ThrowIfInvalid() публичный статический Метод

public static ThrowIfInvalid ( ActiveDirectoryAuthorizationOptions opts ) : void
opts ActiveDirectoryAuthorizationOptions
Результат void
Документация по классу Config
Пример #1
0
        static IServiceCollection ConfigureAuthorizationOptions(this IServiceCollection services, IConfiguration config)
        {
            var sp             = services.BuildServiceProvider();
            var log            = sp.GetRequiredService <ILogger <Startup> >();
            var authentication = sp.GetRequiredService <IOptions <AuthenticationOptions> >().Value;
            var authorization  = new AuthorizationOptions().WithMechanism(config.GetValue <string>(Config.Authorization.Mechanism));

            services.Configure <AuthorizationOptions>(opts =>
            {
                opts.Mechanism = authorization.Mechanism;
            });

            switch (authorization.Mechanism)
            {
            case AuthorizationMechanism.Unsecured:
                if (!authentication.IsUnsecured)
                {
                    throw new LeafConfigurationException($"{AuthorizationOptions.Unsecured} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Unsecured}");
                }
                log.LogCritical("UNSECURED authorization detected, Leaf is not secured by authorization!");
                ThrowInvalidUnsecuredEnvironment();
                break;

            case AuthorizationMechanism.Saml2:
                if (!authentication.IsSaml2)
                {
                    throw new LeafConfigurationException($"{AuthorizationOptions.Saml2} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Saml2}");
                }

                if (!config.TryBind <SAML2AuthorizationOptions>(Config.Authorization.Saml2, out var saml2))
                {
                    throw new LeafConfigurationException($"SAML2 authorization mechanism is missing a complete SAML2 configuration object");
                }
                Config.ThrowIfInvalid(saml2);

                services.Configure <SAML2AuthorizationOptions>(opts =>
                {
                    opts.RolesMapping   = saml2.RolesMapping;
                    opts.HeadersMapping = saml2.HeadersMapping;
                });
                break;

            case AuthorizationMechanism.ActiveDirectory:
                if (authentication.IsUnsecured)
                {
                    throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is not compatible with Unsecured authentication");
                }
                if (!config.TryBind <ActiveDirectoryAuthorizationOptions>(Config.Authorization.ActiveDirectory, out var ad))
                {
                    throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is missing an ActiveDirectory configuration section");
                }
                Config.ThrowIfInvalid(ad);

                services.Configure <ActiveDirectoryAuthorizationOptions>(opts =>
                {
                    opts.DomainConnection = ad.DomainConnection;
                    opts.RolesMapping     = ad.RolesMapping;
                });
                break;
            }

            return(services);
        }