Continuous Integration

aws-lambda-authentication-handler

A simple library to enable ASP.NET Core authentication and authorization to AspNetCoreServer. This library is necessary to let ASP.NET Core runtime understand that the user is already authenticated by AWS API Gateway, and all claims are already created. With that, it's possible to use regular authorization features from ASP.NET Core like [Authorize] and AuthorizationPolicy.

Installation and Configuration

First, install the Moschen.AwsLambdaAuthenticationHandler.Jwt NuGet package into your app.

dotnet add package Moschen.AwsLambdaAuthenticationHandlerNuGet

After, configure your ASP.Net Core project. At Startup, configure the Authentication Handler and enable authentication and authorization.

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddAuthentication(AwsJwtAuthorizerDefaults.AuthenticationScheme)
      .AddJwtAuthorizer(options =>
      {
          // In the case of local run, this option enables the extraction of claims from the token
          options.ExtractClaimsFromToken = true;
          
          // Validates the presence of the token
          options.RequireToken = true;
      });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    ...
    app.UseAuthentication();
    app.UseAuthorization();
}

Build

Consider checking the GitHub Actions workflows.

Samples

Consider checking the samples here.

Running Using AWS

The best way to run is using AWS platform free tier. Yes, you can try to use localstack, however, since the AspNetCoreServer requires a docker image and the free tier doesn't support ECR, maybe you will have to need the pro version.

The example provided uses Google OAuth Client as Cognito Identity Pool and uses JWT authorizer.

Requirements

  • Linux
  • Docker
  • .Net CLI
  • AWS CLI
  • Terraform
  • Google OAuth Client

Deploy

From the local repository root.

./deployment/deploy.bash <aws account id> <aws region> <google oauth client id>

The results should be something like: image

Run

Access the swagger https://.execute-api.region.amazonaws.com/prod/swagger and configure the authentication: image

Test the API:

image