public override void OnAuthorization(HttpActionContext actionContext)
{
_stopwatch = new Stopwatch();
_stopwatch.Start();
var service = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var method = actionContext.ActionDescriptor.ActionName;
var isAuthenticated = actionContext.RequestContext.Principal.Identity.IsAuthenticated;
var identityName = isAuthenticated ? actionContext.RequestContext.Principal.Identity.Name : null;
var identityNameExists = !string.IsNullOrWhiteSpace(identityName);
if (isAuthenticated && identityNameExists)
{
if (!ClaimPermission.CheckAccess(ClaimTypes.ExposedService, service, method, identityName))
{
this.HandleUnauthorizedRequest(actionContext);
}
}
else
{
// Log this weird case
if (isAuthenticated && !identityNameExists)
{
log4net.LogManager.GetLogger(nameof(CustomWebApiAuthorizeAttribute)).Warn($"Authenticated user without Identity.Name! Handling as unauthenticated... ({service}/{method})");
}
if (!ClaimPermission.CheckAccess(ClaimTypes.ExposedService, service, method))
{
this.HandleUnauthenticatedRequest(actionContext);
}
}
}
private static void ImperativeUsingPermission()
{
ClaimPermission.CheckAccess(
"ImperativeAction",
"ImperativeResource",
new Claim("http://additionalClaim", "AdditionalResource"));
}
public void OnAuthorization(AuthorizationContext filterContext)
{
ValidateRequestHeader(filterContext.HttpContext.Request);
var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var getFromFilterContext = string.IsNullOrWhiteSpace(ActionName) || string.IsNullOrWhiteSpace(ClaimType);
var action = getFromFilterContext ? filterContext.ActionDescriptor.ActionName : ActionName;
var claimType = getFromFilterContext ? ClaimTypes.ControllerAction : ClaimType;
filterContext.HttpContext.Items["_currentControllerAction"] = controller;
var accessible = ClaimPermission.CheckAccess(claimType, controller, action);
if (accessible)
{
return;
}
if (LogEnabled)
{
IdentityHelper.LogAction(
filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
filterContext.ActionDescriptor.ActionName,
false,
"Unauthorized");
}
filterContext.Result = PrepareUnauthorizedResult(filterContext);
}
private bool ShouldRun()
{
if (!ClaimPermission.CheckAccess(ClaimTypes.IDEF0Activity, "WorkflowSock", "ReconnectSockets"))
{
IdentityHelper.LogAction("WorkflowSock", "ReconnectSockets", false, "Unauthorized");
throw new UnauthorizedAccessException("You do not have permissions to execute step 'ReconnectSockets' of 'WorkflowSock' Workflow");
}
return(true);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.AddAutoMapper(typeof(Startup));
services.AddScoped <IRequestServices, RequestServices>();
services.Configure <AppSettings>(Configuration.GetSection(AppSettings.Settings));
services.Configure <JwtOptions>(Configuration.GetSection(JwtOptions.Name));
services.AddExtCore(_extensions_path, Configuration["Extensions:IncludingSubpaths"] == true.ToString());
services.AddDbContext <ApplicationDbContext>(options =>
{
if (_env.IsDevelopment())
{
options.EnableSensitiveDataLogging();
}
options.UseNpgsql(Configuration.GetConnectionString("Default"));
});
services.AddSingleton <IActionContextAccessor, ActionContextAccessor>();
/*
* services.Configure<MongoSettings>(Configuration.GetSection(nameof(MongoSettings)));
* services.AddSingleton<IMongoSettings>(x => x.GetRequiredService<IOptions<MongoSettings>>().Value);
* services.AddSingleton<LoggingDBServices>();
*/
services.AddScoped(typeof(IStorageContext), typeof(ApplicationDbContext));
//string[] assembliesIngored = new string[] { "Microsoft.AspNetCore", "Microsoft.Extensions" };
//services.AddServicesOfType<IScopedService>(assembliesIngored);
//services.AddServicesWithAttributeOfType<ScopedServiceAttribute>(assembliesIngored);
services.AddDataProtection().PersistKeysToFileSystem(new DirectoryInfo(@_env.ContentRootPath + "/keys/")).UseCryptographicAlgorithms(new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA512
});
//services.Configure<FileStorageOptions>(options =>
//{
// options.RootPath = $@"{_env.ContentRootPath}\FileStorage\Uploads";
// //options.Secret = "[Dropbox access token]";
// //options.RootPath = @"/";
//});
//services.AddScoped<IKeyCachingServices, KeyCachingServices>();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = _JwtOptions.RequireHttps;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_JwtOptions.SecurityKey)),
ValidateIssuer = _JwtOptions.ValidateIssuer,
ValidateAudience = _JwtOptions.ValidateAudience,
ValidateLifetime = true, // Check if the token is not expired and the signing key of the issuer is valid
ValidIssuer = _JwtOptions.Issuer,
ValidAudience = _JwtOptions.Audience
};
});
services.AddScoped <IUserServices, UserServices>();
//services.AddSingleton<IUserServices,UserServices>();
services.AddSingleton <IRequestServices, RequestServices>();
services.AddControllers();
services.AddControllersWithViews().AddNewtonsoftJson(options =>
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
);
// List of public directory
//services.AddDirectoryBrowser();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "RTAPP Web API",
Description = "RTAPP base API",
TermsOfService = null,
Contact = new OpenApiContact
{
Name = "Sornarin (Tom)",
Email = "*****@*****.**",
},
License = new OpenApiLicense
{
Name = "<- Go back",
Url = new Uri(_appSetting.Hostname)
}
});
var dir = AppContext.BaseDirectory + _appSetting.DocumentsPath;
string[] files = Directory.GetFiles(dir, "*.xml", SearchOption.TopDirectoryOnly);
foreach (string file in files)
{
c.IncludeXmlComments(Path.Combine(dir, file));
}
//var security = new Dictionary<string, IEnumerable<string>> { { "Bearer", new string[] { } },
// };
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
c.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme()
{
Description = "API Key Authorization header using the custom scheme. Example: \"ApiKey:{key}\"",
Name = "ApiKey",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement {
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
},
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "ApiKey"
}
},
new string[] { }
}
});
});
services.AddCors(policy =>
{
policy.AddPolicy("CorsPolicy", opt => opt
.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.WithExposedHeaders("X-Pagination"));
});
services.AddAuthorization(options =>
{
//https://stackoverflow.com/questions/42562660/recommended-best-practice-for-role-claims-as-permissions
var perms = new ClaimPermission().GetPermissions();
var extensions = new List <IExtension>();
if (_appSetting.AssemblyCandidate)
{
string[] starts = new string[] { "ExtCore" };
extensions = ExtensionManager.GetInstances <IExtension>().Where(x => !starts.Any(sl => x.Name.StartsWith(sl))).ToList();
}
else
{
extensions = ExtensionManager.GetInstances <IExtension>().ToList();
}
foreach (var ext in extensions)
{
foreach (var perm in perms)
{
var policy_name = $"{ext.Code}.{perm}";
options.AddPolicy(policy_name, policy => policy.RequireClaim(ClaimTypes.Role, policy_name));
//options.AddPolicy(policy_name, p => p.Requirements.Add(new PermissionRequirement(policy_name)));
}
}
});
//https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/
//services.AddSingleton<IAuthorizationHandler, MaximumOfficeNumberAuthorizationHandler>();
// WASM
services.AddRazorPages();
}
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);//.UseHeadElementServerPrerendering();;
builder.RootComponents.Add <App>("app");
//-----------------------------| Register extensions |---------------------------------------
Modules.Add(typeof(Benriya.Clients.Modules.CMS.ClientMudule));
Modules.Add(typeof(Benriya.Clients.Modules.Inventory.ClientMudule));
Modules.Add(typeof(Benriya.Clients.Modules.eCommerce.ClientMudule));
//builder.RootComponents.Add<MetaData>("head");
//builder.Services.AddBlazorise(options =>
// {
// options.ChangeTextOnKeyPress = true;
// }).AddBootstrapProviders().AddFontAwesomeIcons();
//builder.Services.AddRazorComponentsRuntimeCompilation();
//builder.Services.AddScoped<MetaDataProvider>();
#region Register extensions
//------------------------------- start load extensions
ModulesSetup();
//---------------------------------------------------------------------
#endregion End of load extensions
var uri = new Uri(CLIENT_CONFIG.API_URL);
builder.Services.AddScoped <IUrlManager, UrlManager>();
builder.Services.AddScoped <IAuthenServices, AuthenServices>();
builder.Services.AddScoped(typeof(IApiClientService <>), typeof(ApiClientService <>));
builder.Services.AddBlazoredToast();
builder.Services.AddHeadElementHelper();
builder.Services.AddBlazoredLocalStorage(config => config.JsonSerializerOptions.WriteIndented = true);
builder.Services.AddBlazoredSessionStorage(config => config.JsonSerializerOptions.WriteIndented = true);
builder.Services.AddAuthorizationCore();
builder.Services.AddScoped <AuthenticationStateProvider, ApiAuthenticationStateProvider>();
builder.Services.AddScoped <IApiServiceProvider, ApiServiceProvider>();
builder.Services.AddScoped(sp => new HttpClient {
BaseAddress = uri
}); // builder.HostEnvironment.BaseAddress) });
builder.Services.AddI18nText();
builder.Services.AddLoadingComponent();
builder.Services.AddFileReaderService(o => { o.UseWasmSharedBuffer = true; });
var client = new HttpClient {
BaseAddress = uri
};
builder.Services.AddAuthorizationCore(async options =>
{
var perms = new ClaimPermission().GetPermissions();
var client = new HttpClient {
BaseAddress = uri
};
var response = await client.GetFromJsonAsync <ApiResultModel <List <ExtensionModel> > >($"core/Modules");
//var policies = new Dictionary<string,string>();
if (response != null && response.Status == 200 && response.Data != null)
{
foreach (var ext in response.Data)
{
foreach (var perm in perms)
{
var policy_name = $"{ext.Code}.{perm}";
//policies.Add(policy_name,policy_name);
options.AddPolicy(policy_name, policy => policy.RequireClaim(ClaimTypes.Role, policy_name));
}
}
}
});
// builder
//---------------------------------
var host = builder.Build();
var response = await client.GetFromJsonAsync <ApiResultModel <string> >($"core/Sys/Version");
if (response != null && response.Status == 200)
{
var sessionStorage = host.Services.GetRequiredService <ISessionStorageService>();
await sessionStorage.SetItemAsync <string>(AppClient.VersionKey, response.Data);
sessionStorage = null;
}
//---------------------------------
//host.Services.UseBootstrapProviders().UseFontAwesomeIcons();
//if(policies)
//var sessionStorage = host.Services.GetRequiredService<ISessionStorageService>();
//await builder.Build().RunAsync();
await host.RunAsync();
}
public async Task <bool> SetupMudules()
{
try
{
var perms = new ClaimPermission().GetPermissions();
var extensions = new List <IExtension>();
var all_policy_db = await dbSet.AsNoTracking().ToListAsync();
var admin_role_db = this.storageContext.Set <User_Role>();
var admin_codes = new string[] { "admin", "system", "systemadmin", "system_admin" };
var admin_roles = await admin_role_db.AsNoTracking().Where(x => admin_codes.Contains(x.code.ToLower())).ToListAsync();
if (admin_roles.Count() == 0)
{
admin_roles = new List <User_Role>()
{
new User_Role()
{
code = "SYSTEM", name = "System", role_level = 30
},
new User_Role()
{
code = "SYSTEM_ADMIN", name = "System admin", role_level = 29
},
new User_Role()
{
code = "ADMIN", name = "Administrator", role_level = 28
},
};
await admin_role_db.AddRangeAsync(admin_roles);
await storageContext.SaveChangesAsync();
}
if (Client.ServerSettings.AssemblyCandidate)
{
string[] starts = new string[] { "ExtCore" };
extensions = ExtensionManager.GetInstances <IExtension>().Where(x => !starts.Any(sl => x.Name.StartsWith(sl))).ToList();
}
else
{
extensions = ExtensionManager.GetInstances <IExtension>().ToList();
}
var permission_context = this.storageContext.Set <Permission_Access>();
var all_permission_db = await permission_context.AsNoTracking().ToListAsync();
all_permission_db.ForEach(x => { x.is_active = false; });
if (all_permission_db.Count() > 0)
{
return(false);
}
//var new_perms = new List<Permission_Access>();
var new_pols = new List <Policy_Roles>();
foreach (var perm in perms)
{
var new_perm = new Permission_Access()
{
name = perm,
is_active = true,
code = perm,
description = perm
};
await permission_context.AddAsync(new_perm);
await storageContext.SaveChangesAsync();
foreach (var ext in extensions)
{
var policy_code = $"{ext.Code}.{perm}";
foreach (var role in admin_roles)
{
new_pols.Add(new Policy_Roles()
{
role_id = role.id,
permission_id = new_perm.id,
code = policy_code,
module_name = ext.Name,
module_code = ext.Code,
User_Role = null,
Permission = null
});
}
}
}
await dbSet.AddRangeAsync(new_pols);
await storageContext.SaveChangesAsync();
return(true);
}
catch (Exception)
{
return(false);
}
}
