public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (attributes == null) { throw new ArgumentNullException(nameof(attributes)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = options.GetPolicy(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(options.DefaultPolicy); } } return any ? policyBuilder.Build() : null; }
public void ConfigureAuthorizationPolicies(Microsoft.AspNetCore.Authorization.AuthorizationOptions options) { AuthorizationPolicies.options = options; #region Stores ReadStores(); #endregion }
public async Task CanCombineAuthorizeAttributes() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute(), new AuthorizeAttribute("1") { ActiveAuthenticationSchemes = "dupe" }, new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" }, new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationSchemes = "roles" }, }; var options = new AuthorizationOptions(); options.AddPolicy("1", policy => policy.RequireClaim("1")); options.AddPolicy("2", policy => policy.RequireClaim("2")); var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options)); // Act var combined = await AuthorizationPolicy.CombineAsync(provider, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Contains("dupe")); Assert.True(combined.AuthenticationSchemes.Contains("roles")); Assert.Equal(4, combined.Requirements.Count()); Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement)); Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count()); Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count()); }
public void ConfigureAutrorization(AuthorizationOptions options) { options.AddPolicy(UserManagement, policyBuilder => { policyBuilder.RequireClaim("ManageUsers"); }); }
public static void RegisterAuthorizations(AuthorizationOptions options) { options.AddPolicy("Administrator", p => { p.RequireAuthenticatedUser(); p.RequireClaim(DAG.Security.Safe.Owin.ClaimTypes.Email); }); }
public DefaultAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } _options = options.Value; }
public static void AddTestAuthorization( Microsoft.AspNetCore.Authorization.AuthorizationOptions options) { options.AddPolicy(Constants.Policies.Internal, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.Application, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.User, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.InternalOrApplication, builder => { builder.RequireClaim("scope", "test"); }); }
public void CombineMustTrimRoles() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute() { Roles = "r1 , r2" } }; var options = new AuthorizationOptions(); // Act var combined = AuthorizationPolicy.Combine(options, attributes); // Assert Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement)); var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First(); Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count()); Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1"))); Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2"))); }
public async Task CombineMustTrimRoles() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute() { Roles = "r1 , r2" } }; var options = new AuthorizationOptions(); var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options)); // Act var combined = await AuthorizationPolicy.CombineAsync(provider, attributes); // Assert Assert.True(combined.Requirements.Any(r => r is RolesAuthorizationRequirement)); var rolesAuthorizationRequirement = combined.Requirements.OfType<RolesAuthorizationRequirement>().First(); Assert.Equal(2, rolesAuthorizationRequirement.AllowedRoles.Count()); Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r1"))); Assert.True(rolesAuthorizationRequirement.AllowedRoles.Any(r => r.Equals("r2"))); }
public void CanReplaceDefaultPolicy() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute(), new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" } }; var options = new AuthorizationOptions(); options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build(); options.AddPolicy("2", policy => policy.RequireClaim("2")); // Act var combined = AuthorizationPolicy.Combine(options, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Contains("dupe")); Assert.True(combined.AuthenticationSchemes.Contains("default")); Assert.Equal(2, combined.Requirements.Count()); Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement)); Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count()); }
public static void AddPlatformAuthorization( Microsoft.AspNetCore.Authorization.AuthorizationOptions authorizationOptions) { authorizationOptions.AddPolicy(Constants.Policies.Internal, builder => { builder.RequireScope(Constants.Scopes.PlatformInternal); }); authorizationOptions.AddPolicy(Constants.Policies.User, builder => { builder.RequireScope(Constants.Scopes.PlatformUser); }); authorizationOptions.AddPolicy(Constants.Policies.Application, builder => { builder.RequireScope(Constants.Scopes.PlatformApplication); }); authorizationOptions.AddPolicy(Constants.Policies.InternalOrApplication, builder => { builder.RequireScope(Constants.Scopes.PlatformApplication, Constants.Scopes.PlatformInternal); }); }
public AuthorizationApplicationModelProvider(IOptions<AuthorizationOptions> authorizationOptionsAccessor) { _authorizationOptions = authorizationOptionsAccessor.Value; }
public async Task CombineMustTrimAuthenticationScheme() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , a2" } }; var options = new AuthorizationOptions(); var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options)); // Act var combined = await AuthorizationPolicy.CombineAsync(provider, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1"))); Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2"))); }
public void CombineMustTrimAuthenticationScheme() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute() { ActiveAuthenticationSchemes = "a1 , a2" } }; var options = new AuthorizationOptions(); // Act var combined = AuthorizationPolicy.Combine(options, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a1"))); Assert.True(combined.AuthenticationSchemes.Any(a => a.Equals("a2"))); }
/// <summary> /// Gets all policies. /// /// IMPORTANT NOTE: Use this method carefully. /// It relies on reflection to get all policies from a private field of the <paramref name="options"/>. /// This method may be removed in the future if internals of <see cref="AuthorizationOptions"/> changes. /// </summary> /// <param name="options"></param> /// <returns></returns> public static List <string> GetPoliciesNames(this AuthorizationOptions options) { return(((IDictionary <string, AuthorizationPolicy>)PolicyMapProperty.GetValue(options)).Keys.ToList()); }
private void AuthorizationOptions(AuthorizationOptions options) { options.AddPolicy("doctoruser", policy => policy.RequireClaim("doctor", "true")); }