Example #1
0
        public override async Task <PolicyAuthorizationResult> AuthorizeAsync(
            AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource
            )
        {
            // This call will check 2 places (requirements):
            // - AnyValidPermissionRequirementHandler
            // - ActionAuthorizationRequirementHandler OR the default [Authorize]
            var result = await base.AuthorizeAsync(policy, authenticationResult, context, resource);

            if (result.Challenged)
            {
                context.Items[contextKey] = new UnauthorizedException(GetExceptionMessageFromHttpContext());
                return(PolicyAuthorizationResult.Challenge());
            }
            else if (result.Forbidden)
            {
                // If user is authenticated but not allowed, send them to a special error page
                if (context.User.Identity.IsAuthenticated)
                {
                    context.Items[contextKey] = new ForbiddenException(GetExceptionMessageFromHttpContext());
                    return(PolicyAuthorizationResult.Forbid());
                }
            }
            return(result);
        }
Example #2
0
        public async Task <PolicyAuthorizationResult> AuthorizeAsync(
            AuthorizationPolicy policy,
            AuthenticateResult authenticationResult,
            HttpContext context,
            object resource)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var result = await _authorization.AuthorizeAsync(context.User, resource, policy);

            if (result.Succeeded)
            {
                _logger.PolicySucceed();
                return(PolicyAuthorizationResult.Success());
            }

            // If authentication was successful, return forbidden, otherwise challenge
            if (authenticationResult.Succeeded)
            {
                _logger.PolicyFailToForbid();
                return(PolicyAuthorizationResult.Forbid());
            }

            _logger.PolicyFailToChallenge();
            return(PolicyAuthorizationResult.Challenge());
        }
Example #3
0
        public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy,
                                                                     AuthenticateResult authenticationResult, HttpContext context,
                                                                     ICasbinAuthorizationContext casbinContext, object?resource)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            if (casbinContext == null)
            {
                throw new ArgumentNullException(nameof(casbinContext));
            }

            var result = await _authorizationService.AuthorizeAsync(context.User, casbinContext, policy);

            if (result.Succeeded)
            {
                return(PolicyAuthorizationResult.Success());
            }

            // If authentication was successful, return forbidden, otherwise challenge
            return(authenticationResult.Succeeded
                ? PolicyAuthorizationResult.Forbid()
                : PolicyAuthorizationResult.Challenge());
        }
        public Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy _,
                                                               AuthenticateResult authenticationResult, HttpContext context,
                                                               object resource)
        {
            var authorizeResult = authenticationResult.Succeeded
                ? PolicyAuthorizationResult.Success()
                : PolicyAuthorizationResult.Challenge();

            return(Task.FromResult(authorizeResult));
        }
Example #5
0
        public Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context,
                                                               object resource)
        {
            if (!authenticationResult.Succeeded)
            {
                return(Task.FromResult(PolicyAuthorizationResult.Challenge()));
            }

            return(_defaultEvaluator.AuthorizeAsync(policy, authenticationResult, context, resource));
        }
Example #6
0
    public async Task NotCallRequestDelegate_If_PolicyAuthorizationResultWasChallenged()
    {
        var requestDelegate           = new Mock <RequestDelegate>();
        var httpContext               = CreateHttpContext();
        var policy                    = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler                   = CreateAuthorizationMiddlewareResultHandler();

        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);

        requestDelegate.Verify(next => next(It.IsAny <HttpContext>()), Times.Never);
    }
Example #7
0
    public async Task ChallangeWithoutAuthenticationScheme_If_PolicyAuthorizationResultWasChallenged()
    {
        var authenticationServiceMock = new Mock <IAuthenticationService>();
        var requestDelegate           = new Mock <RequestDelegate>();
        var httpContext = CreateHttpContext(authenticationServiceMock.Object);
        var policy      = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler = CreateAuthorizationMiddlewareResultHandler();

        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);

        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, null, null), Times.Once);
    }
        public void OnAuthorizationAsync_Should_Set_Result_When_Authorization_Is_Challenged()
        {
            var policyEvaluator = Substitute.For <IPolicyEvaluator>();

            _actionContext.HttpContext.RequestServices = Substitute.For <IServiceProvider>();
            _actionContext.HttpContext.RequestServices.GetService(Arg.Any <Type>()).Returns(policyEvaluator);

            var authorizeResult = PolicyAuthorizationResult.Challenge();

            policyEvaluator.AuthorizeAsync(Arg.Any <AuthorizationPolicy>(), Arg.Any <AuthenticateResult>(), Arg.Any <HttpContext>(), Arg.Any <object>()).Returns(authorizeResult);

            var context = new AuthorizationFilterContext(_actionContext, Substitute.For <IList <IFilterMetadata> >());

            _filter.OnAuthorizationAsync(context);

            context.Result.Should().BeAssignableTo <ObjectResult>();
            context.Result.As <ObjectResult>().StatusCode.Should().Be(StatusCodes.Status401Unauthorized);
            context.Result.As <ObjectResult>().Value.Should().BeAssignableTo <ApiResponse>();
            context.Result.As <ObjectResult>().Value.As <ApiResponse>().Message.Should().Be("Unauthorised.");
            context.Result.As <ObjectResult>().Value.As <ApiResponse>().Data.Should().BeNull();
        }
Example #9
0
    public async Task ChallangeEachAuthenticationScheme_If_PolicyAuthorizationResultWasChallenged()
    {
        var authenticationServiceMock = new Mock <IAuthenticationService>();
        var requestDelegate           = new Mock <RequestDelegate>();
        var httpContext  = CreateHttpContext(authenticationServiceMock.Object);
        var firstScheme  = Guid.NewGuid().ToString();
        var secondScheme = Guid.NewGuid().ToString();
        var thirdScheme  = Guid.NewGuid().ToString();
        var policy       = new AuthorizationPolicyBuilder()
                           .RequireAuthenticatedUser()
                           .AddAuthenticationSchemes(firstScheme, secondScheme, thirdScheme)
                           .Build();
        var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
        var handler = CreateAuthorizationMiddlewareResultHandler();

        await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);

        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, It.IsAny <string>(), null), Times.Exactly(3));
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, firstScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, secondScheme, null), Times.Once);
        authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, thirdScheme, null), Times.Once);
    }
Example #10
0
        private static async Task <PolicyAuthorizationResult> AuthorizeAsync(
            IAuthorizationService service,
            AuthorizationPolicy policy,
            AuthenticateResult authenticationResult,
            HttpContext context,
            object resource)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var result = await service.AuthorizeAsync(context.User, resource, policy);

            if (result.Succeeded)
            {
                return(PolicyAuthorizationResult.Success());
            }

            return(authenticationResult.Succeeded
                ? PolicyAuthorizationResult.Forbid()
                : PolicyAuthorizationResult.Challenge());
        }
Example #11
0
        public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var result = await _authorization.AuthorizeAsync(context.User, resource, policy);

            if (result.Succeeded)
            {
                return(PolicyAuthorizationResult.Success());
            }

            //if (result.Failure?.FailedRequirements.Any(x => x is AuthorizationClaimsRequirement) ?? false)
            //{
            //    context.SetErrorDetail(Errors.Code.NoAuthorizationClaims, "Authorization claim is missing from the authenticated token.");
            //}

            // If authentication was successful, return forbidden, otherwise challenge
            return((authenticationResult.Succeeded)
                ? PolicyAuthorizationResult.Forbid()
                : PolicyAuthorizationResult.Challenge());
        }
Example #12
0
        public async Task Invoke_SseRequest_AuthorizationWithSchemes_PolicyAuthorizationResultChallenge_CallsChallengeAsyncForEveryScheme()
        {
            Mock <IAuthenticationService> authenticationServiceMock = new Mock <IAuthenticationService>();

            ServerSentEventsMiddleware <ServerSentEventsService> serverSentEventsMiddleware = PrepareServerSentEventsMiddleware(new ServerSentEventsAuthorization {
                AuthenticationSchemes = "schema1,schema2"
            });
            HttpContext             context             = PrepareHttpContext(authenticationServiceMock);
            Mock <IPolicyEvaluator> policyEvaluatorMock = PreparePolicyEvaluatorMock(context, policyAuthorizationResult: PolicyAuthorizationResult.Challenge());

            await serverSentEventsMiddleware.Invoke(context, policyEvaluatorMock.Object);

            authenticationServiceMock.Verify(m => m.ChallengeAsync(context, "schema1", null), Times.Once);
            authenticationServiceMock.Verify(m => m.ChallengeAsync(context, "schema2", null), Times.Once);
        }