public static void ConfigureCoreMvc(IMvcCoreBuilder builder)
{
builder.AddAuthorization(options =>
{
options.AddPolicy("ValidateClaims", policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.RequireAssertion(context =>
{
var principal = context.User;
var nameIdentifierClaim = principal.FindFirst(ClaimTypes.NameIdentifier);
if (nameIdentifierClaim == null ||
nameIdentifierClaim.Value != "1" ||
nameIdentifierClaim.ValueType != ClaimValueTypes.Integer32 ||
nameIdentifierClaim.Issuer != "TestIssuer" ||
nameIdentifierClaim.OriginalIssuer != "OriginalTestIssuer")
{
return(false);
}
return(true);
});
});
});
builder.AddJsonFormatters(options =>
{
options.NullValueHandling = NullValueHandling.Ignore;
});
}
/// <summary>
/// Добавляет обязательность авторизации ко всем запросам
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
internal static void ConfigureRequiredAuth(IMvcCoreBuilder builder, IConfiguration configuration)
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser()
.Build();
builder.AddAuthorization()
.AddMvcOptions(o => o.Filters.Add(new AuthorizeFilter(policy)));
}
public static void ConfigureCoreMvc(IMvcCoreBuilder builder)
{
builder.AddAuthorization();
builder.AddJsonFormatters(options =>
{
options.NullValueHandling = NullValueHandling.Ignore;
});
}
public static IMvcCoreBuilder AddAuthorizationPolicies(this IMvcCoreBuilder services)
{
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationConsts.AdministrationPolicy,
policy =>
{
policy.RequireScope(AuthenticationConsts.IdentityApiScope);
policy.RequireRole(AuthorizationConsts.AdministrationRole);
});
});
return(services);
}
internal static IMvcCoreBuilder AddAuthorization(this IMvcCoreBuilder @this, IConfiguration configuration)
{
var authConfig = configuration
.GetSection("authentication")
.Get <AuthConfiguration>();
if (!authConfig.IsEnabled())
{
return(@this.AddAuthorization());
}
return(@this
.AddAuthorization(options =>
{
options.AddPolicy(AdminPolicy, builder => builder
.RequireScope("hawk"));
options.AddPolicy(ReadOnlyPolicy, builder => builder
.RequireScope("hawk")
.RequireScope("hawk.readonly"));
}));
}
/// <summary>
/// Adds WebApi services to the specified <see cref="IServiceCollection" />.
/// </summary>
/// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param>
/// <returns>An <see cref="IMvcBuilder"/> that can be used to further configure the WebApi services.</returns>
public static IMvcBuilder AddWebApi(this IServiceCollection services)
{
if (services == null)
{
throw new ArgumentNullException("services");
}
IMvcCoreBuilder mvcCoreBuilder = services.AddMvcCore();
mvcCoreBuilder.AddApiExplorer();
mvcCoreBuilder.AddAuthorization();
mvcCoreBuilder.AddFormatterMappings();
mvcCoreBuilder.AddDataAnnotations();
mvcCoreBuilder.AddJsonFormatters();
mvcCoreBuilder.AddCors();
//-MvcServiceCollectionExtensions.AddDefaultFrameworkParts(mvcCoreBuilder.PartManager);
//-mvcCoreBuilder.AddViews();
//-mvcCoreBuilder.AddRazorViewEngine();
//-mvcCoreBuilder.AddRazorPages();
//-mvcCoreBuilder.AddCacheTagHelper();
return(new MvcBuilder(mvcCoreBuilder.Services, mvcCoreBuilder.PartManager));
}
public static IMvcCoreBuilder AddLoadBoardAuthorization(this IMvcCoreBuilder coreBuilder)
{
//Use reflection to grab roles and actions
//Don't need role policies as we can use the Roles property on the Authorize Attribute
//var roleConstants = typeof(DomainServices.Security.SecurityRoles)
// .GetFields(System.Reflection.BindingFlags.Public
// | System.Reflection.BindingFlags.Static
// | System.Reflection.BindingFlags.FlattenHierarchy)
// .Select(field => field.GetValue(null).ToString()).ToList();
var actionConstants = typeof(DomainServices.Security.SecurityActions)
.GetFields(System.Reflection.BindingFlags.Public
| System.Reflection.BindingFlags.Static
| System.Reflection.BindingFlags.FlattenHierarchy)
.Select(field => field.GetValue(null).ToString()).ToList();
//Loop through Roles and Actions to create policy for each
coreBuilder.AddAuthorization(options =>
{
//Add Policy for all roles
//foreach (var role in roleConstants)
// options.AddPolicy($"{AuthorizationConstants.RolePolicyPrefix}{role}", policy => policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(role)));
//Add Policy for all actions
foreach (var action in actionConstants)
{
options.AddPolicy($"{AuthorizationConstants.ActionPolicyPrefix}{action}", policy => policy.AddRequirements(new Requirments.LoadShopHasActionRequirment(action)));
}
//Add policy to check if user has any load shop role
options.AddPolicy(AuthorizationConstants.HasAnyLoadShopRolePolicy, policy => policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment()));
//Add legacy Polcies to LoadShop still works until replace with
//options.AddPolicy("TOPSRoleAdmin", policy =>
//{
// policy.Requirements.Add(new TrnWebApiCore.TopsAuth.Security.TOPSRoleRequirement("LB", new[] { "SYSADMIN" }));
//});
options.AddPolicy(AuthorizationConstants.IsCarrierPolicy, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(DomainServices.Security.SecurityRoles.CarrierRoles));
});
options.AddPolicy(AuthorizationConstants.IsShipperPolicy, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(DomainServices.Security.SecurityRoles.ShipperRoles));
});
options.AddPolicy(AuthorizationConstants.IsCarrierOrShipperPolicy, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(
DomainServices.Security.SecurityRoles.CarrierRoles
.Union(DomainServices.Security.SecurityRoles.ShipperRoles)
.ToArray()));
});
options.AddPolicy(AuthorizationConstants.IsCarrierOrShipperAdmin, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(
DomainServices.Security.SecurityRoles.LSAdmin,
DomainServices.Security.SecurityRoles.SystemAdmin,
DomainServices.Security.SecurityRoles.CarrierAdmin,
DomainServices.Security.SecurityRoles.ShipperAdmin));
});
options.AddPolicy(AuthorizationConstants.CanAccessCarrierLoadsPolicy, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasActionRequirment(
DomainServices.Security.SecurityActions.Loadshop_Ui_Marketplace_Loads_View,
DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_View_Booked));
});
options.AddPolicy(AuthorizationConstants.CanAccessLoadDetail, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasActionRequirment(
DomainServices.Security.SecurityActions.Loadshop_Ui_Marketplace_Loads_View_Detail,
DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_View_Booked_Detail,
DomainServices.Security.SecurityActions.Loadshop_Ui_Carrier_My_Loads_View_Delivered_Detail,
DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Posted_Detail,
DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Booked_Detail,
DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Delivered_Detail));
});
options.AddPolicy(AuthorizationConstants.CanAccessLoadStatus, policy =>
{
policy.AddRequirements(new Requirments.LoadShopHasActionRequirment(
DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_Status_View,
DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_Status_Update,
DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Booked_Detail));
});
});
coreBuilder.Services.AddTransient <IAuthorizationHandler, AuthorizationHandlers.LoadShopHasRoleHandler>();
coreBuilder.Services.AddTransient <IAuthorizationHandler, AuthorizationHandlers.LoadShopHasActionHandler>();
//Register legacy TopsRoleHandler
//coreBuilder.Services.AddTransient<IAuthorizationHandler, TrnWebApiCore.TopsAuth.Security.TOPSRoleAuthorizationHandler>();
return(coreBuilder);
}
private static void ConfigureMvc(IMvcCoreBuilder services)
{
services.AddAuthorization().AddApplicationPart(typeof(OAuthController).Assembly);
}
public static void RegisterAuthorization(IMvcCoreBuilder builder)
{
builder
.AddAuthorization()
.AddJsonFormatters();
}
private static void AddActiveRouteImpl <TController, TFeature, TFeatureOptions>(IMvcCoreBuilder mvcBuilder)
where TFeature : class, IDynamicFeature
where TFeatureOptions : class
{
// Add [DynamicController(typeof(TComponentOptions))] if not present
if (!typeof(TController).HasAttribute <DynamicControllerAttribute>())
{
var attribute = new DynamicControllerAttribute(typeof(TFeatureOptions));
TypeDescriptor.AddAttributes(typeof(TController), attribute);
var attributes = TypeDescriptor.GetAttributes(typeof(TController));
if (!attributes.Contains(attribute))
{
throw new InvalidOperationException("Could not add attribute dynamically on this runtime.");
}
}
// See: https://github.com/aspnet/Mvc/issues/5992
mvcBuilder.AddApplicationPart(typeof(TController).Assembly);
mvcBuilder.ConfigureApplicationPartManager(x =>
{
x.ApplicationParts.Add(new DynamicControllerApplicationPart(new[] { typeof(TController).GetTypeInfo() }));
});
var componentDescriptor = ServiceDescriptor.Singleton(r =>
{
var component = Instancing.CreateInstance <TFeature>();
component.GetRouteTemplate = () =>
{
var o = r.GetRequiredService <IOptionsMonitor <TFeatureOptions> >();
return(o.CurrentValue is IFeatureNamespace ns ? ns.RootPath ?? string.Empty : string.Empty);
};
return(component);
});
mvcBuilder.Services.Replace(componentDescriptor);
mvcBuilder.Services.AddTransient <IDynamicFeature>(r =>
{
// cached singleton
var component = r.GetService <TFeature>();
// each resolution, we could be discovering a different controller that needs hydration into its type
for (var i = 0; i < component.ControllerTypes.Count; i++)
{
var controllerType = component.ControllerTypes[i];
if (controllerType.IsGenericType && controllerType.Name == typeof(TController).Name)
{
component.ControllerTypes[i] = typeof(TController);
}
}
return(component);
});
mvcBuilder.AddAuthorization(x =>
{
if (x.GetPolicy(Constants.Security.Policies.NoPolicy) == null)
{
x.AddPolicy(Constants.Security.Policies.NoPolicy, b => { b.RequireAssertion(context => true); });
}
});
}
