// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; options.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.SignInScheme = "Cookies"; options.SignOutScheme = "OpenIdConnect"; options.Authority = stsServer; options.RequireHttpsMetadata = true; options.ClientId = "hybridclient"; options.ClientSecret = "hybrid_flow_secret"; options.ResponseType = "code id_token"; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("scope_used_for_hybrid_flow"); options.Scope.Add("profile"); options.Scope.Add("offline_access"); options.SaveTokens = true; // Set the correct name claim type options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" }; }); services.AddSingleton <IAppAuthorizationService, AppAuthorizationService.AppAuthorizationService>(); services.AddSingleton <IAuthorizationHandler, BobIsAnAdmin>(); services.AddTransient <IAuthorizationHandler, IsAdminHandlerWithAge>(); services.AddSingleton <IAuthorizationHandler, IsAdminHandler>(); services.AddAuthorization(options => { options.AddPolicy("RequireWindowsProviderPolicy", MyPolicies.GetRequireWindowsProviderPolicy()); options.AddPolicy("IsAdminRequirementPolicy", policyIsAdminRequirement => { policyIsAdminRequirement.Requirements.Add(new IsAdminRequirement()); }); }); services.AddControllersWithViews() .AddNewtonsoftJson() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0); }
protected async Task <ActionResult <T> > TryExecute <T, TR>(MyPolicies policy, TR resource, Func <Task <T> > onSuccess) { var authorizationResult = await AuthorizationService.AuthorizeAsync(User, resource, policy.ToString()); if (authorizationResult.Succeeded) { return(await onSuccess()); } return(new ForbidResult()); }
public MyAuthorizeAttribute(MyPolicies policy) { Policy = policy.ToString(); }