public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (attributes == null)
{
throw new ArgumentNullException(nameof(attributes));
}
var policyBuilder = new AuthorizationPolicyBuilder();
var any = false;
foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
{
any = true;
var useDefaultPolicy = true;
if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
{
var policy = options.GetPolicy(authorizeAttribute.Policy);
if (policy == null)
{
throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
}
policyBuilder.Combine(policy);
useDefaultPolicy = false;
}
var rolesSplit = authorizeAttribute.Roles?.Split(',');
if (rolesSplit != null && rolesSplit.Any())
{
var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
policyBuilder.RequireRole(trimmedRolesSplit);
useDefaultPolicy = false;
}
var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
if (authTypesSplit != null && authTypesSplit.Any())
{
foreach (var authType in authTypesSplit)
{
if (!string.IsNullOrWhiteSpace(authType))
{
policyBuilder.AuthenticationSchemes.Add(authType.Trim());
}
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(options.DefaultPolicy);
}
}
return any ? policyBuilder.Build() : null;
}
/// <summary>
/// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
/// </summary>
/// <param name="policyName">The policy name to retrieve.</param>
/// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
public virtual Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
// MVC caches policies specifically for this class, so this method MUST return the same policy per
// policyName for every request or it could allow undesired access. It also must return synchronously.
// A change to either of these behaviors would require shipping a patch of MVC as well.
return(Task.FromResult(_options.GetPolicy(policyName)));
}
public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable <IAuthorizeData> attributes)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (attributes == null)
{
throw new ArgumentNullException(nameof(attributes));
}
var policyBuilder = new AuthorizationPolicyBuilder();
var any = false;
foreach (var authorizeAttribute in attributes.OfType <AuthorizeAttribute>())
{
any = true;
var useDefaultPolicy = true;
if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
{
var policy = options.GetPolicy(authorizeAttribute.Policy);
if (policy == null)
{
throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
}
policyBuilder.Combine(policy);
useDefaultPolicy = false;
}
var rolesSplit = authorizeAttribute.Roles?.Split(',');
if (rolesSplit != null && rolesSplit.Any())
{
var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
policyBuilder.RequireRole(trimmedRolesSplit);
useDefaultPolicy = false;
}
var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
if (authTypesSplit != null && authTypesSplit.Any())
{
foreach (var authType in authTypesSplit)
{
if (!string.IsNullOrWhiteSpace(authType))
{
policyBuilder.AuthenticationSchemes.Add(authType.Trim());
}
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(options.DefaultPolicy);
}
}
return(any ? policyBuilder.Build() : null);
}
/// <summary>
/// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
/// </summary>
/// <param name="policyName">The policy name to retrieve.</param>
/// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
public virtual Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
return(Task.FromResult(_options.GetPolicy(policyName)));
}