private static async Task <AuthState> AuthorizeWithPolicyAsync( IDirectiveContext context, AuthorizeDirective directive, ClaimsPrincipal principal) { IServiceProvider services = context.Service <IServiceProvider>(); IAuthorizationService authorizeService = services.GetService <IAuthorizationService>(); IAuthorizationPolicyProvider policyProvider = services.GetService <IAuthorizationPolicyProvider>(); if (authorizeService == null || policyProvider == null) { // authorization service is not configured so the user is // authorized with the previous checks. return(string.IsNullOrWhiteSpace(directive.Policy) ? AuthState.Allowed : AuthState.NotAllowed); } AuthorizationPolicy?policy = null; if ((directive.Roles is null || directive.Roles.Count == 0) && string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetDefaultPolicyAsync() .ConfigureAwait(false); if (policy == null) { return(AuthState.NoDefaultPolicy); } }
public DynamicAuthorizationPolicyProvider(IOptions <AuthorizationOptions> authOptions, IOptions <DynamicAuthorizationPolicyProviderOptions> dynamicOptions) { _authOptions = authOptions.Value; _dynamicOptions = dynamicOptions.Value; _fallbackProvider = new DefaultAuthorizationPolicyProvider(authOptions); }
public FunctionAuthorizationFilterIndex( IAuthenticationSchemeProvider schemeProvider, IAuthorizationPolicyProvider policyProvider) { _schemeProvider = schemeProvider; _policyProvider = policyProvider; }
public AuthorizeIndexPageHandlerFilter( IAuthorizationPolicyProvider policyProvider, IPolicyEvaluator policyEvaluator) { this.policyProvider = policyProvider; this.policyEvaluator = policyEvaluator; }
/// <summary> /// Creates a new instance of <see cref="DefaultAuthorizationService"/>. /// </summary> /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param> /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param> /// <param name="logger">The logger used to log messages, warnings and errors.</param> /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param> /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param> public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizationHandler> handlers, ILogger logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (handlers == null) { throw new ArgumentNullException(nameof(handlers)); } if (contextFactory == null) { throw new ArgumentNullException(nameof(contextFactory)); } if (evaluator == null) { throw new ArgumentNullException(nameof(evaluator)); } _handlers = InitializeHandlers(handlers); _policyProvider = policyProvider; _logger = logger ?? new DiagnosticsLoggerFactory().CreateDefaultLogger(); _contextFactory = contextFactory; _evaluator = evaluator; }
/// <summary> /// Initializes new instance of middleware. /// </summary> /// <param name="next">The next delegate in the pipeline.</param> /// <param name="policyProvider">The service which can provide an <see cref="AuthorizationPolicy" />.</param> /// <param name="serverSentEventsService">The service which provides operations over Server-Sent Events protocol.</param> /// <param name="serverSentEventsOptions"></param> public ServerSentEventsMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider, TServerSentEventsService serverSentEventsService, IOptions <ServerSentEventsOptions> serverSentEventsOptions) { _next = next ?? throw new ArgumentNullException(nameof(next)); _policyProvider = policyProvider ?? throw new ArgumentNullException(nameof(policyProvider)); _serverSentEventsService = serverSentEventsService ?? throw new ArgumentNullException(nameof(serverSentEventsService)); _serverSentEventsOptions = serverSentEventsOptions?.Value ?? throw new ArgumentNullException(nameof(serverSentEventsOptions)); }
/// <summary> /// Creates a new instance of <see cref="DefaultAuthorizationService"/>. /// </summary> /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param> /// <param name="contextFactory">The <see cref="IAuthorizationContextFactory"/> used to initialize the <see cref="AuthorizationContext"/> used by <see cref="IAuthorizationHandler"/>.</param> /// <param name="evaluator">The <see cref="IAuthorizationContextEvaluator"/> used to determine if authorzation was successful.</param> /// <param name="handlers">The <see cref="IAuthorizationHandler"/> used to handle policies' requirements.</param> public DefaultAuthorizationService( IAuthorizationPolicyProvider policyProvider, IAuthorizationContextFactory contextFactory, IAuthorizationContextEvaluator evaluator, IEnumerable <IAuthorizationHandler> handlers) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (contextFactory == null) { throw new ArgumentNullException(nameof(contextFactory)); } if (handlers == null) { throw new ArgumentNullException(nameof(handlers)); } if (evaluator == null) { throw new ArgumentNullException(nameof(evaluator)); } _policyProvider = policyProvider; _handlers = handlers; _contextFactory = contextFactory; _evaluator = evaluator; }
/// <summary> /// Creates a new instance of <see cref="DefaultAuthorizationService"/>. /// </summary> /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param> /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param> /// <param name="logger">The logger used to log messages, warnings and errors.</param> /// <param name="contextFactory">The <see cref="IAuthorizationHandlerContextFactory"/> used to create the context to handle the authorization.</param> /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param> /// <param name="options">The <see cref="AuthorizationOptions"/> used.</param> public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IAuthorizationHandlerProvider handlers, ILogger <DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions <AuthorizationOptions> options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (handlers == null) { throw new ArgumentNullException(nameof(handlers)); } if (logger == null) { throw new ArgumentNullException(nameof(logger)); } if (contextFactory == null) { throw new ArgumentNullException(nameof(contextFactory)); } if (evaluator == null) { throw new ArgumentNullException(nameof(evaluator)); } _options = options.Value; _handlers = handlers; _policyProvider = policyProvider; _logger = logger; _evaluator = evaluator; _contextFactory = contextFactory; }
public RouteValidator(ITransformBuilder transformBuilder, IAuthorizationPolicyProvider authorizationPolicyProvider, ICorsPolicyProvider corsPolicyProvider, ILogger <RouteValidator> logger) { _transformBuilder = transformBuilder ?? throw new ArgumentNullException(nameof(transformBuilder)); _authorizationPolicyProvider = authorizationPolicyProvider ?? throw new ArgumentNullException(nameof(authorizationPolicyProvider)); _corsPolicyProvider = corsPolicyProvider ?? throw new ArgumentNullException(nameof(corsPolicyProvider)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
/// <param name="authorizationService">Service that authorizes each method for use if configured</param> /// <param name="policyProvider">Provides authorization policies for the authroziation service</param> /// <param name="logger">Optional logger for logging Rpc invocation</param> /// <param name="serverConfig">Configuration data for the server</param> public DefaultRpcInvoker(IAuthorizationService authorizationService, IAuthorizationPolicyProvider policyProvider, ILogger<DefaultRpcInvoker> logger, IOptions<RpcServerConfiguration> serverConfig) { this.authorizationService = authorizationService; this.policyProvider = policyProvider; this.logger = logger; this.serverConfig = serverConfig; }
public AuthorizationPageApplicationModelProvider( IAuthorizationPolicyProvider policyProvider, IOptions <MvcOptions> mvcOptions) { _policyProvider = policyProvider; _mvcOptions = mvcOptions.Value; }
public MethodInvocationAuthorizationService( IAuthorizationPolicyProvider authorizationPolicyProvider, IAuthorizationService abpAuthorizationService) { _authorizationPolicyProvider = authorizationPolicyProvider; _abpAuthorizationService = abpAuthorizationService; }
/// <param name="authorizationService">Service that authorizes each method for use if configured</param> /// <param name="policyProvider">Provides authorization policies for the authroziation service</param> /// <param name="logger">Optional logger for logging Rpc invocation</param> /// <param name="serverConfig">Configuration data for the server</param> public DefaultRpcInvoker(IAuthorizationService authorizationService, IAuthorizationPolicyProvider policyProvider, ILogger <DefaultRpcInvoker> logger, IOptions <RpcServerConfiguration> serverConfig) { this.authorizationService = authorizationService; this.policyProvider = policyProvider; this.logger = logger; this.serverConfig = serverConfig; }
public OscriptApplicationModelProvider(ApplicationInstance appObject, IApplicationRuntime framework, IFileProvider sourceProvider, IAuthorizationPolicyProvider authPolicyProvider, ILoggerFactory loggerFactory) : this(appObject, framework, sourceProvider, authPolicyProvider) { _logger = loggerFactory.CreateLogger(GetType()); }
public DefaultQxService(QxOptions options, IAuthorizationService authorizationService, IAuthorizationPolicyProvider authorizationPolicyProvider) { _verifier = Verification.Combine( FeaturesVerification.Create(options.AllowedFeatures), MembersVerification.Create(MembersVerification.CreateDeclaredMembersVerifier(options.AllowedMembers))); _authorizationService = authorizationService; _authorizationPolicyProvider = authorizationPolicyProvider; }
public Authorizer(TService service, IAuthorizationPolicyProvider policyProvider, IAuthorizationService authorizationService, IUserProvider userProvider) { ServiceType = service.GetType(); PolicyProvider = policyProvider ?? throw new ArgumentNullException(nameof(policyProvider)); AuthorizationService = authorizationService ?? throw new ArgumentNullException(nameof(authorizationService)); _userProvider = userProvider ?? throw new ArgumentNullException(nameof(userProvider), ErrorStrings.ERR_NO_USER); _serviceAuthorization = new Lazy <IEnumerable <IAuthorizeData> >(() => ServiceType.GetTypeAuthorization(), true); }
public AuthorizationFilter( IAuthorizationPolicyProvider policyProvider, IPolicyEvaluator policyEvaluator ) { _policyProvider = policyProvider; _policyEvaluator = policyEvaluator; }
public CoreAuthorizeFilter(IAuthorizationDataProvider authorizationDataProvider, IAuthorizer authorizer, IAuthorizationPolicyProvider policyProvider) { _authorizationDataProvider = authorizationDataProvider; BaseAuthorizor = authorizer; _authorizationPolicyProvider = policyProvider; BaseAuthorizationPolicy = ConstructBaseAuthorizationPolicy(); }
public AuthorizationPolicyTagHelper( IAuthorizationPolicyProvider policyProvider, IPolicyEvaluator policyEvaluator, IHttpContextAccessor httpContextAccessor) { this.policyProvider = policyProvider; this.policyEvaluator = policyEvaluator; this.httpContextAccessor = httpContextAccessor; }
private static async Task <bool> AuthorizeWithPolicyAsync( IDirectiveContext context, AuthorizeDirective directive, ClaimsPrincipal principal) { IServiceProvider services = context.Service <IServiceProvider>(); IAuthorizationService authorizeService = services.GetService <IAuthorizationService>(); IAuthorizationPolicyProvider policyProvider = services.GetService <IAuthorizationPolicyProvider>(); if (authorizeService == null || policyProvider == null) { return(string.IsNullOrWhiteSpace(directive.Policy)); } AuthorizationPolicy policy = null; if (directive.Roles.Count == 0 && string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetDefaultPolicyAsync() .ConfigureAwait(false); if (policy == null) { context.Result = QueryError.CreateFieldError( "The default authorization policy does not exist.", context.FieldSelection); } } else if (!string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetPolicyAsync(directive.Policy) .ConfigureAwait(false); if (policy == null) { context.Result = QueryError.CreateFieldError( $"The `{directive.Policy}` authorization policy " + "does not exist.", context.FieldSelection); } } if (context.Result == null && policy != null) { AuthorizationResult result = await authorizeService.AuthorizeAsync(principal, policy) .ConfigureAwait(false); return(result.Succeeded); } return(false); }
/// <param name="authorizationService">Service that authorizes each method for use if configured</param> /// <param name="policyProvider">Provides authorization policies for the authroziation service</param> /// <param name="logger">Optional logger for logging Rpc invocation</param> /// <param name="serverConfig">Configuration data for the server</param> public DefaultRpcInvoker(IAuthorizationService authorizationService, IAuthorizationPolicyProvider policyProvider, ILogger <DefaultRpcInvoker> logger, IOptions <RpcServerConfiguration> serverConfig) { this.authorizationService = authorizationService; this.policyProvider = policyProvider; this.logger = logger; this.serverConfig = serverConfig; this.convertSnakeCaseToCamelCase = this.serverConfig.Value?.ConvertSnakeCaseToCamelCaseInRequest == true; }
public MvcAuthorizeFilter(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) : this(authorizeData) { if (policyProvider == null) { throw new ArgumentNullException("policyProvider"); } PolicyProvider = policyProvider; }
/// <summary> /// Initializes a new instance of the <see cref="AuthorizationFacade"/> class. /// </summary> /// <param name="policyProvider">Policy provider that holds all needed policies.</param> /// <param name="authorizationService">Service that executes checks if a <see cref="ClaimsPrincipal"/> has needed permission.</param> /// <param name="logger">Logger used in this type.</param> public AuthorizationFacade( IAuthorizationPolicyProvider policyProvider, IAuthorizationService authorizationService, ILogger <AuthorizationFacade> logger) { this.policyProvider = policyProvider; this.authorizationService = authorizationService; this.logger = logger; }
public WebJobsAuthorizeFilter( IAuthenticationSchemeProvider schemeProvider, IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) : this(authorizeData) { this.SchemeProvider = schemeProvider; this.PolicyProvider = policyProvider; }
/// <summary> /// Invokes the authorization filters for the controller action. /// </summary> /// <returns>Whether the user is authenticated or not.</returns> internal static async Task <bool> InvokeAuthorizationFiltersForRequest(this ControllerContext controllerContext, ActionContext actionContext) { ControllerActionDescriptor actionDescriptor = controllerContext.ActionDescriptor; var metadataCollection = new EndpointMetadataCollection(actionDescriptor.EndpointMetadata.Union(new[] { actionDescriptor })); IReadOnlyList <IAuthorizeData> authorizeData = metadataCollection.GetOrderedMetadata <IAuthorizeData>(); IAuthorizationPolicyProvider policyProvider = controllerContext.HttpContext.RequestServices .GetRequiredService <IAuthorizationPolicyProvider>(); AuthorizationPolicy?policy = await AuthorizationPolicy.CombineAsync(policyProvider, authorizeData); if (policy is not null) { IPolicyEvaluator policyEvaluator = controllerContext.HttpContext.RequestServices.GetRequiredService <IPolicyEvaluator>(); AuthenticateResult authenticateResult = await policyEvaluator.AuthenticateAsync(policy, controllerContext.HttpContext); if (!authenticateResult.Succeeded) { return(false); } // TODO this is super hacky, but we rely on the FeatureAuthorizeHandler can still handle endpoints // (The way before .NET 5). The .NET 5 way would need to use han http context, for the "inner" request // with the nested controller var resource = new Endpoint(null, metadataCollection, null); PolicyAuthorizationResult authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, controllerContext.HttpContext, resource); if (!authorizeResult.Succeeded) { return(false); } } IList <FilterDescriptor> filters = actionDescriptor.FilterDescriptors; var filterGrouping = new FilterGrouping(filters, controllerContext.HttpContext.RequestServices); // because the continuation gets built from the inside out we need to reverse the filter list // so that least specific filters (Global) get run first and the most specific filters (Action) get run last. var authorizationFilters = filterGrouping.AuthorizationFilters.Reverse().ToList(); var asyncAuthorizationFilters = filterGrouping.AsyncAuthorizationFilters.Reverse().ToList(); if (authorizationFilters.Count == 0 && asyncAuthorizationFilters.Count == 0) { return(true); } // if the authorization filter returns a result, it means it failed to authorize var authorizationFilterContext = new AuthorizationFilterContext(actionContext, filters.Select(x => x.Filter).ToArray()); return(await ExecuteAuthorizationFiltersAsync(authorizationFilterContext, authorizationFilters, asyncAuthorizationFilters)); }
/// <summary> /// Constructs the default auth provider. /// </summary> /// <param name="provider"> /// The <see cref="IAuthorizationPolicyProvider"/> to check authorization to specified methods and classes. /// </param> public AuthProvider(IAuthorizationPolicyProvider provider) { if (provider == null) { throw new ArgumentNullException(nameof(provider)); } _policyProvider = provider; _cachedAuthAttributes = new ConcurrentDictionary <string, IEnumerable <object> >(); }
/// <summary> /// Initializes a new instance of <see cref="AuthorizationMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the application middleware pipeline.</param> /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/>.</param> /// <param name="services">The <see cref="IServiceProvider"/>.</param> public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider, IServiceProvider services) : this(next, policyProvider) { ArgumentNullException.ThrowIfNull(services); if (_policyProvider.CanCachePolicy) { _policyCache = services.GetService <AuthorizationPolicyCache>(); _canCache = _policyCache != null; } }
public DefaultAuthorizationHandler(ILogger <DefaultAuthorizationHandler> logger, IAuthorizationPolicyProvider policyProvider, IAuthorizationService authorizationService, IHttpContextAccessor httpContextAccessor) { this.logger = logger; this.policyProvider = policyProvider; this.authorizationService = authorizationService; this.httpContextAccessor = httpContextAccessor; }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in authorizeData.OfType <AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } return(any ? policyBuilder.Build() : null); }
/// <summary> /// handle per tenant authorization /// </summary> /// <param name="context"></param> /// <param name="policyProvider"></param> public async Task Invoke(HttpContext context, IAuthorizationPolicyProvider policyProvider) { Ensure.Argument.NotNull(context); Ensure.Argument.NotNull(policyProvider); var endpoint = context.Features.Get <IEndpointFeature>()?.Endpoint; var policyProvider_ = policyProvider; if (endpoint != null) { // EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint. // The Authorization middleware can only make this claim if it observes an actual endpoint. context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = AuthorizationMiddlewareWithEndpointInvokedValue; } // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter var authorizeData = GetAuthorizeData(endpoint); var policy = await AuthorizationPolicy.CombineAsync(policyProvider_, authorizeData); if (policy == null) { await _next(context); return; } // Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor var policyEvaluator = context.RequestServices.GetRequiredService <IPolicyEvaluator>(); var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context); // Allow Anonymous skips all authorization if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null) { await _next(context); return; } object resource; if (AppContext.TryGetSwitch(SuppressUseHttpContextAsAuthorizationResource, out var useEndpointAsResource) && useEndpointAsResource) { resource = endpoint; } else { resource = context; } var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource); var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService <IAuthorizationMiddlewareResultHandler>(); await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult); }
public HackSystemAuthorizationService( IAuthorizationPolicyProvider policyProvider, IAuthorizationHandlerProvider handlers, ILogger <DefaultAuthorizationService> logger, IAuthorizationHandlerContextFactory contextFactory, IAuthorizationEvaluator evaluator, IOptions <AuthorizationOptions> options) : base(policyProvider, handlers, logger, contextFactory, evaluator, options) { this.logger = logger; }
/// <summary> /// Initialize a new <see cref="AuthorizeFilter"/> instance. /// </summary> /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> to use to resolve policy names.</param> /// <param name="authorizeData">The <see cref="IAuthorizeData"/> to combine into an <see cref="IAuthorizeData"/>.</param> public AuthorizeFilter(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } PolicyProvider = policyProvider; AuthorizeData = authorizeData; }
public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (handlers == null) { throw new ArgumentNullException(nameof(handlers)); } if (logger == null) { throw new ArgumentNullException(nameof(logger)); } _handlers = handlers.ToArray(); _policyProvider = policyProvider; _logger = logger; }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in authorizeData.OfType<AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } return any ? policyBuilder.Build() : null; }
public AuthorizationApplicationModelProvider(IAuthorizationPolicyProvider policyProvider) { _policyProvider = policyProvider; }