Description
DebugProbe currently exposes debug endpoints under /debug.
While these endpoints are useful during development and troubleshooting, users do not currently have a clear way to protect them using ASP.NET Core authorization policies.
DebugProbe should provide a configuration option that allows users to require an authorization policy for debug endpoints when needed.
Current Behavior
DebugProbe endpoints are available when DebugProbe is configured.
There is currently no dedicated option to attach an ASP.NET Core authorization policy to the debug endpoints.
Expected Behavior
Users should be able to protect DebugProbe endpoints through configuration.
Example:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("DebugProbePolicy", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireRole("Admin");
});
});
app.UseDebugProbe(options =>
{
options.AuthorizationPolicy = "DebugProbePolicy";
});If AuthorizationPolicy is not configured, DebugProbe should continue working without requiring a policy to preserve existing behavior.
Result
After this change:
- users can protect
/debug endpoints with ASP.NET Core authorization
- DebugProbe integrates with existing application authentication
- admin-only access can be configured using roles, claims, or custom policies
- existing users are not affected because authorization remains optional by default
- DebugProbe becomes safer and easier to adopt in real applications
Documentation Updates
After implementation, the following documentation should be updated:
- README installation and configuration examples
- Security Defaults section
- Quick Start example
Examples should demonstrate both unsecured and policy-protected debug endpoints.
Example:
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("DebugProbePolicy", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireRole("Admin");
});
});
app.UseDebugProbe(options =>
{
options.AuthorizationPolicy = "DebugProbePolicy";
});The Security Defaults section should also clarify that DebugProbe does not require authentication by default and that authorization policies can be configured when exposing debug endpoints outside local development environments.
Description
DebugProbe currently exposes debug endpoints under
/debug.While these endpoints are useful during development and troubleshooting, users do not currently have a clear way to protect them using ASP.NET Core authorization policies.
DebugProbe should provide a configuration option that allows users to require an authorization policy for debug endpoints when needed.
Current Behavior
DebugProbe endpoints are available when DebugProbe is configured.
There is currently no dedicated option to attach an ASP.NET Core authorization policy to the debug endpoints.
Expected Behavior
Users should be able to protect DebugProbe endpoints through configuration.
Example:
If
AuthorizationPolicyis not configured, DebugProbe should continue working without requiring a policy to preserve existing behavior.Result
After this change:
/debugendpoints with ASP.NET Core authorizationDocumentation Updates
After implementation, the following documentation should be updated:
Examples should demonstrate both unsecured and policy-protected debug endpoints.
Example:
The Security Defaults section should also clarify that DebugProbe does not require authentication by default and that authorization policies can be configured when exposing debug endpoints outside local development environments.