Add Authorization to ProductUserChange endpoint (#1008)

source/OptimaJet.DWKit.StarterApplication/BackendServicesExtension.cs

@@ -9,6 +9,7 @@
 using JsonApiDotNetCore.Data;
 using JsonApiDotNetCore.Extensions;
 using JsonApiDotNetCore.Services;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Http;
@@ -247,7 +248,9 @@ public static IServiceCollection AddAuthenticationServices(this IServiceCollecti
             .AddCookie(options => {
                 options.ExpireTimeSpan = TimeSpan.FromDays(365);
                 options.LoginPath = "/Account/Login/";
-            });
+            })
+            // B2B Bearer authentication
+            .AddScheme<AuthenticationSchemeOptions, UserManagementBearerAuthenticationHandler>(UserManagementBearerAuthenticationHandler.AuthenticationScheme, null);
 
             services.AddAuthorization(options =>
             {

source/OptimaJet.DWKit.StarterApplication/BearerAuthenticationHandler.cs

@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using static OptimaJet.DWKit.StarterApplication.Utility.EnvironmentHelpers;
+
+namespace OptimaJet.DWKit.StarterApplication
+{
+    public class UserManagementBearerAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+    {
+        public const string AuthenticationScheme = "UserManagementBearerScheme";
+
+        public UserManagementBearerAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+            : base(options, logger, encoder, clock)
+        {
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var authHeader = Context.Request.Headers["Authorization"].FirstOrDefault();
+
+            if (string.IsNullOrEmpty(authHeader))
+            {
+                return AuthenticateResult.Fail("Authorization header is missing.");
+            }
+
+            // Validate the Bearer token as needed
+            // You might want to perform custom validation or retrieve user information from the token.
+            var token = GetVarOrThrow("USER_MANAGEMENT_TOKEN");
+            if (!authHeader.EndsWith(token))
+            {
+                return AuthenticateResult.Fail("Authorization failure.");
+            }
+
+
+            // For simplicity, let's assume the token is valid and create a sample identity.
+            var claims = new[] { new Claim(ClaimTypes.Name, "UserManagement") };
+            var identity = new ClaimsIdentity(claims, Scheme.Name);
+            var principal = new ClaimsPrincipal(identity);
+            var ticket = new AuthenticationTicket(principal, Scheme.Name);
+
+            return AuthenticateResult.Success(ticket);
+        }
+    }
+}

source/OptimaJet.DWKit.StarterApplication/Controllers/ProductUserChangeController.cs

@@ -1,12 +1,14 @@
 
 using System.Threading.Tasks;
 using JsonApiDotNetCore.Services;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using OptimaJet.DWKit.StarterApplication.Models;
 using OptimaJet.DWKit.StarterApplication.Services;
 
 namespace OptimaJet.DWKit.StarterApplication.Controllers
 {
+    [Authorize(AuthenticationSchemes = UserManagementBearerAuthenticationHandler.AuthenticationScheme)]
     public class ProductUserChangeController : BaseController<ProductUserChange>
     {
         public ProductUserChangeController(