/// <summary>
        /// Creates a new instance of <see cref="AuthorizationDependencies"/>.
        /// </summary>
        /// <param name="options">The options used to configure the dependencies instance.</param>
        /// <param name="handlers">The <see cref="IAuthorizationHandler"/>s used in creating an <see cref="IAuthorizationDependencies"/> object.</param>
        public static AuthorizationDependencies Create(AuthorizationOptions options, params IAuthorizationHandler[] handlers)
        {
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }
            if (handlers == null)
            {
                throw new ArgumentNullException(nameof(handlers));
            }

            var policyProvider = new DefaultAuthorizationPolicyProvider(options);
            var loggerFactory  = new DiagnosticsLoggerFactory();
            var service        = new DefaultAuthorizationService(
                policyProvider,
                handlers,
                loggerFactory.CreateDefaultLogger(),
                new DefaultAuthorizationHandlerContextFactory(),
                new DefaultAuthorizationEvaluator());

            return(new AuthorizationDependencies()
            {
                LoggerFactory = loggerFactory,
                PolicyProvider = policyProvider,
                Service = service
            });
        }
        public async Task AuthorizeAsyncShouldThrowWhenPolicyIsNotFound()
        {
            var policyProvider = Repository.Create <IAuthorizationPolicyProvider>();

            policyProvider.Setup(x => x.GetPolicyAsync(It.IsAny <string>()))
            .Returns(Task.FromResult <AuthorizationPolicy>(null));
            var service = new DefaultAuthorizationService(policyProvider.Object, Enumerable.Empty <IAuthorizationHandler>());
            await service.AuthorizeAsync(CreateAnonymousUser(), null, "fake policy");
        }
Пример #3
0
        public async Task CanUseDynamicPolicyProvider()
        {
            var authorizationService = new DefaultAuthorizationService(new DynamicPolicyProvider(), Enumerable.Empty <IAuthorizationHandler>());

            var id = new ClaimsIdentity();

            id.AddClaim(new Claim("1", "1"));
            id.AddClaim(new Claim("2", "2"));
            var user = new ClaimsPrincipal(id);

            Assert.IsFalse(await authorizationService.AuthorizeAsync(user, "0"));
            Assert.IsTrue(await authorizationService.AuthorizeAsync(user, "1"));
            Assert.IsTrue(await authorizationService.AuthorizeAsync(user, "2"));
            Assert.IsFalse(await authorizationService.AuthorizeAsync(user, "3"));
        }
        public async Task AuthorizationServiceShouldAddPassThroughIfNotPresent()
        {
            var options        = new AuthorizationOptions();
            var policyProvider = new DefaultAuthorizationPolicyProvider(options);
            var handler        = Repository.Create <IAuthorizationHandler>();

            handler.Setup(x => x.HandleAsync(It.IsAny <AuthorizationHandlerContext>())).Returns(Task.FromResult(0));
            var requirement = handler.As <IAuthorizationRequirement>();
            var service     = new DefaultAuthorizationService(policyProvider, Enumerable.Empty <IAuthorizationHandler>());

            // the next line should cause the requirement to be called as a handler if Passthrough is working
            var authorized = await service.AuthorizeAsync(CreateAnonymousUser(), null, new[] { requirement.Object });

            Assert.IsFalse(authorized, "authorized");
            handler.Verify(x => x.HandleAsync(It.IsAny <AuthorizationHandlerContext>()));
        }
        /// <summary>
        /// Determines if a user is authorized.
        /// </summary>
        /// <param name="controller">The controller from which <see cref="AuthorizationOptions"/> may be obtained.</param>
        /// <param name="user">The user to evaluate the authorize data against.</param>
        /// <param name="authorizeAttribute">The <see cref="IAuthorizeData"/> to evaluate.</param>
        /// <returns>
        /// A flag indicating whether authorization has succeeded.
        /// This value is <value>true</value> when the <paramref name="user"/> fulfills the <paramref name="authorizeAttribute"/>; otherwise <value>false</value>.
        /// </returns>
        /// <remarks>
        /// If <paramref name="controller"/> is not null, it will be used to find <see cref="AuthorizationOptions"/> instead of the current <see cref="IOwinContext"/>.
        /// </remarks>
        public async Task <bool> IsAuthorizedAsync(IAuthorizationController controller, ClaimsPrincipal user, IAuthorizeData authorizeAttribute)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            if (authorizeAttribute == null)
            {
                throw new ArgumentNullException(nameof(authorizeAttribute));
            }

            var options = ResolveAuthorizationOptions(controller);

            if (options == null)
            {
                throw new InvalidOperationException(Resources.Exception_AuthorizationOptionsMustNotBeNull);
            }

            var dependencies = options.Dependencies
                               ?? new AuthorizationDependencies();
            var policyProvider = dependencies.PolicyProvider
                                 ?? new DefaultAuthorizationPolicyProvider(options);
            var authorizationService = dependencies.Service;

            if (authorizationService == null)
            {
                var handlerProvider = new DefaultAuthorizationHandlerProvider(new PassThroughAuthorizationHandler());
                var handlers        = await handlerProvider.GetHandlersAsync();

                var loggerFactory = dependencies.LoggerFactory
                                    ?? new DiagnosticsLoggerFactory();

                authorizationService = new DefaultAuthorizationService(
                    policyProvider,
                    handlers,
                    loggerFactory.CreateDefaultLogger(),
                    new DefaultAuthorizationHandlerContextFactory(),
                    new DefaultAuthorizationEvaluator());
            }

            var policy = await AuthorizationPolicy.CombineAsync(policyProvider, new[] { authorizeAttribute });

            return(await authorizationService.AuthorizeAsync(user, policy));
        }