public async Task CanCombineAuthorizeAttributes()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute(),
new AuthorizeAttribute("1") { ActiveAuthenticationSchemes = "dupe" },
new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" },
new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationSchemes = "roles" },
};
var options = new AuthorizationOptions();
options.AddPolicy("1", policy => policy.RequireClaim("1"));
options.AddPolicy("2", policy => policy.RequireClaim("2"));
var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options));
// Act
var combined = await AuthorizationPolicy.CombineAsync(provider, attributes);
// Assert
Assert.Equal(2, combined.AuthenticationSchemes.Count());
Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
Assert.True(combined.AuthenticationSchemes.Contains("roles"));
Assert.Equal(4, combined.Requirements.Count());
Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count());
}
public static void AddTestAuthorization(
Microsoft.AspNetCore.Authorization.AuthorizationOptions options)
{
options.AddPolicy(Constants.Policies.Internal,
builder => { builder.RequireClaim("scope", "test"); });
options.AddPolicy(Constants.Policies.Application,
builder => { builder.RequireClaim("scope", "test"); });
options.AddPolicy(Constants.Policies.User,
builder => { builder.RequireClaim("scope", "test"); });
options.AddPolicy(Constants.Policies.InternalOrApplication,
builder => { builder.RequireClaim("scope", "test"); });
}
public void ConfigureAutrorization(AuthorizationOptions options)
{
options.AddPolicy(UserManagement, policyBuilder =>
{
policyBuilder.RequireClaim("ManageUsers");
});
}
public static void RegisterAuthorizations(AuthorizationOptions options)
{
options.AddPolicy("Administrator", p =>
{
p.RequireAuthenticatedUser();
p.RequireClaim(DAG.Security.Safe.Owin.ClaimTypes.Email);
});
}
public static void AddPlatformAuthorization(
Microsoft.AspNetCore.Authorization.AuthorizationOptions authorizationOptions)
{
authorizationOptions.AddPolicy(Constants.Policies.Internal, builder =>
{
builder.RequireScope(Constants.Scopes.PlatformInternal);
});
authorizationOptions.AddPolicy(Constants.Policies.User, builder =>
{
builder.RequireScope(Constants.Scopes.PlatformUser);
});
authorizationOptions.AddPolicy(Constants.Policies.Application, builder =>
{
builder.RequireScope(Constants.Scopes.PlatformApplication);
});
authorizationOptions.AddPolicy(Constants.Policies.InternalOrApplication, builder =>
{
builder.RequireScope(Constants.Scopes.PlatformApplication, Constants.Scopes.PlatformInternal);
});
}
public static void AddGitAutomationPolicies(this AuthorizationOptions options)
{
var anyPermission = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.DefaultPolicy = anyPermission;
options.AddPolicy(
PolicyNames.Read,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Read.ToString().ToLower())
.Build()
);
options.AddPolicy(
PolicyNames.Create,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Create.ToString().ToLower())
.Build()
);
options.AddPolicy(
PolicyNames.Delete,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Delete.ToString().ToLower())
.Build()
);
options.AddPolicy(
PolicyNames.Update,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Update.ToString().ToLower())
.Build()
);
options.AddPolicy(
PolicyNames.Approve,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Approve.ToString().ToLower())
.Build()
);
options.AddPolicy(
PolicyNames.Administrate,
new AuthorizationPolicyBuilder()
.Combine(anyPermission)
.RequireRole(Permission.Administrate.ToString().ToLower())
.Build()
);
}
public void CanReplaceDefaultPolicy()
{
// Arrange
var attributes = new AuthorizeAttribute[] {
new AuthorizeAttribute(),
new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" }
};
var options = new AuthorizationOptions();
options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build();
options.AddPolicy("2", policy => policy.RequireClaim("2"));
// Act
var combined = AuthorizationPolicy.Combine(options, attributes);
// Assert
Assert.Equal(2, combined.AuthenticationSchemes.Count());
Assert.True(combined.AuthenticationSchemes.Contains("dupe"));
Assert.True(combined.AuthenticationSchemes.Contains("default"));
Assert.Equal(2, combined.Requirements.Count());
Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement));
Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count());
}
private void AuthorizationOptions(AuthorizationOptions options)
{
options.AddPolicy("doctoruser", policy => policy.RequireClaim("doctor", "true"));
}