Skip to content
/ grpcAuthorizationExample Public

A simple example of token-based authorization in ASP.NET Core that uses a separate gRPC service to validate tokens

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

luarvic/grpcAuthorizationExample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

4 Commits
images
images
ย 
ย 
src
src
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

gRPC Authorization Example

Table of Contents

  1. Problem statement.
  2. Create empty HTTP-based weather forecast service.
  3. Create empty gRPC-based authorization service.
  4. Implement token-based authorization logic in gRPC-based service.
  5. Add authorization into weather forecast service.
  6. Testing how authorization works.

Problem statement

This solution demonstrates how to add token-based user authorization, managed by a separate gRPC service, to a mock weather forecast service.

Imagine, you have created a brand new web API service using CLI.

dotnet new webapi --use-controllers --name WeatherForecastService.Http

This service exposes a single WeatherForecast endpoint accessible to any user.

Weather Forecast Endpoints

The goal is to make the endpoint accessible only to users who have a valid token. Additionally, we want to dedicate the authorization logic to the gRPC-based service.

Create empty HTTP-based weather forecast service

Let's create an empty web API service via CLI by running the following command.

dotnet new webapi --use-controllers --name WeatherForecastService.Http

Create empty gRPC-based authorization service

Let's create an empty gRPC service via CLI by running the following command.

dotnet new grpc --name AuthorizationService.Grpc

Implement token-based authorization logic in gRPC-based service

First let's define a new authorization service by adding authz.proto file and reference it in AuthorizationService.Grpc.csproj file.

Next, we need to build the project to have new classes specified in proto automagically generated for us.

dotnet build

Now we need to implement Authorize method declared in authz.proto. Let's create AuthzService.cs file and write Authorize method there. For the sake of simplicity, let's authorize users if the passed authorization token contains valid substring.

Finally we need to map AuthzService in Program.cs file.

Add authorization into weather forecast service

Now let's make the weather service call the authorization service on every request and allow or deny access to its endpoint based on the authorization token passed in the request headers.

First we need to copy Protos/authz.proto file from AuthorizationService.Grpc into Protos subdirectory of WeatherForecastService.Http project and reference it in WeatherForecastService.Http.csproj file.

Build the project.

dotnet build

Add the following NuGet packages.

dotnet add package Grpc.Net.Client
dotnet add package Google.Protobuf
dotnet add package Grpc.Tools

Add inline middleware that validates authorization tokens by calling the authorization service.

We are done! ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

Testing how authorization works

Let's run both projects and try calling WeatherForecast endpoint.

First let's call it without a token. As expected, the response code is 401 Unauthorized.

Weather Forecast 401 Unauthorized

Let's call it again specifying authorization token with valid value. The response code now is 200 Success.

Weather Forecast 200 Success

Don't forget to give โญ๏ธ if it was helpful.

About

A simple example of token-based authorization in ASP.NET Core that uses a separate gRPC service to validate tokens

Topics

middleware grpc authorization asp-net-core

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages