public static void ConfigureCoreMvc(IMvcCoreBuilder builder) { builder.AddAuthorization(options => { options.AddPolicy("ValidateClaims", policyBuilder => { policyBuilder.RequireAuthenticatedUser(); policyBuilder.RequireAssertion(context => { var principal = context.User; var nameIdentifierClaim = principal.FindFirst(ClaimTypes.NameIdentifier); if (nameIdentifierClaim == null || nameIdentifierClaim.Value != "1" || nameIdentifierClaim.ValueType != ClaimValueTypes.Integer32 || nameIdentifierClaim.Issuer != "TestIssuer" || nameIdentifierClaim.OriginalIssuer != "OriginalTestIssuer") { return(false); } return(true); }); }); }); builder.AddJsonFormatters(options => { options.NullValueHandling = NullValueHandling.Ignore; }); }
/// <summary> /// Добавляет обязательность авторизации ко всем запросам /// </summary> /// <param name="builder"></param> /// <param name="configuration"></param> internal static void ConfigureRequiredAuth(IMvcCoreBuilder builder, IConfiguration configuration) { var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser() .Build(); builder.AddAuthorization() .AddMvcOptions(o => o.Filters.Add(new AuthorizeFilter(policy))); }
public static void ConfigureCoreMvc(IMvcCoreBuilder builder) { builder.AddAuthorization(); builder.AddJsonFormatters(options => { options.NullValueHandling = NullValueHandling.Ignore; }); }
public static IMvcCoreBuilder AddAuthorizationPolicies(this IMvcCoreBuilder services) { services.AddAuthorization(options => { options.AddPolicy(AuthorizationConsts.AdministrationPolicy, policy => { policy.RequireScope(AuthenticationConsts.IdentityApiScope); policy.RequireRole(AuthorizationConsts.AdministrationRole); }); }); return(services); }
internal static IMvcCoreBuilder AddAuthorization(this IMvcCoreBuilder @this, IConfiguration configuration) { var authConfig = configuration .GetSection("authentication") .Get <AuthConfiguration>(); if (!authConfig.IsEnabled()) { return(@this.AddAuthorization()); } return(@this .AddAuthorization(options => { options.AddPolicy(AdminPolicy, builder => builder .RequireScope("hawk")); options.AddPolicy(ReadOnlyPolicy, builder => builder .RequireScope("hawk") .RequireScope("hawk.readonly")); })); }
/// <summary> /// Adds WebApi services to the specified <see cref="IServiceCollection" />. /// </summary> /// <param name="services">The <see cref="IServiceCollection" /> to add services to.</param> /// <returns>An <see cref="IMvcBuilder"/> that can be used to further configure the WebApi services.</returns> public static IMvcBuilder AddWebApi(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException("services"); } IMvcCoreBuilder mvcCoreBuilder = services.AddMvcCore(); mvcCoreBuilder.AddApiExplorer(); mvcCoreBuilder.AddAuthorization(); mvcCoreBuilder.AddFormatterMappings(); mvcCoreBuilder.AddDataAnnotations(); mvcCoreBuilder.AddJsonFormatters(); mvcCoreBuilder.AddCors(); //-MvcServiceCollectionExtensions.AddDefaultFrameworkParts(mvcCoreBuilder.PartManager); //-mvcCoreBuilder.AddViews(); //-mvcCoreBuilder.AddRazorViewEngine(); //-mvcCoreBuilder.AddRazorPages(); //-mvcCoreBuilder.AddCacheTagHelper(); return(new MvcBuilder(mvcCoreBuilder.Services, mvcCoreBuilder.PartManager)); }
public static IMvcCoreBuilder AddLoadBoardAuthorization(this IMvcCoreBuilder coreBuilder) { //Use reflection to grab roles and actions //Don't need role policies as we can use the Roles property on the Authorize Attribute //var roleConstants = typeof(DomainServices.Security.SecurityRoles) // .GetFields(System.Reflection.BindingFlags.Public // | System.Reflection.BindingFlags.Static // | System.Reflection.BindingFlags.FlattenHierarchy) // .Select(field => field.GetValue(null).ToString()).ToList(); var actionConstants = typeof(DomainServices.Security.SecurityActions) .GetFields(System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.Static | System.Reflection.BindingFlags.FlattenHierarchy) .Select(field => field.GetValue(null).ToString()).ToList(); //Loop through Roles and Actions to create policy for each coreBuilder.AddAuthorization(options => { //Add Policy for all roles //foreach (var role in roleConstants) // options.AddPolicy($"{AuthorizationConstants.RolePolicyPrefix}{role}", policy => policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(role))); //Add Policy for all actions foreach (var action in actionConstants) { options.AddPolicy($"{AuthorizationConstants.ActionPolicyPrefix}{action}", policy => policy.AddRequirements(new Requirments.LoadShopHasActionRequirment(action))); } //Add policy to check if user has any load shop role options.AddPolicy(AuthorizationConstants.HasAnyLoadShopRolePolicy, policy => policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment())); //Add legacy Polcies to LoadShop still works until replace with //options.AddPolicy("TOPSRoleAdmin", policy => //{ // policy.Requirements.Add(new TrnWebApiCore.TopsAuth.Security.TOPSRoleRequirement("LB", new[] { "SYSADMIN" })); //}); options.AddPolicy(AuthorizationConstants.IsCarrierPolicy, policy => { policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(DomainServices.Security.SecurityRoles.CarrierRoles)); }); options.AddPolicy(AuthorizationConstants.IsShipperPolicy, policy => { policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment(DomainServices.Security.SecurityRoles.ShipperRoles)); }); options.AddPolicy(AuthorizationConstants.IsCarrierOrShipperPolicy, policy => { policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment( DomainServices.Security.SecurityRoles.CarrierRoles .Union(DomainServices.Security.SecurityRoles.ShipperRoles) .ToArray())); }); options.AddPolicy(AuthorizationConstants.IsCarrierOrShipperAdmin, policy => { policy.AddRequirements(new Requirments.LoadShopHasRoleRequirment( DomainServices.Security.SecurityRoles.LSAdmin, DomainServices.Security.SecurityRoles.SystemAdmin, DomainServices.Security.SecurityRoles.CarrierAdmin, DomainServices.Security.SecurityRoles.ShipperAdmin)); }); options.AddPolicy(AuthorizationConstants.CanAccessCarrierLoadsPolicy, policy => { policy.AddRequirements(new Requirments.LoadShopHasActionRequirment( DomainServices.Security.SecurityActions.Loadshop_Ui_Marketplace_Loads_View, DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_View_Booked)); }); options.AddPolicy(AuthorizationConstants.CanAccessLoadDetail, policy => { policy.AddRequirements(new Requirments.LoadShopHasActionRequirment( DomainServices.Security.SecurityActions.Loadshop_Ui_Marketplace_Loads_View_Detail, DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_View_Booked_Detail, DomainServices.Security.SecurityActions.Loadshop_Ui_Carrier_My_Loads_View_Delivered_Detail, DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Posted_Detail, DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Booked_Detail, DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Delivered_Detail)); }); options.AddPolicy(AuthorizationConstants.CanAccessLoadStatus, policy => { policy.AddRequirements(new Requirments.LoadShopHasActionRequirment( DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_Status_View, DomainServices.Security.SecurityActions.Loadshop_Ui_My_Loads_Status_Update, DomainServices.Security.SecurityActions.Loadshop_Ui_Shopit_Load_View_Booked_Detail)); }); }); coreBuilder.Services.AddTransient <IAuthorizationHandler, AuthorizationHandlers.LoadShopHasRoleHandler>(); coreBuilder.Services.AddTransient <IAuthorizationHandler, AuthorizationHandlers.LoadShopHasActionHandler>(); //Register legacy TopsRoleHandler //coreBuilder.Services.AddTransient<IAuthorizationHandler, TrnWebApiCore.TopsAuth.Security.TOPSRoleAuthorizationHandler>(); return(coreBuilder); }
private static void ConfigureMvc(IMvcCoreBuilder services) { services.AddAuthorization().AddApplicationPart(typeof(OAuthController).Assembly); }
public static void RegisterAuthorization(IMvcCoreBuilder builder) { builder .AddAuthorization() .AddJsonFormatters(); }
private static void AddActiveRouteImpl <TController, TFeature, TFeatureOptions>(IMvcCoreBuilder mvcBuilder) where TFeature : class, IDynamicFeature where TFeatureOptions : class { // Add [DynamicController(typeof(TComponentOptions))] if not present if (!typeof(TController).HasAttribute <DynamicControllerAttribute>()) { var attribute = new DynamicControllerAttribute(typeof(TFeatureOptions)); TypeDescriptor.AddAttributes(typeof(TController), attribute); var attributes = TypeDescriptor.GetAttributes(typeof(TController)); if (!attributes.Contains(attribute)) { throw new InvalidOperationException("Could not add attribute dynamically on this runtime."); } } // See: https://github.com/aspnet/Mvc/issues/5992 mvcBuilder.AddApplicationPart(typeof(TController).Assembly); mvcBuilder.ConfigureApplicationPartManager(x => { x.ApplicationParts.Add(new DynamicControllerApplicationPart(new[] { typeof(TController).GetTypeInfo() })); }); var componentDescriptor = ServiceDescriptor.Singleton(r => { var component = Instancing.CreateInstance <TFeature>(); component.GetRouteTemplate = () => { var o = r.GetRequiredService <IOptionsMonitor <TFeatureOptions> >(); return(o.CurrentValue is IFeatureNamespace ns ? ns.RootPath ?? string.Empty : string.Empty); }; return(component); }); mvcBuilder.Services.Replace(componentDescriptor); mvcBuilder.Services.AddTransient <IDynamicFeature>(r => { // cached singleton var component = r.GetService <TFeature>(); // each resolution, we could be discovering a different controller that needs hydration into its type for (var i = 0; i < component.ControllerTypes.Count; i++) { var controllerType = component.ControllerTypes[i]; if (controllerType.IsGenericType && controllerType.Name == typeof(TController).Name) { component.ControllerTypes[i] = typeof(TController); } } return(component); }); mvcBuilder.AddAuthorization(x => { if (x.GetPolicy(Constants.Security.Policies.NoPolicy) == null) { x.AddPolicy(Constants.Security.Policies.NoPolicy, b => { b.RequireAssertion(context => true); }); } }); }