/// <summary> /// Extension method to register the authorization policies. /// </summary> /// <param name="services">IServiceCollection instance.</param> private static void RegisterAuthorizationPolicy(IServiceCollection services) { services.AddAuthorization(options => { var mustContainValidUserRequirement = new MustBeTeamMemberRequirement(); options.AddPolicy( PolicyNames.MustBePartOfTeamPolicy, policyBuilder => policyBuilder.AddRequirements(mustContainValidUserRequirement)); }); services.AddSingleton <IAuthorizationHandler, MustBePartOfTeamHandler>(); }
private static void RegisterAuthorizationPolicy(IServiceCollection services) { services.AddAuthorization(options => { var mustContainAdminTeamClaimRequirement = new MustBeAdminTeamMemberRequirement(); var mustBeTeamOwnerOrAdminUserClaimRequirement = new MustBeTeamOwnerOrAdminUserHandlerRequirement(); var mustBeTeamMemberClaimRequirement = new MustBeTeamMemberRequirement(); options.AddPolicy( PolicyNames.MustBeAdminTeamMemberPolicy, policyBuilder => policyBuilder .AddRequirements(mustContainAdminTeamClaimRequirement) .RequireAuthenticatedUser() .Build()); options.AddPolicy( PolicyNames.MSGraphGroupDataPolicy, policyBuilder => policyBuilder .AddRequirements(new MSGraphScopeRequirement(new string[] { Common.Constants.ScopeGroupReadAll })) .RequireAuthenticatedUser() .Build()); options.AddPolicy( PolicyNames.MustBeTeamOwnerOrAdminUserPolicy, policyBuilder => policyBuilder .AddRequirements(mustBeTeamOwnerOrAdminUserClaimRequirement) .RequireAuthenticatedUser() .Build()); options.AddPolicy( PolicyNames.MustBeTeamMemberPolicy, policyBuilder => policyBuilder .AddRequirements(mustBeTeamMemberClaimRequirement) .RequireAuthenticatedUser() .Build()); }); services.AddTransient <IAuthorizationHandler, MustBeAdminTeamMemberHandler>(); services.AddTransient <IAuthorizationHandler, MSGraphScopeHandler>(); services.AddTransient <IAuthorizationHandler, MustBeTeamOwnerOrAdminUserHandler>(); services.AddTransient <IAuthorizationHandler, MustBeTeamMemberHandler>(); }