public AuthorizationApplicationModelProvider(IOptions <AuthorizationOptions> authorizationOptionsAccessor)
 {
     _authorizationOptions = authorizationOptionsAccessor.Value;
 }
 public static void ConfigureAuthorizationPolicies(this AuthorizationOptions options)
 {
     options.AddBSSPolicy(Constants.Auth.CreditorOrginisationType);
     options.AddBSSPolicy(Constants.Auth.MoneyAdviserOrginisationType);
 }
 public AuthorizationPolicies(AuthorizationOptions options)
 {
     _options = options;
 }
 /// <summary>
 /// Gets all policies.
 ///
 /// IMPORTANT NOTE: Use this method carefully.
 /// It relies on reflection to get all policies from a private field of the <paramref name="options"/>.
 /// This method may be removed in the future if internals of <see cref="AuthorizationOptions"/> changes.
 /// </summary>
 /// <param name="options"></param>
 /// <returns></returns>
 public static List <string> GetPoliciesNames(this AuthorizationOptions options)
 {
     return(((IDictionary <string, AuthorizationPolicy>)PolicyMapProperty.GetValue(options)).Keys.ToList());
 }
 public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
 {
 }
示例#6
0
 public static AuthorizationOptions AddAppPolicies(this AuthorizationOptions options, string issuer)
 {
     options.AddPolicy(READ_WEATHER, policy => policy.Requirements.Add(new HasScopeRequirement(READ_WEATHER, issuer)));
     return(options);
 }
示例#7
0
 /// <inheritdoc />
 public void ConfigureAuthorization(AuthorizationOptions options, IConfiguration configuration)
 {
     // Empty
 }
        public static AuthorizationOptions SetupAuthorizationPolicies(this AuthorizationOptions options)
        {
            //https://docs.asp.net/en/latest/security/authorization/policies.html

            // *** comment out default policies which are hard coded in these extension methods, in order to use Dyanamic Authorization Policies managed from the UI
            // *** any policies defined here will not be managed by the UI
            // *** after login see Administrations > Authorization Policies

            //options.AddCloudscribeCoreDefaultPolicies();
            //options.AddCloudscribeLoggingDefaultPolicy();

            //options.AddCloudscribeCoreSimpleContentIntegrationDefaultPolicies();


            //options.AddPolicy(
            //    "FileManagerPolicy",
            //    authBuilder =>
            //    {
            //        authBuilder.RequireRole("Administrators", "Content Administrators");
            //    });

            //options.AddPolicy(
            //    "FileManagerDeletePolicy",
            //    authBuilder =>
            //    {
            //        authBuilder.RequireRole("Administrators", "Content Administrators");
            //    });

            //options.AddPolicy(
            //    "MembershipAdminPolicy",
            //    authBuilder =>
            //    {
            //        authBuilder.RequireRole("Administrators");
            //    });

            //options.AddPolicy(
            //    "MembershipJoinPolicy",
            //    authBuilder =>
            //    {
            //        authBuilder.RequireAuthenticatedUser();
            //    });

            //options.AddPolicy(
            //    "StripeAdminPolicy",
            //    authBuilder =>
            //    {
            //        authBuilder.RequireRole("Administrators");
            //    });


            // policies that are hard coded here will not be managed from the UI and for some policies that is what you want

            //*** best to declare this policy here and not let it be managed from the UI since it
            //    enforces only the root site admins can manage, therefore the policy should never be managed per tenant
            options.AddPolicy(
                "ServerAdminPolicy",
                authBuilder =>
            {
                authBuilder.RequireRole("ServerAdmins");
            });

            // you could comment this out if you want admins from any site to be able
            // to edit globally shared country state data
            // by commenting this out the policy could be managed per tenant from the UI
            // but it is probably best to only let this be managed from the master tenant
            options.AddPolicy(
                "CoreDataPolicy",
                authBuilder =>
            {
                authBuilder.RequireRole("ServerAdmins");
            });

            // probably best and recommended to not let this policy be managed from the UI
            // since this policy controls who can manage policies from the UI
            options.AddPolicy(
                "PolicyManagementPolicy",
                authBuilder =>
            {
                authBuilder.RequireRole("Administrators");
            });


            return(options);
        }
    private static void CreatePolicies(AuthorizationOptions options, string backOfficeAuthenticationScheme)
    {
        options.AddPolicy(AuthorizationPolicies.MediaPermissionByResource, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new MediaPermissionsResourceRequirement());
        });

        options.AddPolicy(AuthorizationPolicies.MediaPermissionPathById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new MediaPermissionsQueryStringRequirement("id"));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionByResource, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsResourceRequirement());
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionEmptyRecycleBin, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(Constants.System.RecycleBinContent,
                                                                                 ActionDelete.ActionLetter));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionAdministrationById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionRights.ActionLetter));
            policy.Requirements.Add(
                new ContentPermissionsQueryStringRequirement(ActionRights.ActionLetter, "contentId"));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionProtectById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionProtect.ActionLetter));
            policy.Requirements.Add(
                new ContentPermissionsQueryStringRequirement(ActionProtect.ActionLetter, "contentId"));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionRollbackById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionRollback.ActionLetter));
            policy.Requirements.Add(
                new ContentPermissionsQueryStringRequirement(ActionRollback.ActionLetter, "contentId"));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionPublishById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionPublish.ActionLetter));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionBrowseById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionBrowse.ActionLetter));
            policy.Requirements.Add(
                new ContentPermissionsQueryStringRequirement(ActionBrowse.ActionLetter, "contentId"));
        });

        options.AddPolicy(AuthorizationPolicies.ContentPermissionDeleteById, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new ContentPermissionsQueryStringRequirement(ActionDelete.ActionLetter));
        });

        options.AddPolicy(AuthorizationPolicies.BackOfficeAccess, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new BackOfficeRequirement());
        });

        options.AddPolicy(AuthorizationPolicies.BackOfficeAccessWithoutApproval, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new BackOfficeRequirement(false));
        });

        options.AddPolicy(AuthorizationPolicies.AdminUserEditsRequireAdmin, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new AdminUsersRequirement());
            policy.Requirements.Add(new AdminUsersRequirement("userIds"));
        });

        options.AddPolicy(AuthorizationPolicies.UserBelongsToUserGroupInRequest, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new UserGroupRequirement());
            policy.Requirements.Add(new UserGroupRequirement("userGroupIds"));
        });

        options.AddPolicy(AuthorizationPolicies.DenyLocalLoginIfConfigured, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new DenyLocalLoginRequirement());
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessContent, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Content));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessContentOrMedia, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(
                new SectionRequirement(Constants.Applications.Content, Constants.Applications.Media));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessUsers, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Users));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessForTinyMce, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(
                                        Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessMedia, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Media));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessMembers, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Members));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessPackages, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Packages));
        });

        options.AddPolicy(AuthorizationPolicies.SectionAccessSettings, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(Constants.Applications.Settings));
        });

        // We will not allow the tree to render unless the user has access to any of the sections that the tree gets rendered
        // this is not ideal but until we change permissions to be tree based (not section) there's not much else we can do here.
        options.AddPolicy(AuthorizationPolicies.SectionAccessForContentTree, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(
                                        Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Users,
                                        Constants.Applications.Settings, Constants.Applications.Packages, Constants.Applications.Members));
        });
        options.AddPolicy(AuthorizationPolicies.SectionAccessForMediaTree, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(
                                        Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Users,
                                        Constants.Applications.Settings, Constants.Applications.Packages, Constants.Applications.Members));
        });
        options.AddPolicy(AuthorizationPolicies.SectionAccessForMemberTree, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(
                                        Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members));
        });

        // Permission is granted to this policy if the user has access to any of these sections: Content, media, settings, developer, members
        options.AddPolicy(AuthorizationPolicies.SectionAccessForDataTypeReading, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new SectionRequirement(
                                        Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
                                        Constants.Applications.Settings, Constants.Applications.Packages));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDocuments, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Content));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessUsers, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Users));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessPartialViews, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.PartialViews));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessPartialViewMacros, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.PartialViewMacros));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessPackages, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Packages));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessLogs, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.LogViewer));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDataTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.DataTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessTemplates, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Templates));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMemberTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessRelationTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.RelationTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDocumentTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.DocumentTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMemberGroups, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberGroups));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMediaTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.MediaTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMacros, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Macros));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessLanguages, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Languages));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDictionary, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Dictionary));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDictionaryOrTemplates, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.Dictionary, Constants.Trees.Templates));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.DocumentTypes, Constants.Trees.Content));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMediaOrMediaTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.MediaTypes, Constants.Trees.Media));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessMembersOrMemberTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.MemberTypes, Constants.Trees.Members));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessAnySchemaTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(Constants.Trees.DataTypes, Constants.Trees.DocumentTypes,
                                                        Constants.Trees.MediaTypes, Constants.Trees.MemberTypes));
        });

        options.AddPolicy(AuthorizationPolicies.TreeAccessAnyContentOrTypes, policy =>
        {
            policy.AuthenticationSchemes.Add(backOfficeAuthenticationScheme);
            policy.Requirements.Add(new TreeRequirement(
                                        Constants.Trees.DocumentTypes, Constants.Trees.Content,
                                        Constants.Trees.MediaTypes, Constants.Trees.Media,
                                        Constants.Trees.MemberTypes, Constants.Trees.Members));
        });
    }
示例#10
0
 public static void AddDefaultBPMNAuthorizationPolicy(this AuthorizationOptions opts)
 {
     opts.AddPolicy("Authenticated", p => p.RequireAuthenticatedUser());
 }
示例#11
0
 public static void UseErikTheCoderPolicies(this AuthorizationOptions AuthorizationOptions)
 {
     AuthorizationOptions.AddPolicy(Policy.Admin, Policy.VerifyAdmin);
     AuthorizationOptions.AddPolicy(Policy.TheBigLebowski, Policy.VerifyTheBigLebowski);
     AuthorizationOptions.AddPolicy(Policy.Everyone, Policy.VerifyEveryone);
 }
 public static void RegisterPolicies(this AuthorizationOptions opt)
 {
     opt.AddPolicy("AdminOnly", policy => policy.RequireRole(Roles.Admin));
 }
示例#13
0
 public TokenHandler(AuthorizationOptions options)
 {
     _options = options;
 }
 public DefaultActionModelBuilder(IOptions <AuthorizationOptions> authorizationOptions)
 {
     _authorizationOptions = authorizationOptions?.Options ?? new AuthorizationOptions();
 }
示例#15
0
        public static AuthorizationOptions LoadPolicies(AuthorizationOptions authorizationOptions)
        {
            #region Qualification-Policy

            authorizationOptions.AddPolicy(
                PolicyNames.CreatePostQualificationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CreatePostQualificationRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.AddPreQualificationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AddPreQualificationRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.QualificationPagingPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new QualificationPagingRequirement());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.PreQualificationApprovalPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PreQualificationApprovalRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.PostQualificationApprovalPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PostQualificationApprovalRequirment());
            });
            authorizationOptions.AddPolicy(
                PolicyNames.SendQualificationForApprovePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SendQualificationForApproveRequirment());
            });
            authorizationOptions.AddPolicy(
                PolicyNames.ApproveQualificationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveQualificationRequirment());
            });
            authorizationOptions.AddPolicy(
                PolicyNames.RejectApproveQualificationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new RejectApproveQualificationRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.ReopenQualificationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ReopenQualificationRequirment());
            });
            authorizationOptions.AddPolicy(
                PolicyNames.SendQualificationForApproveToCommitteeManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SendQualificationForApproveToCommitteeManagerRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.ApproveQualificationFromCommitteeManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveQualificationFromCommitteeManagerRequirment());
            });
            authorizationOptions.AddPolicy(
                PolicyNames.RejectApproveQualificationFromCommitteManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new RejectApproveQualificationFromCommitteManagerRequirment());
            });

            authorizationOptions.AddPolicy(
                PolicyNames.ReopenQualificationFromCommitteeSecrtraryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ReopenQualificationFromCommitteeSecrtraryRequirment());
            });

            #endregion Qualification-Policy
            #region Commmon-Requirements

            authorizationOptions.AddPolicy(
                RoleNames.AdminAndAccountManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AdminAndAccountManagerRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.DataEntry + RoleNames.Auditer,
                policeBuilder =>
            {
                policeBuilder.RequireAuthenticatedUser();
                policeBuilder.AddRequirements(new DataEntryAuditorRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DataEntry,
                policeBuilder =>
            {
                policeBuilder.RequireAuthenticatedUser();
                policeBuilder.RequireClaim("role", RoleNames.DataEntry)
                .AddRequirements(new MonafasatUserGeneralRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.supplier,
                policeBuilder =>
            {
                policeBuilder.RequireAuthenticatedUser();
                policeBuilder.RequireClaim("role", RoleNames.supplier)
                .AddRequirements(new MonafasatUserAddTenderRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.Auditer,
                policeBuilder =>
            {
                policeBuilder.RequireAuthenticatedUser();
                policeBuilder.RequireClaim("role", RoleNames.Auditer);
                policeBuilder.AddRequirements(new MonafasatUserUpdateTenderRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersAttachmentsDetailsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetOfferAttachmentsDetailsRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.GetTendersCheckingStagePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetTendersCheckingStageRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DataEntryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DataEntryRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.AuditerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AuditerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DataEntryAndAuditerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DataEntryAndAuditerRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.GetInvitedUnregisteredSuppliersForInvitationAfterTenderApprovementPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetInvitedUnregisteredSuppliersForInvitationAfterTenderApprovementRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.OffersCheckManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersCheckManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.AwardingInitialApprovalPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AwardingInitialApprovalRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.QualificationSecretaryAndManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new QualificationSecretaryAndManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersCheckSecretaryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersCheckSecretaryRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersOppeningManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersOppeningManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersOppeningSecretaryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersOppeningSecretaryRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersCheckSecretaryAndManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersCheckSecretaryAndManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersOppeningSecretaryAndManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersOppeningSecretaryAndManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.MonafasatAccountManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new MonafasatAccountManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.SupplierPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SupplierRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.AdminAndBlackListCommitteePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AdminAndBlackListCommitteeRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.AdminBlackListAccountManagerAndCustomerServicePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AdminBlackListAccountManagerAndCustomerServiceRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.AdminBlackListAndAccountManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AdminBlackListAndAccountManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.SupplierPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SupplierRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ApplyOffersPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApplayOfferRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OpenOffersReportPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OpenOffersReportRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.SuppliersReportPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SuppliersReportRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.AdminAndDataEntryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AdminAndDataEntryRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.MonafasatAdminPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new MonafasatAdminRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.TechnicalCommitteeUserPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new TechnicalCommitteeRequirement());
            });
            #endregion

            #region Tender-Actions-Requiremnts
            authorizationOptions.AddPolicy(
                RoleNames.GetFinancialYearPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetFinancialYearRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.TenderRevisionsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new TenderRevisionsRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.QualificationExtendDateApprovementPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new QualificationExtendDateApprovementRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.GetRelatedTendersByActivitiesPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetRelatedTendersByActivitiesRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.CountAndCloseAppliedOffersPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CountAndCloseAppliedOffersRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersReportPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OffersReportRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.AwardingReportPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AwardingReportRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OpenTenderDetailsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new OpenTenderDetailsRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.GetFavouriteSuppliersByListIdPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetFavouriteSuppliersByListIdRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.CreateCancelTenderRequestPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CreateCancelTenderRequestRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ApproveOrRejectTenderCancelRequestPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveOrRejectTenderCancelRequestRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.CancelTenderPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CancelTenderRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.SupplierExtendOfferDatesPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SupplierExtendOfferDatesRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ApproveSupplierExtendOfferDatesPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveSupplierExtendOfferDatesRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DetailsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DetailsRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.JoiningRequestDetailsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new JoiningRequestDetailsRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.UpdateInvitationStatusPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UpdateInvitationStatusRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.CreateVerificationCodePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CreateVerificationCodeRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.GetTenderByEnquiryIdPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetTenderByEnquiryIdRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.GetTenderOffersByIdPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetTenderOffersByIdRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DataEntryAndSupplierPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DataEntryAndSupplierRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.DataEntryAndAuditerAndSupplierPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DataEntryAndAuditerAndSupplierRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.IndexPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new IndexRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.EditAddedValuePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new EditAddedValueRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ViewAddedValuePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ViewAddedValueRequirement());
            });
            #endregion

            #region Dashboard
            authorizationOptions.AddPolicy(
                RoleNames.DashboardPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DashboardRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.DashboardRejectedTendersPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DashboardRejectedTendersRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.DashboardProcessNeedsActionPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DashboardProcessNeedsActionRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.AuditerAndTechnicalPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AuditerAndTechnicalRequirement());
            });
            #endregion

            #region Enquieries
            authorizationOptions.AddPolicy(
                RoleNames.SupplierEnquiriesOnTenderPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new SupplierEnquiriesOnTenderRequirement());
            });
            #endregion

            #region Unit

            authorizationOptions.AddPolicy(
                RoleNames.UnitManagerUserPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UnitManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.UnitSpecialistLevel1Policy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UnitSpecialistLevel1Requirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.UnitSpecialistLevel2Policy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UnitSpecialistLevel2Requirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.UnitSpecialistsAndManagerUserPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UnitSpecialistsAndManagerRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.UnitSpecialistLevel2AndUnitManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new UnitSpecialistLevel2AndUnitManagerRequirement());
            });


            #endregion

            #region DirecrPurchase

            authorizationOptions.AddPolicy(
                RoleNames.OffersPurchaseManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DirectPurchaseManagerRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersPurchaseSecretaryPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DirectPurchaseSecretaryRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.OffersPurchaseSecretaryAndManagerPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new DirectPurchaseSecretaryAndManagerRequirement());
            });

            authorizationOptions.AddPolicy(
                RoleNames.ApproveExtendOffersRequestPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveExtendOffersRequestRequirement());
            });

            #endregion

            #region Checking Requirement

            authorizationOptions.AddPolicy(
                RoleNames.CheckTenderOffersPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CheckTenderOffersRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ReOpenTendeFinancialCheckingPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ReOpenTendeFinancialCheckingRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.EndOpenFinantialOffersStagePolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new EndOpenFinantialOffersStageRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.AddFinantialCheckingResultPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new AddFinantialCheckingResultRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ApproveTenderAwardPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApproveTenderAwardRequirement());
            });

            #endregion

            #region PrePlanning
            authorizationOptions.AddPolicy(
                RoleNames.PrePlanningIndexPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PrePlanningIndexRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.PrePlanningAuditingPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PrePlanningAuditingRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.PrePlanningCreationPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PrePlanningCreationRequirement());
            });
            authorizationOptions.AddPolicy(
                RoleNames.PlaintRequestDataPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new PlaintRequesData());
            });
            authorizationOptions.AddPolicy(
                RoleNames.CheckPlaintDataPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new CheckPlaintData());
            });
            authorizationOptions.AddPolicy(
                RoleNames.ApprovePlaintDataPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ApprovePlaintData());
            });
            authorizationOptions.AddPolicy(
                RoleNames.EscalatedTendersIndexPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new EscalatedTendersIndex());
            });
            #endregion

            #region Reports


            authorizationOptions.AddPolicy(
                RoleNames.ReportsPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ReportsRequirement());
            });

            #endregion

            #region VRO
            authorizationOptions.AddPolicy(
                RoleNames.VROOpenAndCheckingViewPolicy,
                policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new VROOpenAndCheckingRequirement());
            });
            #endregion VRO

            // Mandatory List Requirements.
            #region Mandatory-List
            authorizationOptions.AddPolicy(PolicyNames.AddMandatoryListPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetAnnouncementDetailsRequirement());
            });
            authorizationOptions.AddPolicy(PolicyNames.ViewMandatoryListPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new ViewMandatoryListRequirement());
            });
            authorizationOptions.AddPolicy(PolicyNames.EditMandatoryListPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new EditMandatoryListRequirement());
            });
            authorizationOptions.AddPolicy(PolicyNames.MandatoryListApprovalPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new MandatoryListApprovalRequirement());
            });

            #endregion Mandatory-List

            #region Announcement
            authorizationOptions.AddPolicy(RoleNames.GetAnnouncementDetailsPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetAnnouncementDetailsRequirement());
            });

            authorizationOptions.AddPolicy(RoleNames.GetUnderOperationAgencyAnnouncementPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetUnderOperationAgencyAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.CreateAnnouncementPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new CreateAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.SendAnnouncementForApprovalPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new SendAnnouncementForApprovalRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.ApproveAnnouncementPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new ApproveAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.RejectApproveAnnouncementPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new RejectApproveAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.ReopenAnnouncementPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new ReopenAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.DeleteAnnouncementPolicy, p =>
            {
                p.RequireAuthenticatedUser();
                p.AddRequirements(new DeleteAnnouncementRequirement());
            });

            authorizationOptions.AddPolicy(RoleNames.GetAllAgencyAnnouncementPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetAllAgencyAnnouncementRequirement());
            });

            #endregion

            #region AnnouncementSupplierTemplate

            authorizationOptions.AddPolicy(RoleNames.GetAnnouncementSupplierTemplatePolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetAnnouncementSupplierTemplateRequirement());
            });

            authorizationOptions.AddPolicy(PolicyNames.GetAllAnnouncementSupplierTemplatesForSupplierPolicy, policyBuilder =>
            {
                policyBuilder.RequireAuthenticatedUser();
                policyBuilder.AddRequirements(new GetAllAnnouncementSupplierTemplatesForSupplierRequirements());
            });

            #endregion AnnouncementSupplierTemplate

            return(authorizationOptions);
        }
示例#16
0
 public static void AddPolicies(AuthorizationOptions config)
 {
     AddPolicy(config, Manager);
     AddPolicy(config, Customer);
 }
示例#17
0
 public static void AddRequiredScopePolicy(this AuthorizationOptions authorizationOptions, string name, string scope)
 {
     authorizationOptions.AddPolicy(name, policy => policy.Requirements.Add(new RequireScope(scope)));
 }
示例#18
0
 public static void AddPolicy(AuthorizationOptions config, string Role)
 {
     config.AddPolicy(Manager, new AuthorizationPolicyBuilder().RequireAuthenticatedUser().RequireRole(Role).Build());
 }
示例#19
0
        static IServiceCollection AddAuthorizationServices(this IServiceCollection services, AuthorizationOptions opts)
        {
            switch (opts.Mechanism)
            {
            case AuthorizationMechanism.Saml2:
                services.AddSingleton <IFederatedEntitlementProvider, SAML2EntitlementProvider>();
                break;

            case AuthorizationMechanism.ActiveDirectory:
                services.AddSingleton <IMembershipProvider, ActiveDirectoryMembershipProvider>();
                services.AddScoped <IFederatedEntitlementProvider, ActiveDirectoryEntitlementProvider>();
                break;

            case AuthorizationMechanism.Unsecured:
                services.AddSingleton <IFederatedEntitlementProvider, UnsecureEntitlementProvider>();
                break;
            }

            return(services);
        }
 private static void CustomAuthorizationOptionsSetupAction(AuthorizationOptions authorizationOptions)
 {
     authorizationOptions.DefaultPolicy = defaultPolicy;
 }
示例#21
0
 private static void AddPolicies(AuthorizationOptions options)
 {
     options.DefaultPolicy = new AuthorizationPolicyBuilder()
                             .RequireAuthenticatedUser()
                             .Build();
 }
 public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
 {
     authorizationOptions.AddUmaSecurityPolicy();
 }
 public AuthorizationPolicyProvider(IOptions <AuthorizationOptions> options, IConfiguration configuration) : base(options)
 {
     _configuration = configuration;
     _options       = options.Value;
 }
示例#24
0
 public async Task ConfigurePoliciesAsync(AuthorizationOptions options)
 {
     var allTasks = _policyProviders.Select(f => f.ConfigurePoliciesAsync(options));
     await Task.WhenAll(allTasks);
 }
示例#25
0
 /// <summary>
 /// Adds the authentication policies.
 /// </summary>
 /// <param name="options">The options.</param>
 /// <param name="administratorRoleDefinition"></param>
 /// <param name="authenticationSchemes">The authentication schemes.</param>
 /// <returns></returns>
 /// <exception cref="ArgumentNullException">options</exception>
 public static AuthorizationOptions AddAuthPolicies(
     this AuthorizationOptions options,
     (string roleName, string roleClaim) administratorRoleDefinition,
示例#26
0
 public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
 {
     authorizationOptions.AddParameterAuthPolicy();
 }
示例#27
0
        public void ConfigureAuthorization(AuthorizationOptions authorizationOptions, IDictionary <string, string> options = null)
        {
            var opts = GetOptions(options);

            authorizationOptions.AddOpenIdSecurityPolicy(opts.Authenticate.CookieName);
        }
示例#28
0
        static IServiceCollection ConfigureAuthorizationOptions(this IServiceCollection services, IConfiguration config)
        {
            var sp             = services.BuildServiceProvider();
            var log            = sp.GetRequiredService <ILogger <Startup> >();
            var authentication = sp.GetRequiredService <IOptions <AuthenticationOptions> >().Value;
            var authorization  = new AuthorizationOptions().WithMechanism(config.GetValue <string>(Config.Authorization.Mechanism));

            services.Configure <AuthorizationOptions>(opts =>
            {
                opts.Mechanism = authorization.Mechanism;
            });

            switch (authorization.Mechanism)
            {
            case AuthorizationMechanism.Unsecured:
                if (!authentication.IsUnsecured)
                {
                    throw new LeafConfigurationException($"{AuthorizationOptions.Unsecured} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Unsecured}");
                }
                log.LogCritical("UNSECURED authorization detected, Leaf is not secured by authorization!");
                break;

            case AuthorizationMechanism.Saml2:
                if (!authentication.IsSaml2)
                {
                    throw new LeafConfigurationException($"{AuthorizationOptions.Saml2} authorization mechanism is only supported if {Config.Authentication.Mechanism} is also {AuthenticationOptions.Saml2}");
                }

                if (!config.TryBind <SAML2AuthorizationOptions>(Config.Authorization.Saml2, out var saml2))
                {
                    throw new LeafConfigurationException($"SAML2 authorization mechanism is missing a complete SAML2 configuration object");
                }
                Config.ThrowIfInvalid(saml2);

                services.Configure <SAML2AuthorizationOptions>(opts =>
                {
                    opts.RolesMapping   = saml2.RolesMapping;
                    opts.HeadersMapping = saml2.HeadersMapping;
                });
                break;

            case AuthorizationMechanism.ActiveDirectory:
                if (authentication.IsUnsecured)
                {
                    throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is not compatible with Unsecured authentication");
                }
                if (!config.TryBind <ActiveDirectoryAuthorizationOptions>(Config.Authorization.ActiveDirectory, out var ad))
                {
                    throw new LeafConfigurationException($"ActiveDirectory authorization mechanism is missing an ActiveDirectory configuration section");
                }
                Config.ThrowIfInvalid(ad);

                services.Configure <ActiveDirectoryAuthorizationOptions>(opts =>
                {
                    opts.DomainConnection = ad.DomainConnection;
                    opts.RolesMapping     = ad.RolesMapping;
                });
                break;
            }

            return(services);
        }
 public AuthorizationPolicyProvider(IOptions <AuthorizationOptions> options) : base(options)
 {
     _options = options.Value;
 }
 public UserCommandHandlerBase(Func <UserManager <ApplicationUser> > userManager, IOptions <AuthorizationOptions> securityOptions)
 {
     _userManagerFactory = userManager;
     _securityOptions    = securityOptions.Value;
 }