user access module with latest dev branch changes

DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs

@@ -1,7 +1,6 @@
 using DamageAssesment.Api.Answers.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.OpenApi.Any;
 
 namespace DamageAssesment.Api.Answers.Controllers
 {
@@ -16,7 +15,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers
         /// </summary>
-        
+        [Authorize(Roles = "admin")]
         [HttpGet("answers")]
         public async Task<ActionResult> GetAnswersAsync() {
         
@@ -32,7 +31,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// Get an answer based on answerId.
         /// </summary>
 
-
+        [Authorize(Roles = "admin")]
         [HttpGet("answers/{id}")]
         public async Task<ActionResult> GetAnswerByIdAsync(int id)
         {
@@ -48,6 +47,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers based on responseId.
         /// </summary>
+        [Authorize(Roles = "admin")]
         [HttpGet("answers/byresponse/{responseid}")]
         public async Task<IActionResult> GetAnswersByResponseId(int responseid)
         {
@@ -61,7 +61,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Get all answers based on questionId.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("answers/byquestion/{questionid}")]
         public async Task<IActionResult> AnswersByQuestionId(int questionid)
         {
@@ -75,7 +75,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Update an existing answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPut("answers")]
         public async Task<IActionResult> UpdateAnswer(Models.Answer answer)
         {
@@ -96,7 +96,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         /// Save a new answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpPost("answers")]
         public async Task<IActionResult> CreateAnswer(Models.Answer answer)
         {
@@ -114,7 +114,7 @@ namespace DamageAssesment.Api.Answers.Controllers
         /// <summary>
         ///  Delete an existing answer.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpDelete("answers/{id}")]
         public async Task<IActionResult> DeleteAnswer(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs

@@ -1,23 +1,73 @@
 using DamageAssesment.Api.Answers.Db;
 using DamageAssesment.Api.Answers.Interfaces;
 using DamageAssesment.Api.Answers.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
-
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 // Add services to the container.
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 builder.Services.AddScoped<IAnswersProvider, AnswersProvider>();
 builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); //4/30
@@ -35,7 +85,7 @@ if (app.Environment.IsDevelopment())
     app.UseSwagger();
     app.UseSwaggerUI();
 }
-
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();