/// <summary>
/// Creates a new instance of <see cref="AuthorizationDependencies"/>.
/// </summary>
/// <param name="options">The options used to configure the dependencies instance.</param>
/// <param name="handlers">The <see cref="IAuthorizationHandler"/>s used in creating an <see cref="IAuthorizationDependencies"/> object.</param>
public static AuthorizationDependencies Create(AuthorizationOptions options, params IAuthorizationHandler[] handlers)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (handlers == null)
{
throw new ArgumentNullException(nameof(handlers));
}
var policyProvider = new DefaultAuthorizationPolicyProvider(options);
var loggerFactory = new DiagnosticsLoggerFactory();
var service = new DefaultAuthorizationService(
policyProvider,
handlers,
loggerFactory.CreateDefaultLogger(),
new DefaultAuthorizationHandlerContextFactory(),
new DefaultAuthorizationEvaluator());
return(new AuthorizationDependencies()
{
LoggerFactory = loggerFactory,
PolicyProvider = policyProvider,
Service = service
});
}
public async Task AuthorizeAsyncShouldThrowWhenPolicyIsNotFound()
{
var policyProvider = Repository.Create <IAuthorizationPolicyProvider>();
policyProvider.Setup(x => x.GetPolicyAsync(It.IsAny <string>()))
.Returns(Task.FromResult <AuthorizationPolicy>(null));
var service = new DefaultAuthorizationService(policyProvider.Object, Enumerable.Empty <IAuthorizationHandler>());
await service.AuthorizeAsync(CreateAnonymousUser(), null, "fake policy");
}
public async Task CanUseDynamicPolicyProvider()
{
var authorizationService = new DefaultAuthorizationService(new DynamicPolicyProvider(), Enumerable.Empty <IAuthorizationHandler>());
var id = new ClaimsIdentity();
id.AddClaim(new Claim("1", "1"));
id.AddClaim(new Claim("2", "2"));
var user = new ClaimsPrincipal(id);
Assert.IsFalse(await authorizationService.AuthorizeAsync(user, "0"));
Assert.IsTrue(await authorizationService.AuthorizeAsync(user, "1"));
Assert.IsTrue(await authorizationService.AuthorizeAsync(user, "2"));
Assert.IsFalse(await authorizationService.AuthorizeAsync(user, "3"));
}
public async Task AuthorizationServiceShouldAddPassThroughIfNotPresent()
{
var options = new AuthorizationOptions();
var policyProvider = new DefaultAuthorizationPolicyProvider(options);
var handler = Repository.Create <IAuthorizationHandler>();
handler.Setup(x => x.HandleAsync(It.IsAny <AuthorizationHandlerContext>())).Returns(Task.FromResult(0));
var requirement = handler.As <IAuthorizationRequirement>();
var service = new DefaultAuthorizationService(policyProvider, Enumerable.Empty <IAuthorizationHandler>());
// the next line should cause the requirement to be called as a handler if Passthrough is working
var authorized = await service.AuthorizeAsync(CreateAnonymousUser(), null, new[] { requirement.Object });
Assert.IsFalse(authorized, "authorized");
handler.Verify(x => x.HandleAsync(It.IsAny <AuthorizationHandlerContext>()));
}
/// <summary>
/// Determines if a user is authorized.
/// </summary>
/// <param name="controller">The controller from which <see cref="AuthorizationOptions"/> may be obtained.</param>
/// <param name="user">The user to evaluate the authorize data against.</param>
/// <param name="authorizeAttribute">The <see cref="IAuthorizeData"/> to evaluate.</param>
/// <returns>
/// A flag indicating whether authorization has succeeded.
/// This value is <value>true</value> when the <paramref name="user"/> fulfills the <paramref name="authorizeAttribute"/>; otherwise <value>false</value>.
/// </returns>
/// <remarks>
/// If <paramref name="controller"/> is not null, it will be used to find <see cref="AuthorizationOptions"/> instead of the current <see cref="IOwinContext"/>.
/// </remarks>
public async Task <bool> IsAuthorizedAsync(IAuthorizationController controller, ClaimsPrincipal user, IAuthorizeData authorizeAttribute)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (authorizeAttribute == null)
{
throw new ArgumentNullException(nameof(authorizeAttribute));
}
var options = ResolveAuthorizationOptions(controller);
if (options == null)
{
throw new InvalidOperationException(Resources.Exception_AuthorizationOptionsMustNotBeNull);
}
var dependencies = options.Dependencies
?? new AuthorizationDependencies();
var policyProvider = dependencies.PolicyProvider
?? new DefaultAuthorizationPolicyProvider(options);
var authorizationService = dependencies.Service;
if (authorizationService == null)
{
var handlerProvider = new DefaultAuthorizationHandlerProvider(new PassThroughAuthorizationHandler());
var handlers = await handlerProvider.GetHandlersAsync();
var loggerFactory = dependencies.LoggerFactory
?? new DiagnosticsLoggerFactory();
authorizationService = new DefaultAuthorizationService(
policyProvider,
handlers,
loggerFactory.CreateDefaultLogger(),
new DefaultAuthorizationHandlerContextFactory(),
new DefaultAuthorizationEvaluator());
}
var policy = await AuthorizationPolicy.CombineAsync(policyProvider, new[] { authorizeAttribute });
return(await authorizationService.AuthorizeAsync(user, policy));
}