Img_0738_large

Kevin Rich

Restricting Access to Routes without [Authorize] Filter

Locking down Swagger, Elmah, and other "magic" endpoints

Create a Delegating Handler

In this example, I want to lock down the \swagger endpoint from an ASP.NET 4.6.1 MVC web application.

 public class SwaggerAccessMessageHandler : DelegatingHandler
 {
 protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) . . .

Read More

December 05, 2016

Adding User Claims via API keys in WebApi 2

Adding a Custom Authentication Filter

Update

Please for the love of all that is holy, don't do this. There are many great solutions out there now. I recommend Azure AD (cheap), Auth0(freeish), or Identity Server(open sou). This was a pretty terrible implementation that was meant as a stopgap.

Scenario

I have an API that I wish to lock down via an . . .

Read More

July 19, 2016

Archive

Cover image credit: http://whoiskevinrich.com