the key can either be as the query string "api_key" or in the "Authorization" header with the format:

Authorization: BEARER YourSecretTokenHere

Usage

To secure an API end point or an entire controller using the TokenAuthentication attribute.

[TokenAuthentication]
public ActionResult YourActionName()

Configuration

The required API key is stored in a preferrably secret configuration file for the service in the format below:

"TokenAuthentication": {
    "Key": "Your secret token here",
}

You can also specify an alternative querystring parameter name.

"TokenAuthentication": {
    "Key": "Your secret token here",
    "QueryString": "MyCustomQueryString"
}

Or an alternative custom header.

"TokenAuthentication": {
    "Key": "Your secret token here",
    "Header": "MyCustomHeader"
}

Ignored Routes

You can specify routes to be ignored when you specify TokenAuthentication and the controller level as below.

[TokenAuthentication(IgnoredRoutes = new []{"/api/my/endpoint/action"})]

Expected Results

Successful requests will result in processes continuing to execute.

Incorrect or non-existant API keys for authenticated end points with return an UnauthorizedObjectResult (401)

Any issues encountered during the processing of the request will result in a BadRequestObjectResult (500)

Custom Redirects

Rather than return a 401 code you can specify a custom redirect, unauthorized requests will be redirected to the specified url.

    "TokenAuthentication": {
        "Key": "abc12345",
        "CustomRedirect": "https://www.stockport.gov.uk"
    }