Skip to content

Authorization resource in endpoint routing will now be HttpContext #423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
HaoK opened this issue Jun 24, 2020 · 0 comments
Open

Authorization resource in endpoint routing will now be HttpContext #423

HaoK opened this issue Jun 24, 2020 · 0 comments
Labels
5.0.0 Announcements related to ASP.NET Core 5.0 Announcement Breaking change Documented The breaking change has been published to the .NET Core docs
Milestone

Comments

@HaoK
Copy link
Member

HaoK commented Jun 24, 2020

Authorization resource in endpoint routing will now be HttpContext

Prior to this change, when using endpoint routing, the resource used for authorization would be the endpoint. This was insufficient to get access to the route data. Previously in MVC, the resource that was passed in was HttpContext which allows access to both the Endpoint and RouteData. This change just makes it so the resource passed into Authorization is always the HttpContext.

Version introduced

5.0-preview7

Old behavior

When using Endpoint routing and the AuthorizationMiddleware/AuthorizeAttributes, the resource passed into Authorization would be the matching Endpoint.

New behavior

Endpoint routing will now pass in the HttpContext into Authorization.

Reason for change

You can get to the Endpoint from the HttpContext, but there was no way to get from the Endpoint to things like the RouteData, so this was a loss in functionality from non endpoint routing.

Recommended action

If your app was using the Endpoint resource before, you will simply need to call GetEndpoint() on the HttpContext to continue to access the endpoint.

In preview8, you can also revert to the old behavior by setting AppContext.SetSwitch("Microsoft.AspNetCore.Authorization.SuppressUseHttpContextAsAuthorizationResource", isEnabled: true);

Category

  • ASP.NET Core

Affected APIs

 "Not detectable via API analysis"

Issue metadata

  • Issue type: breaking-change
@HaoK HaoK added this to the 5.0 milestone Jun 24, 2020
@HaoK HaoK added 5.0.0 Announcements related to ASP.NET Core 5.0 Breaking change labels Jun 24, 2020
@aspnet aspnet locked and limited conversation to collaborators Jun 24, 2020
@scottaddie scottaddie added the Documented The breaking change has been published to the .NET Core docs label Jul 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
5.0.0 Announcements related to ASP.NET Core 5.0 Announcement Breaking change Documented The breaking change has been published to the .NET Core docs
Projects
None yet
Development

No branches or pull requests

2 participants