Example #1
0
        /// <summary>
        ///     Policies are looked up by string name, so expect 'parameters' to be encoded (embedded) in the policy names (errr-don't blame me).
        /// </summary>
        /// <param name="encodedPolicyName">A colon ':' delimited string of three values [<see cref="RightType>"/>:<see cref="Permission"/>:<see cref="string"/>]</param>
        /// <remarks>
        ///    For Encoding and Decoding see <see cref="PolicyName"/>
        /// </remarks>
        public Task <AuthorizationPolicy> GetPolicyAsync(string encodedPolicyName)
        {
            // here's the other end of the magic to decode the string with the requirement details
            var requirementDetails = PolicyName.Deserialise(encodedPolicyName);

            // If the policy name doesn't match the format expected by this policy provider,
            // try the fallback provider. If no fallback provider is used, this would return
            // Task.FromResult<AuthorizationPolicy>(null) instead.
            if (requirementDetails == null)
            {
                return(FallbackPolicyProvider.GetPolicyAsync(encodedPolicyName));
            }

            var policy = new AuthorizationPolicyBuilder();

            policy.RequireAuthenticatedUser();

            // Set multiple bearer tokens. This pairs with .AddAuthententication to expose
            // multiple www-authenticate headers on a 401
            //
            // see https://stackoverflow.com/questions/49694383/use-multiple-jwt-bearer-authentication
            //
            policy.AuthenticationSchemes.Add(AuthenticatorDefaults.ExternalAuthenticationSchemeName);

            // now we can hand in the requirements from the attribute into the policy which what we really want to do
            policy.AddRequirements(
                new HasPermissionsOnResourceRequirement(
                    requirementDetails.Type,
                    requirementDetails.Access,
                    requirementDetails.ResourceKey));

            return(Task.FromResult(policy.Build()));
        }
 public AuthoriseAttribute(
     RightType type,
     Permission permission = Permission.None,
     string resourceKey    = ResourceKey.Id)
 {
     // here's the magic of a delimited string
     Policy = PolicyName.Make(type, permission, resourceKey).Serialise();
 }