コード例 #1
0
 public AuthorizationPolicyProvider(
     IOptions <AuthorizationOptions> options,
     BaleaOptions baleaOptions)
     : base(options)
 {
     _baleaOptions = baleaOptions;
     _options      = options.Value;
 }
コード例 #2
0
        public static string GetSubjectId(this ClaimsPrincipal principal, BaleaOptions options)
        {
            var claim =
                principal.FindFirst(options.DefaultClaimTypeMap.SubjectClaimType) ??
                principal.FindFirst(options.DefaultClaimTypeMap.FallbackSubjectClaimType) ??
                throw new InvalidOperationException($"'{options.DefaultClaimTypeMap.SubjectClaimType}' or '{options.DefaultClaimTypeMap.FallbackSubjectClaimType}' claim is missing.");

            return(claim.Value);
        }
コード例 #3
0
 public BaleaPolicyEvaluator(
     IAuthorizationService authorization,
     IRuntimeAuthorizationServerStore store,
     BaleaOptions options)
     : base(authorization)
 {
     _store   = store;
     _options = options;
 }
コード例 #4
0
 public AuthorizationPolicyProvider(
     IOptions <AuthorizationOptions> options,
     BaleaOptions baleaOptions,
     ILogger <AuthorizationPolicyProvider> logger)
     : base(options)
 {
     _options      = options.Value;
     _baleaOptions = baleaOptions;
     _logger       = logger;
 }
コード例 #5
0
 public BaleaPolicyEvaluator(
     IAuthorizationService authorization,
     IRuntimeAuthorizationServerStore store,
     BaleaOptions options,
     ILogger <BaleaPolicyEvaluator> logger)
 {
     _authorization = authorization;
     _store         = store;
     _options       = options;
     _logger        = logger;
 }
コード例 #6
0
 public ApiRuntimeAuthorizationServerStore(
     IHttpClientFactory httpClientFactory,
     StoreOptions storeOptions,
     BaleaOptions baleaOptions,
     ILogger <ApiRuntimeAuthorizationServerStore> logger,
     IDistributedCache cache = null)
 {
     Ensure.Argument.NotNull(httpClientFactory, nameof(httpClientFactory));
     Ensure.Argument.NotNull(storeOptions, nameof(storeOptions));
     Ensure.Argument.NotNull(baleaOptions, nameof(baleaOptions));
     Ensure.Argument.NotNull(logger, nameof(logger));
     _httpClientFactory = httpClientFactory;
     _storeOptions      = storeOptions;
     _baleaOptions      = baleaOptions;
     _logger            = logger;
     _cache             = cache;
 }
コード例 #7
0
        public static string GetSubjectId(this ClaimsPrincipal principal, BaleaOptions options)
        {
            string sid = null;

            foreach (var allowedSubjectClaimType in options.DefaultClaimTypeMap.AllowedSubjectClaimTypes)
            {
                sid = principal.FindFirstValue(allowedSubjectClaimType);

                if (sid != null)
                {
                    break;
                }
            }

            _ = sid ?? throw new InvalidOperationException($"'Balea allowed subject claim type is missing.");

            return(sid);
        }
コード例 #8
0
 public EntityFrameworkCoreRuntimeAuthorizationServerStore(TContext context, BaleaOptions options)
 {
     _context = context ?? throw new ArgumentNullException(nameof(context));
     _options = options ?? throw new ArgumentNullException(nameof(options));
 }
コード例 #9
0
 public ConfigurationRuntimeAuthorizationServerStore(BaleaConfiguration configuration, BaleaOptions options)
 {
     _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
     _options       = options ?? throw new ArgumentNullException(nameof(options));
 }
コード例 #10
0
ファイル: BaleaMiddleware.cs プロジェクト: paoc77/Balea 
        public async Task InvokeAsync(HttpContext context, IRuntimeAuthorizationServerStore store, BaleaOptions options)
        {
            var endpoint = context.GetEndpoint();

            if (context.User.Identity.IsAuthenticated && endpoint.Metadata.GetMetadata <IAuthorizeData>() != null)
            {
                if (context.Items.ContainsKey(AuthorizationMiddlewareInvokedKey))
                {
                    ThrowMissingAuthMiddlewareException();
                }

                var authorization = await store
                                    .FindAuthorizationAsync(context.User);

                if (!context.Response.HasStarted && options.UnauthorizedFallback != null && !authorization.Roles.Any())
                {
                    await options.UnauthorizedFallback(context);

                    return;
                }

                var roleClaims = authorization.Roles
                                 .Where(role => role.Enabled)
                                 .Select(role => new Claim(options.DefaultClaimTypeMap.RoleClaimType, role.Name));

                var permissionClaims = authorization.Roles
                                       .SelectMany(role => role.GetPermissions())
                                       .Distinct()
                                       .Select(permission => new Claim(options.DefaultClaimTypeMap.PermissionClaimType, permission));

                var identity = new ClaimsIdentity(
                    authenticationType: nameof(BaleaMiddleware),
                    nameType: options.DefaultClaimTypeMap.NameClaimType,
                    roleType: options.DefaultClaimTypeMap.RoleClaimType);

                identity.AddClaims(roleClaims);
                identity.AddClaims(permissionClaims);

                if (authorization.Delegation != null)
                {
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedBy, authorization.Delegation.Who));
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedFrom, authorization.Delegation.From.ToString()));
                    identity.AddClaim(new Claim(BaleaClaims.DelegatedTo, authorization.Delegation.To.ToString()));
                }

                context.User.AddIdentity(identity);
            }

            await _next(context);
        }