private static void BuildPolicy(AuthorizationPolicyInfo policy, AuthorizationOptions config)
        {
            var builder = new AuthorizationPolicyBuilder();

            policy.AuthenticationSchemes?.ForEach(builder.AuthenticationSchemes.Add);
            if (policy.Requirements != null && policy.Requirements.Any())
            {
                foreach (var policyRequirement in policy.Requirements)
                {
                    switch (policyRequirement.RequirementType)
                    {
                    case AuthorizationRequirementType.ClaimsAuthorizationRequirement:
                        var claimsInfo = JObject.Parse(policyRequirement.Requirement)
                                         .ToObject <ClaimsInfo>();
                        builder.RequireClaim(claimsInfo.ClaimType, claimsInfo.RequiredValues);
                        break;

                    case AuthorizationRequirementType.RolesAuthorizationRequirement:
                        builder.RequireRole(JObject.Parse(policyRequirement.Requirement)
                                            .ToObject <string[]>());
                        break;

                    case AuthorizationRequirementType.NameAuthorizationRequirement:
                        builder.RequireUserName(policyRequirement.Requirement);
                        break;

                    case AuthorizationRequirementType.OperationAuthorizationRequirement:
                        builder.AddRequirements(
                            new OperationAuthorizationRequirement()
                        {
                            Name = policyRequirement.Requirement
                        });
                        break;

                    case AuthorizationRequirementType.DenyAnonymousAuthorizationRequirement:
                        builder.RequireAuthenticatedUser();
                        break;

                    case AuthorizationRequirementType.DenyAuthorizationRequirement:
                        builder.AddRequirements(new DenyAuthorizationRequirement());
                        break;

                    case AuthorizationRequirementType.CustomAuthorizationRequirement:
                        builder.AddRequirements(Activator.CreateInstance(Type.GetType(policyRequirement.Type),
                                                                         JObject.Parse(policyRequirement.Requirement).ToObject <object[]>()) as IAuthorizationRequirement);
                        break;
                        // TODO implement the assertion requirement.
                        //case AuthorizationRequirementType.ClaimsAuthorizationRequirement:
                        //    builder.RequireAssertion(handler => {handler.})
                        //    break;
                    }
                }
            }
            config.AddPolicy(policy.Name, builder.Build());
        }
示例#2
0
        public static AuthorizationPolicy ToAuthPolicy(this AuthorizationPolicyInfo info)
        {
            var policy             = new AuthorizationPolicyBuilder();
            var hasAnyRequirements = false;

            if (info.AllowedRoles.Count > 0)
            {
                policy.RequireRole(info.AllowedRoles);
                hasAnyRequirements = true;
            }

            if (info.AuthenticationSchemes.Count > 0)
            {
                policy.AuthenticationSchemes = info.AuthenticationSchemes;
            }
            if (info.RequireAuthenticatedUser)
            {
                policy.RequireAuthenticatedUser();
                hasAnyRequirements = true;
            }
            if (info.RequiredClaims.Count > 0)
            {
                foreach (var c in info.RequiredClaims)
                {
                    if (c.AllowedValues.Count > 0)
                    {
                        policy.RequireClaim(c.ClaimName, c.AllowedValues);
                    }
                    else
                    {
                        policy.RequireClaim(c.ClaimName);
                    }
                    hasAnyRequirements = true;
                }
            }

            if (!string.IsNullOrWhiteSpace(info.RequiredUserName))
            {
                policy.RequireUserName(info.RequiredUserName);
                hasAnyRequirements = true;
            }

            if (!hasAnyRequirements)
            {
                // allow anonymous
                Func <AuthorizationHandlerContext, bool> allowAny = (AuthorizationHandlerContext authContext) => true;
                policy.RequireAssertion(allowAny);
            }


            return(policy.Build());
        }