Esempio n. 1
0
        public async Task GetHandlersAsyncShouldReturnTheCorrectHandlers()
        {
            var handler  = new AssertionRequirement(context => true);
            var provider = new DefaultAuthorizationHandlerProvider(handler);
            var handlers = (await provider.GetHandlersAsync()).ToArray();

            Assert.AreEqual(1, handlers.Length);
            Assert.AreSame(handler, handlers[0]);
        }
        /// <summary>
        /// Determines if a user is authorized.
        /// </summary>
        /// <param name="controller">The controller from which <see cref="AuthorizationOptions"/> may be obtained.</param>
        /// <param name="user">The user to evaluate the authorize data against.</param>
        /// <param name="authorizeAttribute">The <see cref="IAuthorizeData"/> to evaluate.</param>
        /// <returns>
        /// A flag indicating whether authorization has succeeded.
        /// This value is <value>true</value> when the <paramref name="user"/> fulfills the <paramref name="authorizeAttribute"/>; otherwise <value>false</value>.
        /// </returns>
        /// <remarks>
        /// If <paramref name="controller"/> is not null, it will be used to find <see cref="AuthorizationOptions"/> instead of the current <see cref="IOwinContext"/>.
        /// </remarks>
        public async Task <bool> IsAuthorizedAsync(IAuthorizationController controller, ClaimsPrincipal user, IAuthorizeData authorizeAttribute)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            if (authorizeAttribute == null)
            {
                throw new ArgumentNullException(nameof(authorizeAttribute));
            }

            var options = ResolveAuthorizationOptions(controller);

            if (options == null)
            {
                throw new InvalidOperationException(Resources.Exception_AuthorizationOptionsMustNotBeNull);
            }

            var dependencies = options.Dependencies
                               ?? new AuthorizationDependencies();
            var policyProvider = dependencies.PolicyProvider
                                 ?? new DefaultAuthorizationPolicyProvider(options);
            var authorizationService = dependencies.Service;

            if (authorizationService == null)
            {
                var handlerProvider = new DefaultAuthorizationHandlerProvider(new PassThroughAuthorizationHandler());
                var handlers        = await handlerProvider.GetHandlersAsync();

                var loggerFactory = dependencies.LoggerFactory
                                    ?? new DiagnosticsLoggerFactory();

                authorizationService = new DefaultAuthorizationService(
                    policyProvider,
                    handlers,
                    loggerFactory.CreateDefaultLogger(),
                    new DefaultAuthorizationHandlerContextFactory(),
                    new DefaultAuthorizationEvaluator());
            }

            var policy = await AuthorizationPolicy.CombineAsync(policyProvider, new[] { authorizeAttribute });

            return(await authorizationService.AuthorizeAsync(user, policy));
        }