public Task <AuthorizationPolicy> GetFallbackPolicyAsync() => _default.GetFallbackPolicyAsync();
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <param name="policies">A collection of <see cref="AuthorizationPolicy"/> policies to combine.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy?> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData, IEnumerable <AuthorizationPolicy> policies) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var anyPolicies = policies.Any(); // Avoid allocating enumerator if the data is known to be empty var skipEnumeratingData = false; if (authorizeData is IList <IAuthorizeData> dataList) { skipEnumeratingData = dataList.Count == 0; } AuthorizationPolicyBuilder?policyBuilder = null; if (!skipEnumeratingData) { foreach (var authorizeDatum in authorizeData) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } var useDefaultPolicy = !(anyPolicies); if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy).ConfigureAwait(false); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit?.Length > 0) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit?.Length > 0) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync().ConfigureAwait(false)); } } } if (anyPolicies) { policyBuilder ??= new(); foreach (var policy in policies) { policyBuilder.Combine(policy); } } // If we have no policy by now, use the fallback policy if we have one if (policyBuilder == null) { var fallbackPolicy = await policyProvider.GetFallbackPolicyAsync().ConfigureAwait(false); if (fallbackPolicy != null) { return(fallbackPolicy); } } return(policyBuilder?.Build()); }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } // Avoid allocating enumerator if the data is known to be empty var skipEnumeratingData = false; if (authorizeData is IList <IAuthorizeData> dataList) { skipEnumeratingData = dataList.Count == 0; } AuthorizationPolicyBuilder policyBuilder = null; if (!skipEnumeratingData) { foreach (var authorizeDatum in authorizeData) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy); if (policy == null) { throw new InvalidOperationException($"The AuthorizationPolicy named: '{authorizeDatum.Policy}' was not found."); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } } // If we have no policy by now, use the fallback policy if we have one if (policyBuilder == null) { var fallbackPolicy = await policyProvider.GetFallbackPolicyAsync(); if (fallbackPolicy != null) { return(fallbackPolicy); } } return(policyBuilder?.Build()); }
public async Task <AuthorizationPolicy> CombineAsync(AuthorizeData authorizeData) { // Avoid allocating enumerator if the data is known to be empty var skip = authorizeData == null; if (skip) { // If we have no policy by now, use the fallback policy if we have one var fallbackPolicy = await PolicyProvider.GetFallbackPolicyAsync(); if (fallbackPolicy != null) { return(fallbackPolicy); } } else { AuthorizationPolicyBuilder policyBuilder = new AuthorizationPolicyBuilder(); var useDefaultPolicy = true; if (authorizeData.DeniedAll) { policyBuilder.AddRequirements(new DenyAllAuthorizationRequirement(true)); useDefaultPolicy = false; } else { if (!authorizeData.AuthenticationSchemes.IsNullOrEmpty()) { foreach (string scheme in authorizeData.AuthenticationSchemes) { policyBuilder.AuthenticationSchemes.Add(scheme.Trim()); } } // 假如允许所有角色访问,只需要求登录即可 if (authorizeData.AllowedAllRoles) { policyBuilder.RequireAuthenticatedUser(); useDefaultPolicy = false; } else { if (!authorizeData.Policies.IsNullOrEmpty()) { foreach (string policyName in authorizeData.Policies) { var policy = await PolicyProvider.GetPolicyAsync(policyName); if (policy == null) { throw new InvalidOperationException($"找不到名为: '{policyName}'的策略!"); } policyBuilder.Combine(policy); } useDefaultPolicy = false; } if (!authorizeData.AllowedUsers.IsNullOrEmpty() || !authorizeData.AllowedRoles.IsNullOrEmpty()) { policyBuilder.AddRequirements(new RolesOrUsersAuthorizationRequirement(authorizeData.AllowedUsers, authorizeData.AllowedRoles)); useDefaultPolicy = false; } } if (useDefaultPolicy) { policyBuilder.Combine(await PolicyProvider.GetDefaultPolicyAsync()); } } return(policyBuilder?.Build()); } return(null); }
public Task <AuthorizationPolicy> GetFallbackPolicyAsync() { return(_fallbackProvider.GetFallbackPolicyAsync()); }