ODataAuthorization: A library for Securing OData Endpoints

[bytefish]

I have recently updated ODataAuthorization, which is a library for authorizing OData requests:

• https://github.com/bytefish/ODataAuthorization

You basically set the Read / Update / Delete Restrictions on the EntitySets in your IEdmModel:

products.HasReadRestrictions()
    .HasPermissions(p =>
        p.HasSchemeName("Scheme").HasScopes(s => s.HasScope("Product.Read")))
    .HasReadByKeyRestrictions(r => r.HasPermissions(p =>
        p.HasSchemeName("Scheme").HasScopes(s => s.HasScope("Product.ReadByKey"))));

And then you can add Authorization to the ASP.NET Core OData Endpoints like this:

using ODataAuthorization;

// ...

builder.Services.AddAuthorization(options =>
{
    options.AddODataAuthorizationPolicy();
});

// ...

var app = builder.Build();

// ...

app
    .MapControllers()
    .RequireODataAuthorization();

It is based on the WebApiAuthorization library by Microsoft.

You can find a complete example here:

• https://github.com/bytefish/ODataAuthorization/tree/main/samples/CookieAuthenticationSample

[habbes]

Interesting to see this development @bytefish. Does this work with the latest AspNetCore.OData version? For context, the referenced WebApiAuthorization unfortunately never made it to an official release.

[bytefish]

@habbes Yes, it works with the latest ASP.NET Core OData version and integrates very nicely with the Authorization Middleware.

Like the README says, it’s largely based on your WebApiAuthorization project. Except for now using a different approach to plugging into the Authorization Middleware.

[bytefish]

@habbes @xuzhg I've made a PR to the official repository at:

• Update to support the latest Microsoft.AspNetCore.OData version WebApiAuthorization#14

It would then support the latest Microsoft.AspNetCore.OData version. It is a major change to the API, so it would be a breaking change. However, the library now integrates much better with the ASP.NET Core Authorization middleware.

I understand, that the OData team at Microsoft is a very small one. And this library never saw an official release, because there are other priorities and a different path forward has been chosen by Microsoft.

Would it be better, if we move this library to the .NET Foundation? So it isn’t a liability to the OData team, but rather makes it a .NET community effort. I would also maintain it.