private static void ConfigureAuthorizationPolicies(SillycoreAuthorizationOptions authorizationOptions, AuthorizationOptions options) { foreach (var authorizationPolicy in authorizationOptions.Policies) { options.AddPolicy(authorizationPolicy.Name, builder => { builder.RequireClaim("scope", authorizationPolicy.RequiredScopes); }); } }
public static void AddPolicy(AuthorizationOptions options) { options.AddPolicy(Name, policy => { policy.RequireScopeAndRoles( new ScopeAndRoles { Scope = Constants.ControlApi.ResourceAndScope.Tenant, Roles = new [] { Constants.ControlApi.Role.TenantAdmin } } ); }); }
public static void AddODPAccessTokenPolicy(this AuthorizationOptions options) { options.AddPolicy(ODPAuthenticationDefaults.AccessTokenPolicy, policy => { policy.AddAuthenticationSchemes(ODPAuthenticationDefaults.AuthenticationScheme); policy.RequireAuthenticatedUser(); policy.RequireAssertion(context => context.User.HasClaim(c => c.Type == ODPAuthenticationDefaults.AccessTokenClaim) || context.User.HasClaim(c => c.Type == ODPAuthenticationDefaults.IdTokenClaim)); }); }
static public void Load(AuthorizationOptions options) { options.AddPolicy("ReadAttendance", p => { p.AddAuthenticationSchemes("Bearer"); p.RequireAuthenticatedUser(); p.RequireRole("Employee"); p.Requirements.Add(new ReadAttendanceRequirement()); } ); }
public static AuthorizationOptions AddCreyAuthorization(this AuthorizationOptions authorizationOptions, IConfiguration configuration, string[] additionalSchemes) { var schemes = CreyAuthorizationDefaults.DefaultAuthenticationSchemes.Concat(additionalSchemes).ToArray(); authorizationOptions.AddPolicy(CreyAuthorizationDefaults.CreyUser, policyBuilder => { policyBuilder .AddAuthenticationSchemes(schemes) .RequireAuthenticatedUser(); }); authorizationOptions.AddPolicy(CreyAuthorizationDefaults.AlwaysFail, policyBuilder => { policyBuilder .AddAuthenticationSchemes(schemes) .RequireAssertion(x => false); }); return(authorizationOptions); }
private static void BuildPolicies(AuthorizationOptions options) { options.AddPolicy("PlayingPolicy", policy => { policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme); policy.RequireAuthenticatedUser(); policy.Requirements.Add(new ScopesRequirement(new[] { "scope2" })); policy.Requirements.Add(new RolesRequirement(new[] { "Read" })); policy.Requirements.Add(new ClientsRequirement(new[] { "interactive" })); }); }
private static void AddPolicy(AuthorizationOptions options, string scope) { options.AddPolicy(scope, policy => { policy.RequireAssertion(context => { return(context.User.HasClaim(claim => { return claim.Type == _scopeClaimType && claim.Value.Contains(scope); })); }); }); }
public static void AddPolicies(AuthorizationOptions options) { // Use of different schemas options.AddPolicy(MultipleSchemas, policyBuilder => { policyBuilder.AddAuthenticationSchemes("bearer", "extra"); policyBuilder.RequireAuthenticatedUser(); policyBuilder.RequireRole("Operator"); // From bearer scheme policyBuilder.RequireClaim("Supervisor"); // From extra scheme }); }
public static AuthorizationOptions AddCloudscribeLoggingDefaultPolicy(this AuthorizationOptions options) { options.AddPolicy( "SystemLogPolicy", authBuilder => { authBuilder.RequireRole("ServerAdmins"); }); return(options); }
public static AuthorizationOptions AddCloudscribeCoreSimpleContentIntegrationDefaultPolicies(this AuthorizationOptions options) { options.AddPolicy( "BlogEditPolicy", authBuilder => { //authBuilder.RequireClaim("blogId"); authBuilder.RequireRole("Administrators"); } ); options.AddPolicy( "PageEditPolicy", authBuilder => { authBuilder.RequireRole("Administrators"); }); return(options); }
public static void ConfigureSystemFuncationalityAuthorization(AuthorizationOptions options) { foreach (var item in PermissionConstants.SystemPermissionsSet) { options.AddPolicy( item, it => it.RequireAssertion(ctx => { return(ctx.User.IsInRole("Administrator") || ctx.User.HasClaim(PermissionConstants.PERMISSION_CLAIM_TYPE, item)); })); } }
/// <summary> /// Add policies to options /// </summary> /// <param name="options"></param> /// <param name="withAuthorization"></param> /// <param name="useRoleBasedAccess"></param> public static void AddPolicies(this AuthorizationOptions options, bool withAuthorization, bool useRoleBasedAccess) { if (!withAuthorization) { options.AddNoOpPolicies(Policies.All()); return; } if (!useRoleBasedAccess) { options.AddPolicy(Policies.CanOnboard, policy => policy.RequireAuthenticatedUser()); } else { options.AddPolicy(Policies.CanOnboard, policy => policy.RequireAuthenticatedUser() .Require(AdminRights)); } }
public static void Configure(AuthorizationOptions options) { KnownPermissions.Each(p => { options.AddPolicy(p.Key, configure => { configure.Requirements.Add(new RolePolicyRequirement { Policy = p.Key }); }); }); }
/// <summary> /// Gets a <see cref="T:Microsoft.AspNetCore.Authorization.AuthorizationPolicy" /> from the given <paramref name="policyName" /> /// </summary> /// <param name="policyName">The policy name to retrieve.</param> /// <returns>The named <see cref="T:Microsoft.AspNetCore.Authorization.AuthorizationPolicy" />.</returns> public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName) { var policyExists = await base.GetPolicyAsync(policyName); if (policyExists == null) { policyExists = new AuthorizationPolicyBuilder().AddRequirements(new OlderThanRequirement(10)).Build(); _options.AddPolicy(policyName, policyExists); } return(policyExists); }
public static AuthorizationOptions AddOpenIdSecurityPolicy(this AuthorizationOptions authenticateOptions, string cookieName) { if (authenticateOptions == null) { throw new ArgumentNullException(nameof(authenticateOptions)); } authenticateOptions.AddPolicy("Connected", policy => policy.RequireAssertion((ctx) => { return(ctx.User.Identity != null && ctx.User.Identity.AuthenticationType == cookieName); })); return(authenticateOptions); }
public static void AddDefaultSCIMAuthorizationPolicy(this AuthorizationOptions opts) { opts.AddPolicy("QueryScimResource", p => p.RequireClaim("scope", "query_scim_resource")); opts.AddPolicy("AddScimResource", p => p.RequireClaim("scope", "add_scim_resource")); opts.AddPolicy("DeleteScimResource", p => p.RequireClaim("scope", "delete_scim_resource")); opts.AddPolicy("UpdateScimResource", p => p.RequireClaim("scope", "update_scim_resource")); opts.AddPolicy("BulkScimResource", p => p.RequireClaim("scope", "bulk_scim_resource")); opts.AddPolicy("Provison", p => p.RequireClaim("scope", "scim_provision")); opts.AddPolicy("UserAuthenticated", p => p.RequireAuthenticatedUser()); }
public static void AddInstanceAdminPolicies(this AuthorizationOptions options, IEnvironment environment) { options.AddPolicy(AuthPolicyNames.AdminAuthLevel, p => { p.AddInstanceAuthenticationSchemes(); p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.Admin)); }); options.AddPolicy(AuthPolicyNames.LinuxConsumptionRestriction, p => { p.AddInstanceAuthenticationSchemes(); if (environment.IsOnLinuxConsumption) { p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.Admin)); } else { p.AddRequirements(new AuthLevelRequirement(AuthorizationLevel.Anonymous)); } }); }
internal static void ConfigureOptions(AuthorizationOptions options) { options.AddPolicy("AdminPolicy", policy => policy.RequireRole("Admin")); options.AddPolicy("EmailVerifiedPolicy", policy => policy.Requirements.Add(new EmailVerifiedRequirement(true))); options.AddPolicy("FemalePolicy", policy => policy.RequireClaim(JwtClaimTypes.Gender, "Female")); options.AddPolicy("ManagerPolicy", policy => policy.RequireRole("Manager")); options.AddPolicy("FemaleAdminPolicy", policy => { policy.Requirements.Add(new RoleIsPresentRequirement("Admin")); policy.Requirements.Add(new GenderRequirement("Female")); } ); options.AddPolicy("FemaleManagerPolicy", policy => { policy.RequireAssertion(context => { return(context.User.HasClaim(claim => claim.Type == JwtClaimTypes.Gender && claim.Value == "Female")); }); } ); }
public static AuthorizationOptions SetupAuthorizationPolicies(this AuthorizationOptions options) { //https://docs.asp.net/en/latest/security/authorization/policies.html options.AddCloudscribeLoggingDefaultPolicy(); options.AddCloudscribeCoreDefaultPolicies(); options.AddCloudscribeCoreSimpleContentIntegrationDefaultPolicies(); options.AddPolicy( "FileManagerPolicy", authBuilder => { authBuilder.RequireRole("Administrators", "Content Administrators"); }); options.AddPolicy( "FileManagerDeletePolicy", authBuilder => { authBuilder.RequireRole("Administrators", "Content Administrators"); }); options.AddPolicy( "FileUploadPolicy", authBuilder => { authBuilder.RequireRole("Administrators", "Content Administrators"); }); // add other policies here return(options); }
public static AuthorizationOptions AddBTCPayPolicies(this AuthorizationOptions options) { options.AddPolicy(CanModifyStoreSettings.Key); options.AddPolicy(CanListStoreSettings.Key); options.AddPolicy(CanCreateInvoice.Key); options.AddPolicy(CanGetRates.Key); options.AddPolicy(CanModifyServerSettings.Key); options.AddPolicy(CanModifyServerSettings.Key); options.AddPolicy(CanModifyProfile.Key); return(options); }
public static AuthorizationOptions AddCloudscribeCoreDefaultPolicies(this AuthorizationOptions options) { options.AddPolicy( "ServerAdminPolicy", authBuilder => { authBuilder.RequireRole("ServerAdmins"); }); options.AddPolicy( "CoreDataPolicy", authBuilder => { authBuilder.RequireRole("ServerAdmins"); }); options.AddPolicy( "AdminPolicy", authBuilder => { authBuilder.RequireRole("ServerAdmins", "Administrators"); }); options.AddPolicy( "UserManagementPolicy", authBuilder => { authBuilder.RequireRole("ServerAdmins", "Administrators"); }); options.AddPolicy( "RoleAdminPolicy", authBuilder => { authBuilder.RequireRole("Role Administrators", "Administrators"); }); return(options); }
public static AuthorizationOptions AddAzurePolicy(this AuthorizationOptions authorizationOptions, Action <AzureAuth> configureOptions) { var azureAuth = new AzureAuth(); configureOptions(azureAuth); foreach (var role in azureAuth.Roles) { authorizationOptions.AddPolicy(role.Name, builder => builder.RequireClaim(role.Claim.Type, role.Claim.Values)); } return(authorizationOptions); }
/// <summary> /// Add Policy validated claims with SystemUserId Crm (<see cref="CrmPolicies"/>). /// </summary> /// <param name="options">Authorization options</param> /// <returns></returns> /// <remarks> /// Usage: [<see cref="AuthorizeAttribute" /> (Policy = <see cref="CrmPolicies.ActiveSystemUser"/>)] /// </remarks> public static AuthorizationOptions AddActiveSystemUserPolicy(this AuthorizationOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } options.AddPolicy(CrmPolicies.ActiveSystemUser, policy => { policy.AddRequirements(new SystemUserRequirement()); } ); return(options); }
public ControllerBase() { var options = new AuthorizationOptions(); options.AddPolicy("Users", new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .AddRequirements(new WindowsLocalUserPolicyRequirement()) .Build()); authorizationService = new AuthorizationService( new AuthorizationPolicyProvider(options), new IAuthorizationHandler[] { new PassThroughAuthorizationHandler() }); }
/// <summary>An IServiceCollection extension method that adds a default policies.</summary> /// <param name="services"> The services to act on. </param> /// <param name="authorizationOptions"> Options for controlling the authorization. </param> public static void AddDefaultPolicies(this IServiceCollection services, AuthorizationOptions authorizationOptions) { foreach (var policy in new DefaultPolicies().Policies) { authorizationOptions.AddPolicy(policy.Name, builder => { foreach (var requirement in policy.Requirements) { builder.Requirements.Add(requirement); } }); } }
internal static void Execute(AuthorizationOptions options) { options.AddPolicy(PolicyConstants.CanDeleteArticles, policy => { policy.RequireAuthenticatedUser(); policy.RequireRole("Administrators"); }); options.AddPolicy(PolicyConstants.CanCreateComments, policy => { policy.RequireAuthenticatedUser(); }); options.AddPolicy(PolicyConstants.CanWriteArticles, policy => { policy.RequireAuthenticatedUser(); policy.RequireAnyRole("Authors", "Administrators"); }); // Authors can edit their own articles // Editors can edit anyones articles }
public static void BuildPolicies(AuthorizationOptions options) { options.AddPolicy(PolicyConstants.BasicAccess, policy => { policy.AuthenticationSchemes.Insert(0, "JwtAuth"); policy.AuthenticationSchemes.Insert(1, "CookieAuth"); policy.RequireAuthenticatedUser(); policy.RequireRole(RolesConstants.BasicUser); policy.Build(); } ); }
public static AuthorizationOptions AddUmaWebsiteSecurityPolicy(this AuthorizationOptions authorizationOptions) { if (authorizationOptions == null) { throw new ArgumentNullException(nameof(authorizationOptions)); } authorizationOptions.AddPolicy("connected", policy => { policy.AddAuthenticationSchemes(Constants.DEFAULT_COOKIE_NAME); policy.RequireAuthenticatedUser(); }); return(authorizationOptions); }
public static void AddAuthorizationPolicies(this AuthorizationOptions options) { options.AddPolicy("read", policy => { policy.AddRequirements(new ScopeRequirement(new List <string> { "app.expensetracker.api.read", "app.expensetracker.api.full" }, false)); }); options.AddPolicy("write", policy => { policy.AddRequirements(new ScopeRequirement(new List <string> { "app.expensetracker.api.write", "app.expensetracker.api.full" }, false)); }); options.AddPolicy("full", policy => { policy.AddRequirements(new ScopeRequirement(new List <string> { "app.expensetracker.api.full" })); }); }
public static AuthorizationOptions CreatePermissions(AuthorizationOptions options) { List <string> permissionsList = GetPermissions(); foreach (string permission in permissionsList) { options.AddPolicy(permission, policy => { policy.Requirements.Add(new PermissionRequirement(permission)); }); } return(options); }