public static AuthorizationPolicyBuilder RequireScope(this AuthorizationPolicyBuilder builder, IEnumerable <string> scopes) { //https://leastprivilege.com/2020/07/06/flexible-access-token-validation-in-asp-net-core/ var c = new ClaimsAuthorizationRequirement("scope", scopes); //IdentityModel.AspNetCore.AccessTokenValidation services.AddScopeTransformation() + IdentityModel.AspNetCore.OAuth2Introspection. Remove AddIdentityServerAuthentication IdentityServer4.AccessTokenValidation builder.Requirements.Add(new ScopeAuthorizationRequirement(scopes)); return(builder); }
public void Apply_HasClaimsAuthorizationRequirements_AddsClaimsToOperation() { var requirement = new ClaimsAuthorizationRequirement("Type", new string[0]); var requirements = new List<IAuthorizationRequirement>() { requirement }; var policy = new AuthorizationPolicy(requirements, new List<string>()); var filterDescriptor = new FilterDescriptor(new AuthorizeFilter(policy), 30); this.operationFilterContext.ApiDescription.ActionDescriptor.FilterDescriptors.Add(filterDescriptor); this.operationFilter.Apply(this.operation, this.operationFilterContext); Assert.NotNull(this.operation.Security); Assert.Equal(1, this.operation.Security.Count); Assert.Equal(1, this.operation.Security.First().Count); Assert.Equal("oauth2", this.operation.Security.First().First().Key); Assert.Equal(new string[] { "Type" }, this.operation.Security.First().First().Value); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement) { if (context.User != null) { if (context.User.HasClaim(ShopConstants.Claims.Role, ShopConstants.Roles.Admin)) { context.Succeed(requirement); } else { return(base.HandleRequirementAsync(context, requirement)); } } return(Task.CompletedTask); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement) { if (context.User != null) { if (requirement.AllowedValues == null || !requirement.AllowedValues.Any() ? context.User.Claims.Any(c => string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)) : context.User.Claims.Any(c => { if (string.Equals(c.Type, requirement.ClaimType, StringComparison.OrdinalIgnoreCase)) { return(requirement.AllowedValues.Contains(c.Value, StringComparer.Ordinal)); } return(false); })) { context.Succeed(requirement); } } return(Task.CompletedTask); }