Skip to main content

4 posts tagged with "ASP.NET6"

View All Tags

· 2 min read
Adnan Rafiq
Start and Finish Image

Image by @claybanks

Authorization Policy

Authorizing the resource access is essential part of any API. The .NET provides you a perfect mental model which is easier to reason about. It has this flow:

  1. What is the name of your policy as string.
  2. What requirement the user must satisfy to qualify which implements the IAuthorizationRequirement interface.
  3. What is your handler responsible to evaluate, which inherits the AuthorizationHandler<UniqueIdHeaderRequirement> and register it.

Then Authorize attribute allows you to set a policy name when used on controller or action method. But if you are fan of Minimal API then fluent style is the way to go using RequireAuthorization.

· 3 min read
Adnan Rafiq
Start and Finish Image

Image by awcreativeut

CORS are best described on MDN

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

How to configure CORS in .NET6 API?

CORS in .NET6 API can be configured using CORS policies.