public async Task EnsureAuthorizedUserAsync(OperationAuthorizationRequirement operation, IEntity entity) { if (!await IsUserAuthorizedAsync(operation, entity)) { throw new UnauthorizedAccessException(); } }
protected override Task HandleRequirementAsync (AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, IEnumerable <BaseEntity> resource) { bool permission = true; if (context.User == null || resource == null) { return(Task.CompletedTask); } var userId = context.User.Claims.FirstOrDefault(c => c.Type == "UserId"); foreach (var e in resource) { if (e.OwnerId.ToString() != userId.Value) { permission = false; } } if (permission) { context.Succeed(requirement); } return(Task.CompletedTask); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, IEnumerable <ExpenseDto> resourceDto) { bool permission = true; if (context.User == null || resourceDto == null) { return; } var resource = _repository.Where(r => resourceDto.Any(dto => dto.Id == r.Id)); var userId = context.User.Claims.FirstOrDefault(c => c.Type == "UserId"); foreach (var e in resource) { if (e.OwnerId.ToString() != userId.Value) { permission = false; } } if (permission) { context.Succeed(requirement); } }
public static bool IsCrudOperationRequirement(this OperationAuthorizationRequirement requirement) { return (requirement is CreateOperationAuthorizationRequirement || requirement is ReadOperationAuthorizationRequirement || requirement is UpdateOperationAuthorizationRequirement || requirement is DeleteOperationAuthorizationRequirement); }
protected virtual async Task SetSucceedIfUserIsManagerAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement) { if (await _permissionChecker.IsGrantedAsync(FileManagementPermissions.File.Manage)) { context.Succeed(requirement); } }
protected async Task AuthorizeWithException <TCustom>(OperationAuthorizationRequirement requirement, TCustom finalValue) where TCustom : class { if (!await Authorize(requirement, finalValue)) { string message = $"{finalValue} {requirement.Name} authorization failure"; _logger.Trace(message); throw new AuthorizationException(message); } }
public async Task <IActionResult> Open() { var requirement = new OperationAuthorizationRequirement { Name = CookieJarOperations.Open }; await _authrozationService.AuthorizeAsync(User, null, requirement); return(View()); }
public async Task <bool> IsAuthorized(object resource, string requirementName) { OperationAuthorizationRequirement authorizationRequirement = new OperationAuthorizationRequirement() { Name = requirementName }; var authorized = await _authorizationService.AuthorizeAsync(_httpContextAccesor.HttpContext.User, resource, authorizationRequirement); return(authorized.Succeeded); }
protected virtual async Task BasicCheckAsync(string permissionName, AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, FileOperationInfoModel resource) { await SetFailIfUserDoesNotHavePermissionAsync(permissionName, context); await SetSucceedIfUserIsManagerAsync(context, requirement); var configuration = _configurationProvider.Get(resource.FileContainerName); await SetFailIfUserIsNotPersonalContainerOwnerAsync(configuration, context, resource); }
public async Task <IActionResult> Open() { var cookieJar = new CookieJar(); var requirement = new OperationAuthorizationRequirement() { Name = CookieJarOperations.Open }; await _authorizationService.AuthorizeAsync(User, cookieJar, CookieJarAuthOperations.Open); return(View()); }
public async Task <bool> IsUserAuthorizedAsync(OperationAuthorizationRequirement operation, IEntity entity) { var authorizationService = _serviceProvider.GetService <IAuthorizationService>(); var authorizationChallenge = await authorizationService.AuthorizeAsync( _httpContextAccessor.HttpContext.User, entity, operation); return(authorizationChallenge.Succeeded); }
public async Task <IActionResult> Open() { var cookieJar = new CookieJar();//get Cookie jar from db var requirement = new OperationAuthorizationRequirement() { Name = CookieJarOperations.ComeNear }; var result = await authorization.AuthorizeAsync(User, cookieJar, requirement); return(View("Index")); }
protected bool CheckAuth(OperationAuthorizationRequirement req) { var user = _userManager.GetUserAsync(User).Result; var checkModel = new AuthCheckModel { ResourceName = AuthControllerName.IsEmpty() ? GetType().Name : AuthControllerName, Roles = _userManager.GetRolesAsync(user).Result.ToList() }; var authorizationResult = _authorizationService.AuthorizeAsync(User, checkModel, req).Result; return(authorizationResult.Succeeded); }
private async Task EnsureAuthorizedUserAsync(OperationAuthorizationRequirement operation, IEntity entity) { var authorizationChallenge = await _authorizationService.AuthorizeAsync( _httpContextAccessor.HttpContext.User, entity, operation); if (!authorizationChallenge.Succeeded) { throw new UnauthorizedAccessException(); } }
public async Task <bool> AuthorizeAsync <T>(ClaimsPrincipal claimsPrincipal, OperationAuthorizationRequirement authorizationRequirement, T finalValue, bool throwException) where T : class { var result = await _authorizationService.AuthorizeAsync(claimsPrincipal, finalValue, authorizationRequirement); if (throwException && !result.Succeeded) { string message = $"{finalValue} {authorizationRequirement.Name} authorization failure"; _logger.Trace(message); throw new AuthorizationException(message); } return(result.Succeeded); }
public async Task <bool> IsUserAuthorizedAsync(OperationAuthorizationRequirement operation, IEntity entity) { var authorizationService = _serviceProvider.GetService <IAuthorizationService>(); var state = await _authenticationStateProvider.GetAuthenticationStateAsync(); var user = state.User; var authorizationChallenge = await authorizationService.AuthorizeAsync(user, entity, operation); return(authorizationChallenge.Succeeded); }
private async Task <bool> CheckIfUserAuthorizedForNotification( Comment comment, OperationAuthorizationRequirement requirement) { var isAuthorized = await _authorizationService .AuthorizeAsync(User, comment, requirement); if (!isAuthorized.Succeeded) { return(false); } return(true); }
public async Task <bool> IsUserAuthorizedAsync(OperationAuthorizationRequirement operation, IEntity entity) { var user = _userResolver.GetUser(); if (user == null) { return(false); } var authorizationChallenge = await _authorizationService.AuthorizeAsync(user, entity, operation); return(authorizationChallenge.Succeeded); }
public static RedisPubSubOperation ToRedisOperation( this OperationAuthorizationRequirement redisPubSubOperationRequirement) { switch (redisPubSubOperationRequirement.Name) { case "Subscribe": return(RedisPubSubOperation.Subscribe); case "Unsubscribe": return(RedisPubSubOperation.Unsubscribe); case "Publish": return(RedisPubSubOperation.Publish); } throw new ArgumentException("Invalid redis requirement name."); }
private async Task <bool> CheckIfUserAuthorizedForOperation( ClaimsPrincipal principalUser, OwnerResource resource, OperationAuthorizationRequirement requirement) { var isAuthorized = await _customAuthorizationService .AuthorizeAsync(principalUser, resource, requirement); if (!isAuthorized.Succeeded) { return(false); } return(true); }
//we pass the resource which like password or something else with pass the authorization operation //with the user and we can then apply authorization operation to check if with these three params //if he authorized or not //three params: //1-User //2-Resources //3-requirement : claims public async Task <IActionResult> Open() { var cookieJar = new CookieJar(); //get cookie jar from db //we assign requirement in this way var requirement = new OperationAuthorizationRequirement() { Name = CookieJarOperations.Open }; await _authorizationService.AuthorizeAsync(User, cookieJar, requirement); //or with shorter way await _authorizationService.AuthorizeAsync(User, cookieJar, CookieJarAuthOperations.Open); return(View()); }
public async Task <IActionResult> Open() { var cookieJar = new CookieJar(); //may from db var requirement = new OperationAuthorizationRequirement() { Name = CookieJarOperations.Open }; var result = await _authorizationService.AuthorizeAsync(User, cookieJar, requirement); if (result.Succeeded) { return(View()); } return(RedirectToAction("Index")); }
public async Task <IActionResult> Get(string operation) { var document = new Document() { Author = "zhang", Secret = "secret", }; var requirement = new OperationAuthorizationRequirement { Name = operation, }; var authorizationResult = await _authorizationService .AuthorizeAsync(User, document, requirement); return(Ok(authorizationResult)); }
public async Task <IActionResult> getreource() { string filename = Path.Combine(_hostEnvironment.WebRootPath, "resource.txt"); string text = System.IO.File.ReadAllText(filename); var opt = new OperationAuthorizationRequirement { Name = ResourceOpt.insert }; var result = await _authorizationService.AuthorizeAsync(User, text, opt); if (result.Succeeded) { return(Json(text)); } return(Json("you are forbidden")); }
private void SignUserIn(User user, string provider, HttpContext httpContext) { // Using Cookie Authentication without ASP.NET Core Identity // https://docs.microsoft.com/en-us/aspnet/core/security/authorization/ // https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x // Todo: // * Is it okay to create an empty principal in this simple case // * Is this simple policy okay, create as constant in class perhaps var principal = CreatePrincipal(user, provider); var policy = new OperationAuthorizationRequirement { Name = "All" }; // https://stackoverflow.com/questions/46057109/why-doesnt-my-cookie-authentication-work-in-asp-net-core httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal); }
protected override async Task <bool> ValidateRightsOnEntityPropertiesAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, T entity) { if (base.IsContentAdministrator(context.User)) { return(true); } bool result = false; int storeId = await GetStoreIdAsync(entity); if (context.User.HasClaim(CustomClaimTypes.StoreAdministrator, storeId.ToString())) { result = true; } return(result); }
protected override async Task HandleRequirementAsync( AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, T resource) { if (context.User == null) { return; } // Administrators can do anything. var userIdentity = await _userManager.GetUserAsync(context.User); if (userIdentity != null && await _userManager.IsInRoleAsync(userIdentity, Constants.AdministratorsRole)) { context.Succeed(requirement); } }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, IEnumerable <ExpenseDto> resource) { if (context.User == null || resource == null) { return(Task.CompletedTask); } var roles = context.User.Claims.Where(c => c.Type == "Role"); var role = roles.FirstOrDefault(r => r.Value == "admin"); if (role != null) { context.Succeed(requirement); } return(Task.CompletedTask); }
public async Task <IActionResult> Open() { //create new requirement that will get handled by the handler which is injected by the middleware var cookieJar = new CookieJar { Name = "SomeName" }; //this resource could be retrieve from the DB //what operation the user is trying to perform on the resource var requirement = new OperationAuthorizationRequirement() { Name = CookieJarOperations.Open }; var result = await _authService.AuthorizeAsync(User, cookieJar, requirement); if (!result.Succeeded) { return(RedirectToAction("Index")); } return(View()); }
public void Handle_WhenCalledWithIllegalUser_ShouldNotSucceed() { var resource = new Document() { Name = "Homer's document", Owner = "homer.simpson" }; var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> { new Claim(ClaimTypes.Name, "ned.flanders") })); var requirement = new OperationAuthorizationRequirement { Name = "Read" }; var authzContext = new AuthorizationContext(new List <IAuthorizationRequirement> { requirement }, user, resource); var authzHandler = new CustomAuthorizationHandler(); authzHandler.Handle(authzContext); Assert.False(authzContext.HasSucceeded); }
internal new void Handle(AuthorizationContext context, OperationAuthorizationRequirement operation, Survey resource) { base.Handle(context, operation, resource); }