public static AuthorizationPolicyInfo ToAuthorizationPolicyInfo(this AuthorizationPolicyEntity entity)
{
var policy = new AuthorizationPolicyInfo();
policy.Id = entity.Id;
policy.Name = entity.Name;
policy.TenantId = entity.TenantId;
policy.RequireAuthenticatedUser = entity.RequireAuthenticatedUser;
policy.RequiredUserName = entity.RequiredUserName;
policy.Notes = entity.Notes;
foreach (var r in entity.AllowedRoles)
{
policy.AllowedRoles.Add(r.AllowedRole);
}
foreach (var s in entity.AuthenticationSchemes)
{
policy.AuthenticationSchemes.Add(s.AuthenticationScheme);
}
foreach (var c in entity.RequiredClaims)
{
var cr = new ClaimRequirement();
cr.ClaimName = c.ClaimName;
foreach (var r in c.AllowedValues)
{
cr.AllowedValues.Add(r.AllowedValue);
}
policy.RequiredClaims.Add(cr);
}
return(policy);
}
public static void Register(
IServiceCollection services,
IConfiguration configuration)
{
var claims = new List <ClaimRequirement>();
foreach (var permissaoValor in typeof(PermissaoEnum).GetEnumValues())
{
var permissaoNome = permissaoValor.ToString();
claims.Add(ClaimRequirement.Create(permissaoNome, ClaimTypes.Role, permissaoNome));
}
services.AddIdentity(configuration, claims);
}
public void Configuration(IAppBuilder app)
{
var opts = new RequireClaimsInJwtOptions();
Func <IEnumerable <Claim>, bool> mustContainAtLeastOneBanana = cl => cl.Any(c => c.Type == "sub");
var claimRequirement = new ClaimRequirement(mustContainAtLeastOneBanana, "No sub claim!");
opts.AddRequirement(claimRequirement);
app.UseRequireClaimsInJwt(opts);
var testConfiguration = new HttpConfiguration();
testConfiguration.MapHttpAttributeRoutes();
app.UseWebApi(testConfiguration);
}
public async Task <PolicyOperationResult> AddClaimRequirement(Guid policyId, string claimName, string allowedValuesCsv)
{
string message;
if (string.IsNullOrWhiteSpace(claimName))
{
message = $"claimName was empty, failed to add claim requirement";
_log.LogError(message);
return(new PolicyOperationResult(false, message));
}
var policy = await FetchPolicy(policyId);
if (policy == null)
{
message = $"failed to find policy with id {policyId} so could not add claim requirement {claimName}";
_log.LogError(message);
return(new PolicyOperationResult(false, message));
}
var claimRequirement = new ClaimRequirement();
claimRequirement.ClaimName = claimName;
if (!string.IsNullOrEmpty(allowedValuesCsv))
{
var vals = allowedValuesCsv.Split(',');
if (vals.Length > 0)
{
foreach (var v in vals)
{
claimRequirement.AllowedValues.Add(v.Trim());
}
}
}
if (!policy.HasClaimRequirement(claimRequirement.ClaimName))
{
policy.RequiredClaims.Add(claimRequirement);
await _commands.Update(policy);
}
else
{
message = $"tried to add claim {claimName} to policy {policy.Name}, but it already has a claim requirement for that claim name";
_log.LogError(message);
return(new PolicyOperationResult(false, message));
}
return(new PolicyOperationResult(true));
}
private void SyncClaimAllowedValues(
IDynamicPolicyDbContext db,
ClaimRequirement claim,
ClaimRequirementEntity entity)
{
if (claim.AllowedValues.Count == 0)
{
entity.AllowedValues.Clear();
}
else
{
if (entity.AllowedValues.Count > 0)
{
for (int i = 0; i < entity.AllowedValues.Count; i++)
{
if (!claim.AllowedValues.Contains(entity.AllowedValues[i].AllowedValue))
{
db.AllowedClaimValues.Remove(entity.AllowedValues[i]);
entity.AllowedValues.RemoveAt(i);
}
}
}
foreach (var s in claim.AllowedValues)
{
if (!entity.AllowedValues.HasRequiredValue(s))
{
var r = new AllowedClaimValueEntity();
r.AllowedValue = s;
r.ClaimRequirement = entity;
entity.AllowedValues.Add(r);
db.AllowedClaimValues.Add(r);
}
}
}
}
