/// <summary>
/// Extension method to register the authorization policies.
/// </summary>
/// <param name="services">IServiceCollection instance.</param>
private static void RegisterAuthorizationPolicy(IServiceCollection services)
{
services.AddAuthorization(options =>
{
var mustContainValidUserRequirement = new MustBeTeamMemberRequirement();
options.AddPolicy(
PolicyNames.MustBePartOfTeamPolicy,
policyBuilder => policyBuilder.AddRequirements(mustContainValidUserRequirement));
});
services.AddSingleton <IAuthorizationHandler, MustBePartOfTeamHandler>();
}
private static void RegisterAuthorizationPolicy(IServiceCollection services)
{
services.AddAuthorization(options =>
{
var mustContainAdminTeamClaimRequirement = new MustBeAdminTeamMemberRequirement();
var mustBeTeamOwnerOrAdminUserClaimRequirement = new MustBeTeamOwnerOrAdminUserHandlerRequirement();
var mustBeTeamMemberClaimRequirement = new MustBeTeamMemberRequirement();
options.AddPolicy(
PolicyNames.MustBeAdminTeamMemberPolicy,
policyBuilder => policyBuilder
.AddRequirements(mustContainAdminTeamClaimRequirement)
.RequireAuthenticatedUser()
.Build());
options.AddPolicy(
PolicyNames.MSGraphGroupDataPolicy,
policyBuilder => policyBuilder
.AddRequirements(new MSGraphScopeRequirement(new string[] { Common.Constants.ScopeGroupReadAll }))
.RequireAuthenticatedUser()
.Build());
options.AddPolicy(
PolicyNames.MustBeTeamOwnerOrAdminUserPolicy,
policyBuilder => policyBuilder
.AddRequirements(mustBeTeamOwnerOrAdminUserClaimRequirement)
.RequireAuthenticatedUser()
.Build());
options.AddPolicy(
PolicyNames.MustBeTeamMemberPolicy,
policyBuilder => policyBuilder
.AddRequirements(mustBeTeamMemberClaimRequirement)
.RequireAuthenticatedUser()
.Build());
});
services.AddTransient <IAuthorizationHandler, MustBeAdminTeamMemberHandler>();
services.AddTransient <IAuthorizationHandler, MSGraphScopeHandler>();
services.AddTransient <IAuthorizationHandler, MustBeTeamOwnerOrAdminUserHandler>();
services.AddTransient <IAuthorizationHandler, MustBeTeamMemberHandler>();
}
