protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApiKeyRequirement requirement)
{
if (context.User == null ||
!context.User.Identity.IsAuthenticated ||
!context.User.HasClaim(x => x.Type == ClaimTypes.Name))
{
logger.LogWarning($"User isn't authenticated.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
var token = authRepository.GetAPITokenAsync(context.User.FindFirst(ClaimTypes.Name).Value).Result;
var routeData = httpContextAccessor.HttpContext.GetRouteData();
if (!routeData.Values.TryGetValue("channelid", out object channelid))
{
logger.LogWarning("Channel Id wasn't provided.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
if (!authRepository.IsAuthorizedToAPITokenCacheAsync(channelid.ToString(), token.Id).Result)
{
logger.LogWarning($"Channel Id({channelid}) isn't authorized to access token Id({token.Id}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
context.Succeed(requirement);
return(Task.FromResult(AuthorizationResult.Success()));
}
public static void UserAuthorizationFailed(this ILogger logger, AuthorizationFailure failure)
{
var reason = failure.FailCalled
? "Fail() was explicitly called."
: "These requirements were not met:" + Environment.NewLine + string.Join(Environment.NewLine, failure.FailedRequirements);
_userAuthorizationFailed(logger, reason, null);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ChannelRequirement requirement)
{
if (context.User == null ||
!context.User.Identity.IsAuthenticated ||
!context.User.HasClaim(x => x.Type == ClaimTypes.NameIdentifier))
{
logger.LogWarning($"User isn't authenticated.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
var routeData = httpContextAccessor.HttpContext.GetRouteData();
long routeAccountId = 0, routeTokenId;
if (!routeData.Values.TryGetValue("accountid", out object accountid) || !long.TryParse(accountid.ToString(), out routeAccountId))
{
logger.LogWarning($"A valid Account Id wasn't provided, instead was provided {accountid}. ");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
string authenticatedAccountId = context.User.FindFirst(ClaimTypes.NameIdentifier).Value;
if (authenticatedAccountId != routeAccountId.ToString())
{
logger.LogWarning($"Account Id ({routeAccountId}) provided is not the same as the account Id ({authenticatedAccountId}) of the authenticated user.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
if (routeData.Values.TryGetValue("channelid", out object routeChannelId))
{
if (!authRepositort.IsAuthorizedToChannelCacheAsync(routeAccountId, routeChannelId.ToString()).Result)
{
logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
if (routeData.Values.TryGetValue("tokenid", out object tokenid))
{
if (!long.TryParse(tokenid.ToString(), out routeTokenId) || !authRepositort.IsAuthorizedToAPITokenCacheAsync(routeAccountId, routeChannelId.ToString(), routeTokenId).Result)
{
logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId}) with token Id({routeTokenId}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
}
}
context.Succeed(requirement);
return(Task.FromResult(AuthorizationResult.Success()));
}
public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
{
if (context.HasSucceeded)
{
return(AuthorizationResult.Success());
}
return(AuthorizationResult.Failed(
context.HasFailed ?
AuthorizationFailure.ExplicitFail() :
AuthorizationFailure.Failed(context.PendingRequirements)
));
}
public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
{
if (context.HasFailed == true)
{
return(AuthorizationResult.Failed(AuthorizationFailure.ExplicitFail()));
}
var success = context.PendingRequirements.Count() < context.Requirements.Count();
return(success
? AuthorizationResult.Success()
: AuthorizationResult.Failed(AuthorizationFailure.ExplicitFail()));
}
public AuthorizationFailureException(AuthorizationFailure failure) : base("You do not have permission to perform this action")
{
Failure = failure;
}
public static void LogFailure(ILogger logger, Article article, AuthorizationFailure failure)
{
var failures = string.Join(", ", failure.FailedRequirements.Select(f => f.GetType().Name));
logger.LogWarning($"Article {article.Name} is denied because {failures}");
}
/// <summary>
/// Determines whether the authorization result was successful or not.
/// </summary>
/// <param name="context">The authorization information.</param>
/// <returns>The <see cref="AuthorizationResult"/>.</returns>
public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
=> context.HasSucceeded
? AuthorizationResult.Success()
: AuthorizationResult.Failed(context.HasFailed
? AuthorizationFailure.Failed(context.FailureReasons)
: AuthorizationFailure.Failed(context.PendingRequirements));
/// <summary>
/// Creates a failed authorization result.
/// </summary>
/// <returns>The <see cref="AuthorizationResult"/>.</returns>
public static AuthorizationResult Failed() => new AuthorizationResult
{
Failure = AuthorizationFailure.ExplicitFail()
};
/// <summary>
/// Creates a failed authorization result.
/// </summary>
/// <param name="failure">Contains information about why authorization failed.</param>
/// <returns>The <see cref="AuthorizationResult"/>.</returns>
public static AuthorizationResult Failed(AuthorizationFailure failure) => new AuthorizationResult
{
Failure = failure
};
public static PolicyAuthorizationResult Forbid(AuthorizationFailure authorizationFailure)
=> new PolicyAuthorizationResult
{
Forbidden = true, AuthorizationFailure = authorizationFailure
};
public AuthorizationException(AuthorizationFailure failure, string message, Exception innerException) : base(message, innerException)
{
FailedRequirements = failure.FailedRequirements.Select(r => r.GetType().Name);
}