public void GetEntitlement_Single_Should_Return_Entitlement_Ok() { var headerDigestion = new HeaderDigestionOptions { Name = "iam-groups", Delimiter = ";" }; var roleMapping = new RolesMappingOptions { User = "******", Super = "leaf_supers", Identified = "leaf_phi", Admin = "leaf_admin" }; var opts = GetAuthOptions(headerDigestion, roleMapping); var eProvider = new SAML2EntitlementProvider(opts, Options.Create(new AuthorizationOptions())); var ctx = HttpHelper.GetHttpContext(("iam-groups", "leaf_users")); var identity = GetUserContext("*****@*****.**"); var entitlement = eProvider.GetEntitlement(ctx, identity); Assert.True(entitlement.Mask.HasFlag(RoleMask.User)); Assert.False(entitlement.Mask.HasFlag(RoleMask.Admin)); Assert.False(entitlement.Mask.HasFlag(RoleMask.Super)); Assert.False(entitlement.Mask.HasFlag(RoleMask.Identified)); }
public ActiveDirectoryEntitlementProvider( IOptions <ActiveDirectoryAuthorizationOptions> authOpts, IMembershipProvider membershipProvider ) { roles = authOpts.Value.RolesMapping; mProvider = membershipProvider; }
public void GetEntitlement_Should_Throw_If_Header_Not_Found() { var headerDigestion = new HeaderDigestionOptions { Name = "iam-group", Delimiter = ";" }; var roleMapping = new RolesMappingOptions { User = "******", Super = "leaf_supers", Identified = "leaf_phi", Admin = "leaf_admin" }; var opts = GetAuthOptions(headerDigestion, roleMapping); var eProvider = new SAML2EntitlementProvider(opts, Options.Create(new AuthorizationOptions())); var ctx = HttpHelper.GetHttpContext(("iam-groups", "leaf_users")); var identity = GetUserContext("*****@*****.**"); Assert.Throws <LeafAuthenticationException>(() => eProvider.GetEntitlement(ctx, identity)); }
static IOptions <SAML2AuthorizationOptions> GetAuthOptions(HeaderDigestionOptions digs, RolesMappingOptions roles) { return(Options.Create(new SAML2AuthorizationOptions { HeadersMapping = new HeadersMappingOptions { Entitlements = digs }, RolesMapping = roles })); }