public Task <AuthorizationPolicy> GetFallbackPolicyAsync() => _default.GetFallbackPolicyAsync();
/// <summary>
/// Combines the <see cref="AuthorizationPolicy"/> provided by the specified
/// <paramref name="policyProvider"/>.
/// </summary>
/// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param>
/// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param>
/// <param name="policies">A collection of <see cref="AuthorizationPolicy"/> policies to combine.</param>
/// <returns>
/// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
/// authorization policies provided by the specified <paramref name="policyProvider"/>.
/// </returns>
public static async Task <AuthorizationPolicy?> CombineAsync(IAuthorizationPolicyProvider policyProvider,
IEnumerable <IAuthorizeData> authorizeData,
IEnumerable <AuthorizationPolicy> policies)
{
if (policyProvider == null)
{
throw new ArgumentNullException(nameof(policyProvider));
}
if (authorizeData == null)
{
throw new ArgumentNullException(nameof(authorizeData));
}
var anyPolicies = policies.Any();
// Avoid allocating enumerator if the data is known to be empty
var skipEnumeratingData = false;
if (authorizeData is IList <IAuthorizeData> dataList)
{
skipEnumeratingData = dataList.Count == 0;
}
AuthorizationPolicyBuilder?policyBuilder = null;
if (!skipEnumeratingData)
{
foreach (var authorizeDatum in authorizeData)
{
if (policyBuilder == null)
{
policyBuilder = new AuthorizationPolicyBuilder();
}
var useDefaultPolicy = !(anyPolicies);
if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy))
{
var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy).ConfigureAwait(false);
if (policy == null)
{
throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy));
}
policyBuilder.Combine(policy);
useDefaultPolicy = false;
}
var rolesSplit = authorizeDatum.Roles?.Split(',');
if (rolesSplit?.Length > 0)
{
var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
policyBuilder.RequireRole(trimmedRolesSplit);
useDefaultPolicy = false;
}
var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(',');
if (authTypesSplit?.Length > 0)
{
foreach (var authType in authTypesSplit)
{
if (!string.IsNullOrWhiteSpace(authType))
{
policyBuilder.AuthenticationSchemes.Add(authType.Trim());
}
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync().ConfigureAwait(false));
}
}
}
if (anyPolicies)
{
policyBuilder ??= new();
foreach (var policy in policies)
{
policyBuilder.Combine(policy);
}
}
// If we have no policy by now, use the fallback policy if we have one
if (policyBuilder == null)
{
var fallbackPolicy = await policyProvider.GetFallbackPolicyAsync().ConfigureAwait(false);
if (fallbackPolicy != null)
{
return(fallbackPolicy);
}
}
return(policyBuilder?.Build());
}
/// <summary>
/// Combines the <see cref="AuthorizationPolicy"/> provided by the specified
/// <paramref name="policyProvider"/>.
/// </summary>
/// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param>
/// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param>
/// <returns>
/// A new <see cref="AuthorizationPolicy"/> which represents the combination of the
/// authorization policies provided by the specified <paramref name="policyProvider"/>.
/// </returns>
public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData)
{
if (policyProvider == null)
{
throw new ArgumentNullException(nameof(policyProvider));
}
if (authorizeData == null)
{
throw new ArgumentNullException(nameof(authorizeData));
}
// Avoid allocating enumerator if the data is known to be empty
var skipEnumeratingData = false;
if (authorizeData is IList <IAuthorizeData> dataList)
{
skipEnumeratingData = dataList.Count == 0;
}
AuthorizationPolicyBuilder policyBuilder = null;
if (!skipEnumeratingData)
{
foreach (var authorizeDatum in authorizeData)
{
if (policyBuilder == null)
{
policyBuilder = new AuthorizationPolicyBuilder();
}
var useDefaultPolicy = true;
if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy))
{
var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy);
if (policy == null)
{
throw new InvalidOperationException($"The AuthorizationPolicy named: '{authorizeDatum.Policy}' was not found.");
}
policyBuilder.Combine(policy);
useDefaultPolicy = false;
}
var rolesSplit = authorizeDatum.Roles?.Split(',');
if (rolesSplit != null && rolesSplit.Any())
{
var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim());
policyBuilder.RequireRole(trimmedRolesSplit);
useDefaultPolicy = false;
}
var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(',');
if (authTypesSplit != null && authTypesSplit.Any())
{
foreach (var authType in authTypesSplit)
{
if (!string.IsNullOrWhiteSpace(authType))
{
policyBuilder.AuthenticationSchemes.Add(authType.Trim());
}
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync());
}
}
}
// If we have no policy by now, use the fallback policy if we have one
if (policyBuilder == null)
{
var fallbackPolicy = await policyProvider.GetFallbackPolicyAsync();
if (fallbackPolicy != null)
{
return(fallbackPolicy);
}
}
return(policyBuilder?.Build());
}
public async Task <AuthorizationPolicy> CombineAsync(AuthorizeData authorizeData)
{
// Avoid allocating enumerator if the data is known to be empty
var skip = authorizeData == null;
if (skip)
{ // If we have no policy by now, use the fallback policy if we have one
var fallbackPolicy = await PolicyProvider.GetFallbackPolicyAsync();
if (fallbackPolicy != null)
{
return(fallbackPolicy);
}
}
else
{
AuthorizationPolicyBuilder policyBuilder = new AuthorizationPolicyBuilder();
var useDefaultPolicy = true;
if (authorizeData.DeniedAll)
{
policyBuilder.AddRequirements(new DenyAllAuthorizationRequirement(true));
useDefaultPolicy = false;
}
else
{
if (!authorizeData.AuthenticationSchemes.IsNullOrEmpty())
{
foreach (string scheme in authorizeData.AuthenticationSchemes)
{
policyBuilder.AuthenticationSchemes.Add(scheme.Trim());
}
}
// 假如允许所有角色访问,只需要求登录即可
if (authorizeData.AllowedAllRoles)
{
policyBuilder.RequireAuthenticatedUser();
useDefaultPolicy = false;
}
else
{
if (!authorizeData.Policies.IsNullOrEmpty())
{
foreach (string policyName in authorizeData.Policies)
{
var policy = await PolicyProvider.GetPolicyAsync(policyName);
if (policy == null)
{
throw new InvalidOperationException($"找不到名为: '{policyName}'的策略!");
}
policyBuilder.Combine(policy);
}
useDefaultPolicy = false;
}
if (!authorizeData.AllowedUsers.IsNullOrEmpty() || !authorizeData.AllowedRoles.IsNullOrEmpty())
{
policyBuilder.AddRequirements(new RolesOrUsersAuthorizationRequirement(authorizeData.AllowedUsers, authorizeData.AllowedRoles));
useDefaultPolicy = false;
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(await PolicyProvider.GetDefaultPolicyAsync());
}
}
return(policyBuilder?.Build());
}
return(null);
}
public Task <AuthorizationPolicy> GetFallbackPolicyAsync()
{
return(_fallbackProvider.GetFallbackPolicyAsync());
}