public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (attributes == null)
{
throw new ArgumentNullException(nameof(attributes));
}
var policyBuilder = new AuthorizationPolicyBuilder();
var any = false;
foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>())
{
any = true;
var useDefaultPolicy = true;
if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy))
{
var policy = options.GetPolicy(authorizeAttribute.Policy);
if (policy == null)
{
throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy));
}
policyBuilder.Combine(policy);
useDefaultPolicy = false;
}
var rolesSplit = authorizeAttribute.Roles?.Split(',');
if (rolesSplit != null && rolesSplit.Any())
{
var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
policyBuilder.RequireRole(trimmedRolesSplit);
useDefaultPolicy = false;
}
var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(',');
if (authTypesSplit != null && authTypesSplit.Any())
{
foreach (var authType in authTypesSplit)
{
if (!string.IsNullOrWhiteSpace(authType))
{
policyBuilder.AuthenticationSchemes.Add(authType.Trim());
}
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(options.DefaultPolicy);
}
}
return any ? policyBuilder.Build() : null;
}
public static AuthorizationPolicy Combine(IEnumerable<AuthorizationPolicy> policies)
{
if (policies == null)
{
throw new ArgumentNullException(nameof(policies));
}
var builder = new AuthorizationPolicyBuilder();
foreach (var policy in policies)
{
builder.Combine(policy);
}
return builder.Build();
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("AdministratorOnly", policy => policy.RequireRole("Administrator"));
options.AddPolicy("EmployeeId", policy => policy.RequireClaim("EmployeeId", "123", "456"));
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
}
/// <summary>
/// Add a policy that is built from a delegate with the provided name.
/// </summary>
/// <param name="name">The name of the policy.</param>
/// <param name="configurePolicy">The delegate that will be used to build the policy.</param>
public void AddPolicy(string name, Action<AuthorizationPolicyBuilder> configurePolicy)
{
if (name == null)
{
throw new ArgumentNullException(nameof(name));
}
if (configurePolicy == null)
{
throw new ArgumentNullException(nameof(configurePolicy));
}
var policyBuilder = new AuthorizationPolicyBuilder();
configurePolicy(policyBuilder);
PolicyMap[name] = policyBuilder.Build();
}
public void ConfigureServices(IServiceCollection services)
{
// only allow authenticated users
var defaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddMvc(setup =>
{
setup.Filters.Add(new AuthorizeFilter(defaultPolicy));
});
services.AddAuthorization(options =>
{
// some examples
options.AddPolicy("SalesOnly", policy =>
{
policy.RequireClaim("department", "sales");
});
options.AddPolicy("SalesSenior", policy =>
{
policy.RequireClaim("department", "sales");
policy.RequireClaim("status", "senior");
});
options.AddPolicy("DevInterns", policy =>
{
policy.RequireClaim("department", "development");
policy.RequireClaim("status", "intern");
});
// custom policy
options.AddPolicy("CxO", policy =>
{
policy.RequireJobLevel(JobLevel.CxO);
});
});
// register resource authorization handlers
services.AddTransient<IAuthorizationHandler, CustomerAuthorizationHandler>();
services.AddTransient<IAuthorizationHandler, ProductAuthorizationHandler>();
// register data access services
services.AddTransient<IPermissionService, PermissionService>();
services.AddTransient<IOrganizationService, OrganizationService>();
}
public static IServiceCollection AddAuthentication(this IServiceCollection services, IConfiguration configuration)
{
services.Configure<GoogleAuthSettings>(configuration.GetSection("GoogleAuthSettings"));
services.Configure<MicrosoftAuthSettings>(configuration.GetSection("MicrosoftAuthSettings"));
services.AddSingleton<AuthManager>();
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("dg:org")
.RequireClaim("dg:role")
.Build();
services.AddAuthorization(options =>
{
options.DefaultPolicy = policy;
});
return services;
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("AdministratorOnly", policy => policy.RequireRole("Administrator"));
options.AddPolicy("EmployeeId", policy => policy.RequireClaim("EmployeeId", "123", "456"));
options.AddPolicy("Over21Only", policy => policy.Requirements.Add(new MinimumAgeRequirement(21)));
options.AddPolicy("BuildingEntry", policy => policy.Requirements.Add(new OfficeEntryRequirement()));
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
services.AddSingleton<IAuthorizationHandler, HasBadgeHandler>();
services.AddSingleton<IAuthorizationHandler, HasTemporaryPassHandler>();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options => {
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
services.AddAuthorization();
services.AddMvc( config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
}
);
}
public void ConfigureServices(IServiceCollection services)
{
//Add Cors support to the service
services.AddCors();
var policy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy();
policy.Headers.Add("*");
policy.Methods.Add("*");
policy.Origins.Add("*");
policy.SupportsCredentials = true;
services.AddCors(x => x.AddPolicy("corsGlobalPolicy", policy));
var securedFilesPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("scope", "securedFiles")
.Build();
services.AddAuthorization(options =>
{
options.AddPolicy("securedFilesUser", policyUser =>
{
policyUser.RequireClaim("role", "securedFiles.user");
});
});
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(securedFilesPolicy));
});
services.AddMvc();
services.AddTransient<ISecuredFileProvider, SecuredFileProvider>();
services.AddSingleton<UseOnceAccessIdService>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
Mapper.Initialize(cfg =>
{
cfg.CreateMap<Pantry, PantryViewModel>().ReverseMap();
cfg.CreateMap<PantryItem, PantryItemViewModel>().ReverseMap();
});
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
var jwtAppSettingOptions = Configuration.GetSection(nameof(JwtIssuerOptions));
// Configure JwtIssuerOptions
//TODO: Make sure to put this variable in a config & keep it safe
string SecretKey = Configuration["SecretKey"];
Console.WriteLine($"Secret key: {SecretKey}");
_signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(SecretKey));
services.Configure<JwtIssuerOptions>(options =>
{
options.Issuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
options.Audience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)];
options.SigningCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256);
});
// Add application services
services.AddTransient<PantryService, PantryService>();
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = false;
options.Password.RequiredLength = 6;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
// User settings
options.User.RequireUniqueEmail = true;
});
var sqlConnectionString = Configuration["ConnectionStrings:DataAccessMySqlProvider"];
Console.WriteLine($"sql conn from config file: {sqlConnectionString}");
services.AddDbContext<ApplicationDbContext>(options =>
options.UseMySQL(sqlConnectionString)
);
string currentDirectory = Directory.GetCurrentDirectory();
Console.WriteLine($"Current directory: {currentDirectory}");
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc();
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
// code removed for brevity
// Default authentication policy will Require Authenticated User's
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
// Visual Studio is having a problem with HTTPS, but this is what you want to require HTTPS
//services.Configure<MvcOptions>(options =>
//{
// options.Filters.Add(new RequireHttpsAttribute());
//});
// We can add the ContactRoleAuthorizationHandler as a singleton as all the information
// it needs is in the Context parameter.
services.AddSingleton<IAuthorizationHandler, ContactRoleAuthorizationHandler>();
// As ContactIsOwner requires identity, which in turn requires EF, we add this handler
// scoped. See Entity Framework and Scoped in https://docs.asp.net/en/latest/fundamentals/dependency-injection.html
services.AddScoped<IAuthorizationHandler, ContactIsOwnerAuthorizationHandler>();
// ContactHasOne requires EF.
services.AddScoped<IAuthorizationHandler, ContactHasOneAuthorizationHandler>();
}
public void ConfigureServices(IServiceCollection services)
{
var connection = Configuration["Production:SqliteConnectionString"];
var folderForKeyStore = Configuration["Production:KeyStoreFolderWhichIsBacked"];
var cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "damienbodserver.pfx"), "");
// Important The folderForKeyStore needs to be backed up.
services.AddDataProtection()
.SetApplicationName("AspNet5IdentityServerAngularImplicitFlow")
.PersistKeysToFileSystem(new DirectoryInfo(folderForKeyStore))
.ProtectKeysWithCertificate(cert);
services.AddDbContext<DataEventRecordContext>(options =>
options.UseSqlite(connection)
);
//Add Cors support to the service
services.AddCors();
var policy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy();
policy.Headers.Add("*");
policy.Methods.Add("*");
policy.Origins.Add("*");
policy.SupportsCredentials = true;
services.AddCors(x => x.AddPolicy("corsGlobalPolicy", policy));
var guestPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("scope", "dataEventRecords")
.Build();
services.AddAuthorization(options =>
{
options.AddPolicy("dataEventRecordsAdmin", policyAdmin =>
{
policyAdmin.RequireClaim("role", "dataEventRecords.admin");
});
options.AddPolicy("dataEventRecordsUser", policyUser =>
{
policyUser.RequireClaim("role", "dataEventRecords.user");
});
});
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(guestPolicy));
}).AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new DefaultContractResolver();
});
services.AddScoped<IDataEventRecordRepository, DataEventRecordRepository>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddOptions();
var connection = Configuration["DefaultConnection"];
services.AddDbContext<BrewMaticContext>(options => options.UseSqlServer(connection));
services.AddDbContext<IdentityContext>(options => options.UseSqlServer(connection));
services.AddScoped<IRepository, Repository>();
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IdentityContext>()
.AddDefaultTokenProviders();
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
//.RequireClaim("role", "Brewer")
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
})
.AddJsonOptions(x =>
{
x.SerializerSettings.ContractResolver =
new CamelCasePropertyNamesContractResolver();
});
var jwtAppSettingOptions = Configuration.GetSection(nameof(JwtIssuerOptions));
// Configure JwtIssuerOptions
services.Configure<JwtIssuerOptions>(options =>
{
options.Issuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
options.Audience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)];
options.SigningCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256);
});
services.AddSignalR(options =>
{
options.Hubs.EnableDetailedErrors = true;
});
services.AddAuthorization(options =>
{
options.AddPolicy("BrewerPolicy",
policy => policy.RequireRole("Brewer"));
options.AddPolicy("RefreshTokenPolicy",
policy => policy.RequireClaim("RefeshToken"));
});
}
/// <summary>
/// Construct an instance of <see cref="AcceptancePolicyBuilder"/>.
/// </summary>
public AcceptancePolicyBuilder()
{
_requirements = new List <IAuthorizationRequirement>();
_builder = new AuthorizationPolicyBuilder();
_claims = new Dictionary <string, List <string>?>();
}
public static AuthorizationPolicyBuilder RequireMinAge(this AuthorizationPolicyBuilder builder, int minAge)
{
return(builder.AddRequirements(new MinimumAgeRequirement(minAge)));
}
public void ConfigureServices(IServiceCollection services)
{
var cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), "");
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
var guestPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("scope", "dataEventRecords")
.Build();
services.AddAuthorization(options =>
{
options.AddPolicy("dataEventRecordsAdmin", policyAdmin =>
{
policyAdmin.RequireClaim("role", "dataEventRecords.admin");
});
options.AddPolicy("admin", policyAdmin =>
{
policyAdmin.RequireClaim("role", "admin");
});
options.AddPolicy("dataEventRecordsUser", policyUser =>
{
policyUser.RequireClaim("role", "dataEventRecords.user");
});
});
services.AddMvc();
services.AddTransient<IProfileService, IdentityWithAdditionalClaimsProfileService>();
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
services.AddIdentityServer()
.AddSigningCredential(cert)
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddProfileService<IdentityWithAdditionalClaimsProfileService>();
}