コード例 #1
0
        private void EnforceRuleViolation(Controller controller, PageActionRoutingState state, EntityAccessRuleSet accessRuleViolation)
        {
            if (!state.AmbientUserContext.IsSignedIn() && accessRuleViolation.ShouldTryRedirect())
            {
                _logger.LogDebug("User not authenticated, redirecting to sign in page for user area {UserAreaCodeForLoginRedirect}.", accessRuleViolation.UserAreaCodeForSignInRedirect);
                var challengeScheme = AuthenticationSchemeNames.UserArea(accessRuleViolation.UserAreaCodeForSignInRedirect);
                state.Result = new ChallengeResult(challengeScheme);
                return;
            }

            _logger.LogDebug("Processing violation action {ViolationAction}.", accessRuleViolation.ViolationAction);
            switch (accessRuleViolation.ViolationAction)
            {
            case AccessRuleViolationAction.NotFound:
                // Set the route to null and the IGetNotFoundRouteRoutingStep will figure out the correct result
                state.PageRoutingInfo = null;
                break;

            case AccessRuleViolationAction.Error:
                // Throw an exception, which should be picked up by the global handler and dealt with accordingly.
                throw new AccessRuleViolationException($"User is not permitted to access {state.InputParameters.Path}.");

            default:
                throw new NotImplementedException($"{nameof(AccessRuleViolationAction)}.{accessRuleViolation.ViolationAction} not implemented.");
            }
            ;
        }
コード例 #2
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AuthorizeRoleAttribute"/> class.
 /// </summary>
 /// <param name="userAreaCode">The <see cref="IUserAreaDefinition.UserAreaCode"/> identifier of the user area that the role belongs to.</param>
 /// <param name="roleCode">The <see cref="IRoleDefinition.Rolecode"/> identifier of the code-defined role to restrict access to.</param>
 public AuthorizeRoleAttribute(string userAreaCode, string roleCode)
     : base()
 {
     AuthenticationSchemes = AuthenticationSchemeNames.UserArea(userAreaCode);
     Policy = AuthorizationPolicyNames.Role(userAreaCode, roleCode);
 }
コード例 #3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AuthorizeUserAreaAttribute"/> class.
 /// </summary>
 /// <param name="userAreaCode">The <see cref="IUserAreaDefinition.UserAreaCode"/> identifier of the user area to restrict access to.</param>
 public AuthorizeUserAreaAttribute(string userAreaCode)
     : base()
 {
     AuthenticationSchemes = AuthenticationSchemeNames.UserArea(userAreaCode);
     Policy = AuthorizationPolicyNames.UserArea(userAreaCode);
 }