// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.SignInScheme = "Cookies";
options.SignOutScheme = "OpenIdConnect";
options.Authority = stsServer;
options.RequireHttpsMetadata = true;
options.ClientId = "hybridclient";
options.ClientSecret = "hybrid_flow_secret";
options.ResponseType = "code id_token";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("scope_used_for_hybrid_flow");
options.Scope.Add("profile");
options.Scope.Add("offline_access");
options.SaveTokens = true;
// Set the correct name claim type
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
});
services.AddSingleton <IAppAuthorizationService, AppAuthorizationService.AppAuthorizationService>();
services.AddSingleton <IAuthorizationHandler, BobIsAnAdmin>();
services.AddTransient <IAuthorizationHandler, IsAdminHandlerWithAge>();
services.AddSingleton <IAuthorizationHandler, IsAdminHandler>();
services.AddAuthorization(options =>
{
options.AddPolicy("RequireWindowsProviderPolicy", MyPolicies.GetRequireWindowsProviderPolicy());
options.AddPolicy("IsAdminRequirementPolicy", policyIsAdminRequirement =>
{
policyIsAdminRequirement.Requirements.Add(new IsAdminRequirement());
});
});
services.AddControllersWithViews()
.AddNewtonsoftJson()
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
}
protected async Task <ActionResult <T> > TryExecute <T, TR>(MyPolicies policy, TR resource, Func <Task <T> > onSuccess)
{
var authorizationResult = await AuthorizationService.AuthorizeAsync(User, resource, policy.ToString());
if (authorizationResult.Succeeded)
{
return(await onSuccess());
}
return(new ForbidResult());
}
public MyAuthorizeAttribute(MyPolicies policy)
{
Policy = policy.ToString();
}
