public AuthorizationPolicyProvider( IOptions <AuthorizationOptions> options, BaleaOptions baleaOptions) : base(options) { _baleaOptions = baleaOptions; _options = options.Value; }
public static string GetSubjectId(this ClaimsPrincipal principal, BaleaOptions options) { var claim = principal.FindFirst(options.DefaultClaimTypeMap.SubjectClaimType) ?? principal.FindFirst(options.DefaultClaimTypeMap.FallbackSubjectClaimType) ?? throw new InvalidOperationException($"'{options.DefaultClaimTypeMap.SubjectClaimType}' or '{options.DefaultClaimTypeMap.FallbackSubjectClaimType}' claim is missing."); return(claim.Value); }
public BaleaPolicyEvaluator( IAuthorizationService authorization, IRuntimeAuthorizationServerStore store, BaleaOptions options) : base(authorization) { _store = store; _options = options; }
public AuthorizationPolicyProvider( IOptions <AuthorizationOptions> options, BaleaOptions baleaOptions, ILogger <AuthorizationPolicyProvider> logger) : base(options) { _options = options.Value; _baleaOptions = baleaOptions; _logger = logger; }
public BaleaPolicyEvaluator( IAuthorizationService authorization, IRuntimeAuthorizationServerStore store, BaleaOptions options, ILogger <BaleaPolicyEvaluator> logger) { _authorization = authorization; _store = store; _options = options; _logger = logger; }
public ApiRuntimeAuthorizationServerStore( IHttpClientFactory httpClientFactory, StoreOptions storeOptions, BaleaOptions baleaOptions, ILogger <ApiRuntimeAuthorizationServerStore> logger, IDistributedCache cache = null) { Ensure.Argument.NotNull(httpClientFactory, nameof(httpClientFactory)); Ensure.Argument.NotNull(storeOptions, nameof(storeOptions)); Ensure.Argument.NotNull(baleaOptions, nameof(baleaOptions)); Ensure.Argument.NotNull(logger, nameof(logger)); _httpClientFactory = httpClientFactory; _storeOptions = storeOptions; _baleaOptions = baleaOptions; _logger = logger; _cache = cache; }
public static string GetSubjectId(this ClaimsPrincipal principal, BaleaOptions options) { string sid = null; foreach (var allowedSubjectClaimType in options.DefaultClaimTypeMap.AllowedSubjectClaimTypes) { sid = principal.FindFirstValue(allowedSubjectClaimType); if (sid != null) { break; } } _ = sid ?? throw new InvalidOperationException($"'Balea allowed subject claim type is missing."); return(sid); }
public EntityFrameworkCoreRuntimeAuthorizationServerStore(TContext context, BaleaOptions options) { _context = context ?? throw new ArgumentNullException(nameof(context)); _options = options ?? throw new ArgumentNullException(nameof(options)); }
public ConfigurationRuntimeAuthorizationServerStore(BaleaConfiguration configuration, BaleaOptions options) { _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration)); _options = options ?? throw new ArgumentNullException(nameof(options)); }
public async Task InvokeAsync(HttpContext context, IRuntimeAuthorizationServerStore store, BaleaOptions options) { var endpoint = context.GetEndpoint(); if (context.User.Identity.IsAuthenticated && endpoint.Metadata.GetMetadata <IAuthorizeData>() != null) { if (context.Items.ContainsKey(AuthorizationMiddlewareInvokedKey)) { ThrowMissingAuthMiddlewareException(); } var authorization = await store .FindAuthorizationAsync(context.User); if (!context.Response.HasStarted && options.UnauthorizedFallback != null && !authorization.Roles.Any()) { await options.UnauthorizedFallback(context); return; } var roleClaims = authorization.Roles .Where(role => role.Enabled) .Select(role => new Claim(options.DefaultClaimTypeMap.RoleClaimType, role.Name)); var permissionClaims = authorization.Roles .SelectMany(role => role.GetPermissions()) .Distinct() .Select(permission => new Claim(options.DefaultClaimTypeMap.PermissionClaimType, permission)); var identity = new ClaimsIdentity( authenticationType: nameof(BaleaMiddleware), nameType: options.DefaultClaimTypeMap.NameClaimType, roleType: options.DefaultClaimTypeMap.RoleClaimType); identity.AddClaims(roleClaims); identity.AddClaims(permissionClaims); if (authorization.Delegation != null) { identity.AddClaim(new Claim(BaleaClaims.DelegatedBy, authorization.Delegation.Who)); identity.AddClaim(new Claim(BaleaClaims.DelegatedFrom, authorization.Delegation.From.ToString())); identity.AddClaim(new Claim(BaleaClaims.DelegatedTo, authorization.Delegation.To.ToString())); } context.User.AddIdentity(identity); } await _next(context); }