{"id":15150387,"url":"https://github.com/luarvic/grpcauthorizationexample","last_synced_at":"2026-01-20T05:07:31.411Z","repository":{"id":250216433,"uuid":"833821132","full_name":"luarvic/grpcAuthorizationExample","owner":"luarvic","description":"A simple example of token-based authorization in ASP.NET Core that uses a separate gRPC service to validate tokens","archived":false,"fork":false,"pushed_at":"2024-08-03T00:46:20.000Z","size":1354,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T05:49:46.244Z","etag":null,"topics":["asp-net-core","authorization","grpc","middleware"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/luarvic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-25T20:28:06.000Z","updated_at":"2024-08-03T00:46:23.000Z","dependencies_parsed_at":"2024-08-03T20:02:59.361Z","dependency_job_id":null,"html_url":"https://github.com/luarvic/grpcAuthorizationExample","commit_stats":null,"previous_names":["luarvic/grpcauthorizationexample"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarvic%2FgrpcAuthorizationExample","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarvic%2FgrpcAuthorizationExample/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarvic%2FgrpcAuthorizationExample/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luarvic%2FgrpcAuthorizationExample/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/luarvic","download_url":"https://codeload.github.com/luarvic/grpcAuthorizationExample/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247601483,"owners_count":20964864,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asp-net-core","authorization","grpc","middleware"],"created_at":"2024-09-26T14:03:30.808Z","updated_at":"2026-01-20T05:07:29.224Z","avatar_url":"https://github.com/luarvic.png","language":"C#","readme":"# gRPC Authorization Example\n\n## Table of Contents\n\n1. [Problem statement.](#problem-statement)\n1. [Create empty HTTP-based weather forecast service.](#create-empty-http-based-weather-forecast-service)\n1. [Create empty gRPC-based authorization service.](#create-empty-grpc-based-authorization-service)\n1. [Implement token-based authorization logic in gRPC-based service.](#implement-token-based-authorization-logic-in-grpc-based-service)\n1. [Add authorization into weather forecast service.](#add-authorization-into-weather-forecast-service)\n1. [Testing how authorization works.](#testing-how-authorization-works)\n\n### Problem statement\n\nThis solution demonstrates how to add token-based user authorization, managed by a separate gRPC service, to a mock weather forecast service.\n\nImagine, you have created a brand new web API service using CLI.\n\n```bash\ndotnet new webapi --use-controllers --name WeatherForecastService.Http\n```\n\nThis service exposes a single `WeatherForecast` endpoint accessible to any user.\n\n![Weather Forecast Endpoints](./images/weather-forecast-endpoints.png)\n\nThe goal is to make the endpoint accessible only to users who have a valid token. Additionally, we want to dedicate the authorization logic to the gRPC-based service.\n\n### Create empty HTTP-based weather forecast service\n\nLet's create an empty web API service via CLI by running the following command.\n\n```bash\ndotnet new webapi --use-controllers --name WeatherForecastService.Http\n```\n\n### Create empty gRPC-based authorization service\n\nLet's create an empty gRPC service via CLI by running the following command.\n\n```bash\ndotnet new grpc --name AuthorizationService.Grpc\n```\n\n### Implement token-based authorization logic in gRPC-based service\n\nFirst let's define a new authorization service by adding [authz.proto](./src/AuthorizationService.Grpc/Protos/authz.proto) file and reference it in [AuthorizationService.Grpc.csproj](/src/AuthorizationService.Grpc/AuthorizationService.Grpc.csproj#L11) file.\n\nNext, we need to build the project to have new classes specified in proto automagically generated for us.\n\n```bash\ndotnet build\n```\n\nNow we need to implement `Authorize` method declared in [authz.proto](./src/AuthorizationService.Grpc/Protos/authz.proto#L10). Let's create [AuthzService.cs](./src/AuthorizationService.Grpc/Services/AuthzService.cs) file and write [Authorize](./src/AuthorizationService.Grpc/Services/AuthzService.cs#L14) method there. For the sake of simplicity, let's authorize users if the passed authorization token contains [valid](./src/AuthorizationService.Grpc/Services/AuthzService.cs#L25) substring.\n\nFinally we need to map `AuthzService` in [Program.cs](./src/AuthorizationService.Grpc/Program.cs#L12) file.\n\n### Add authorization into weather forecast service\n\nNow let's make the weather service call the authorization service on every request and allow or deny access to its endpoint based on the authorization token passed in the request headers.\n\nFirst we need to copy [Protos/authz.proto](./src/AuthorizationService.Grpc/Protos/authz.proto) file from `AuthorizationService.Grpc` into `Protos` subdirectory of `WeatherForecastService.Http` project and reference it in [WeatherForecastService.Http.csproj](./src/WeatherForecastService.Http/WeatherForecastService.Http.csproj#L20) file.\n\nBuild the project.\n\n```bash\ndotnet build\n```\n\nAdd the following NuGet packages.\n\n```\ndotnet add package Grpc.Net.Client\ndotnet add package Google.Protobuf\ndotnet add package Grpc.Tools\n```\n\nAdd [inline middleware](./src/WeatherForecastService.Http/Program.cs#L26) that validates authorization tokens by calling the authorization service.\n\nWe are done! 🎉🎉🎉\n\n### Testing how authorization works\n\nLet's run both projects and try calling `WeatherForecast` endpoint.\n\nFirst let's call it without a token. As expected, the response code is `401 Unauthorized`.\n\n![Weather Forecast 401 Unauthorized](./images/weather-forecast-401-unauthorized.png)\n\nLet's call it again specifying authorization token with `valid` value. The response code now is `200 Success`.\n\n![Weather Forecast 200 Success](./images/weather-forecast-200-success.png)\n\nDon't forget to give ⭐️ if it was helpful.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluarvic%2Fgrpcauthorizationexample","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluarvic%2Fgrpcauthorizationexample","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluarvic%2Fgrpcauthorizationexample/lists"}