A simple library to enable ASP.NET Core authentication and authorization to AspNetCoreServer.
This library is necessary to let ASP.NET Core runtime understand that the user is already authenticated by AWS API Gateway, and all claims are already created. With that, it's possible to use regular authorization features from ASP.NET Core like [Authorize] and AuthorizationPolicy.
First, install the Moschen.AwsLambdaAuthenticationHandler.Jwt NuGet package into your app.
dotnet add package Moschen.AwsLambdaAuthenticationHandlerNuGet
After, configure your ASP.Net Core project. At Startup, configure the Authentication Handler and enable authentication and authorization.
public void ConfigureServices(IServiceCollection services)
{
...
services.AddAuthentication(AwsJwtAuthorizerDefaults.AuthenticationScheme)
.AddJwtAuthorizer(options =>
{
// In the case of local run, this option enables the extraction of claims from the token
options.ExtractClaimsFromToken = true;
// Validates the presence of the token
options.RequireToken = true;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthentication();
app.UseAuthorization();
}Consider checking the GitHub Actions workflows.
Consider checking the samples here.
The best way to run is using AWS platform free tier. Yes, you can try to use localstack, however, since the AspNetCoreServer requires a docker image and the free tier doesn't support ECR, maybe you will have to need the pro version.
The example provided uses Google OAuth Client as Cognito Identity Pool and uses JWT authorizer.
- Linux
- Docker
- .Net CLI
- AWS CLI
- Terraform
- Google OAuth Client
From the local repository root.
./deployment/deploy.bash <aws account id> <aws region> <google oauth client id>The results should be something like:
Access the swagger https://.execute-api.region.amazonaws.com/prod/swagger and configure the authentication:
Test the API:
