/// <summary>
/// A way to require claims for your <see cref="CarterModule"/>
/// </summary>
/// <param name="module">Current <see cref="CarterModule"/></param>
/// <param name="claims">The claims required for the routes in your <see cref="CarterModule"/></param>
public static void RequiresClaims(this CarterModule module, params Predicate <Claim>[] claims)
{
module.RequiresAuthentication();
module.Before += context =>
{
var validClaims = context.User != null && claims.All(context.User.HasClaim);
if (!validClaims)
{
context.Response.StatusCode = 401;
}
return(Task.FromResult(validClaims));
};
}
/// <summary>
/// A way to require policies for your <see cref="CarterModule"/>
/// </summary>
/// <param name="module">Current <see cref="CarterModule"/></param>
/// <param name="policyNames">The policies required for the routes in your <see cref="CarterModule"/></param>
public static void RequiresPolicy(this CarterModule module, params string[] policyNames)
{
module.RequiresAuthentication();
module.Before += async context =>
{
var authorizationService = context.RequestServices.GetRequiredService <IAuthorizationService>();
foreach (var policy in policyNames)
{
var result = await authorizationService.AuthorizeAsync(context.User, policy);
if (!result.Succeeded)
{
context.Response.StatusCode = 401;
return(false);
}
}
return(true);
};
}