public async Task <ActionResult <UserResourceResponse> > GetUserResouces(Guid azureAdId) { var response = _userManagementRepository.GetUserResourcesByAzureAdId(azureAdId); if (response == null) { NotFound(); } //this endpoint will hit once user logs in application/ refresh page. await _cache.SetStringAsync(azureAdId.ToString(), JsonConvert.SerializeObject(response), new DistributedCacheEntryOptions { SlidingExpiration = new TimeSpan(1, 0, 0) }); return(Ok(response)); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <param name="requirement"></param> /// <returns></returns> protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, ScopeRequirement requirement) { // Split the scopes string into an array var scopesData = context.User.FindFirst(c => c.Type == "http://schemas.microsoft.com/identity/claims/scope" && c.Issuer == issuer); if (scopesData != null) { var scopes = scopesData.Value.Split(' '); // Succeed if the scope array contains the required scope if (scopes.Any(s => s == "user_impersonation")) { var oid = context.User.FindFirst(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier" && c.Issuer == issuer); UserResourceResponse response; string userPolicies = await _cache.GetStringAsync(oid.Value.ToLower()); if (!string.IsNullOrEmpty(userPolicies)) { response = JsonConvert.DeserializeObject <UserResourceResponse>(userPolicies); } else { response = _userRepository.GetUserResourcesByAzureAdId(new Guid(oid.Value)); await _cache.SetStringAsync(oid.Value.ToLower(), JsonConvert.SerializeObject(response), new DistributedCacheEntryOptions { SlidingExpiration = new TimeSpan(0, 30, 0) }); //30 min } AuthorizationFilterContext authFilterContext = context.Resource as AuthorizationFilterContext; if (authFilterContext != null) { var httpMethod = authFilterContext.HttpContext.Request.Method; var url = authFilterContext.ActionDescriptor.AttributeRouteInfo.Template; if (response != null && response.Resources != null) { if (response.Resources.Any(p => p.ResourceUri == url && p.Mehtod == httpMethod)) { context.Succeed(requirement); } } } } } else if (!string.IsNullOrEmpty(confidentialAppId)) { var appId = context.User.FindFirst(c => c.Type == "appid" && c.Issuer == issuer); if (appId != null && appId.Value == confidentialAppId) { context.Succeed(requirement); } } }