All geek questions in one place

User Authorization Data with Amazon.Lambda.AspNetCoreServer

In the past, we worked a lot with Node.js, we are currently exploring ASP.NET Core as an alternative Lambda platform.

In the past, our APIs based on APIs were based on a special authorizer that authenticated the user and received a list of permission policies based on resources from our companyโ€™s IAM service. The authorizer attaches this list to the authContext key. Our services will integrate with the Gateway API through Lambda Proxy and extract the main object from the raw proxy request.

When using Amazon.Lambda.AspNetCoreServer to translate between the Gateway API and ASP.NET, we cannot arrive at a similar scenario.

Amazon.Lambda.AspNetCoreServer :: ApiGatewayProxyFunction :: FunctionHandlerAsync ( Stream responseStream, ILambdaContext lambdaContext ) or any equivalent Lambda handler signature, in this case receives the full raw request in the first parameter. It is possible to serialize the stream (for example, in JObject JSON.NET) and retrieve the main object there.

However, accessing this data in an ASP.NET application is difficult. I'm not sure if the autoresponder response is being sent to the HTTP context. When checking it, the ClaimsPrincipal key context.User does not contain data.

Several solutions have been thrown around:

  • Retrieve IAM information in overriden FunctionHandlerAsync and store it globally using environment or session variables
  • Interface creation and optional implementation of the IAM provider service. It will provide a method for obtaining IAM information. The implementation will simply return a deserialized claim list. The service will be configured in the Init override method (IWebHostBuilder).
  • pasting an object (Claims / General) Principal and trying to pass it to the HTTP context

Is there any way to achieve this purely?

+5
source share
1 answer

We are in the same situation, and by no means do I propose a good and clean solution, but I have a workaround.

If you look at the request payload, json will be formatted as follows:

{ [...] "requestContext": { [...] "authorizer": { "claims": { "claim1": "value1", "claim2": "value2", "claim3": "value3", } }, [...]

In APIGatewayProxyFunction.FunctionHandlerAsync they deserialize the requestStream into APIGatewayProxyRequest . If you go into this class, you will find that the json authorizer part is deserialized to:

 public class APIGatewayCustomAuthorizerContext { public string PrincipalId { get; set; } public string StringKey { get; set; } public int? NumKey { get; set; } public bool? BoolKey { get; set; } }

I. All claims are lost upon deserialization. I posted this problem here: https://github.com/aws/aws-lambda-dotnet/issues/98

Now for the workaround, I just added something that โ€œworksโ€ together here (Code here ):

Please note that it is very unverified. :-)

Using:

 public class LambdaEntryPoint : APIGatewayAuthorizerProxyFunction { protected override void Init(IWebHostBuilder builder) { builder .UseContentRoot(Directory.GetCurrentDirectory()) .UseStartup<Startup>() .UseApiGateway(); } }
+1
source

Source: https://habr.com/ru/post/1266302/

More articles:


All Articles