Ejemplo n.º 1
0
        protected async Task HandleRequirementAsync(AuthorizationHandlerContext context, ResourceIdRequirement requirement)
        {
            var resourceClaims = context.User.FindAll($"{Constants.RESOURCE_ID_CLAIM_TYPE}:{requirement.PolicyName}");

            var tenantId = await _tenantIdProvider.CurrentTenantId();

            var accessibleResources = new string[0];

            foreach (var resourceClaim in resourceClaims)
            {
                var tenantResourceMapping = string.IsNullOrEmpty(resourceClaim.Value) ? new string[0] : resourceClaim.Value.Split('_');

                if (tenantResourceMapping.Length == 2 && tenantResourceMapping[1].Equals(tenantId.ToString()))
                {
                    accessibleResources = tenantResourceMapping[0].Split(',');
                    break;
                }
            }

            bool succeeded = false;

            if (await _resourceIdProvider.IsSpecificResourceId())
            {
                succeeded = accessibleResources.Contains((await _resourceIdProvider.CurrentResourceId()).ToString()) || accessibleResources.Contains(Constants.RESOURCE_ID_WILDCARD);
            }
            else
            {
                succeeded = accessibleResources.Contains(Constants.RESOURCE_ID_WILDCARD);
            }

            if (succeeded)
            {
                context.Succeed(requirement);
            }
        }
Ejemplo n.º 2
0
        public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
        {
            var policy = await base.GetPolicyAsync(policyName);

            var tenant = await _tenantProvider.CurrentTenantId();

            if (policy == null || await _iamProvider.NeedsUpdate(policyName, tenant, _iamProviderCache))
            {
                var iamRoles = await _iamProvider.GetRequiredRoles(policyName, tenant, _iamProviderCache);

                var iamClaim = await _iamProvider.GetRequiredClaim(policyName, tenant, _iamProviderCache);

                var isResourceIdAccessRequired = await _iamProvider.IsResourceIdAccessRequired(policyName, tenant, _iamProviderCache);

                var builder = new AuthorizationPolicyBuilder()
                              .RequireAuthenticatedUser();

                if (iamRoles != null)
                {
                    var _iamRoles = !string.IsNullOrEmpty(iamClaim) ? new List <string>(iamRoles).Union(new List <string>()
                    {
                        iamClaim
                    }) : iamRoles;

                    if (iamRoles.Count > 0)
                    {
                        builder.RequireRole(_iamRoles.Select(x => x.ToMultiTenantRoleName(tenant)));
                    }
                }
                else if (!string.IsNullOrEmpty(iamClaim))
                {
                    builder.RequireRole(iamClaim.ToMultiTenantRoleName(tenant));
                }

                if (isResourceIdAccessRequired)
                {
                    builder.AddRequirements(new ResourceIdRequirement(policyName));
                }

                policy = builder
                         .Build();
            }

            return(policy);
        }