示例#1
0
        public async Task <ActionResult <UserResourceResponse> > GetUserResouces(Guid azureAdId)
        {
            var response = _userManagementRepository.GetUserResourcesByAzureAdId(azureAdId);

            if (response == null)
            {
                NotFound();
            }
            //this endpoint will hit once user logs in application/ refresh page.
            await _cache.SetStringAsync(azureAdId.ToString(), JsonConvert.SerializeObject(response), new DistributedCacheEntryOptions { SlidingExpiration = new TimeSpan(1, 0, 0) });

            return(Ok(response));
        }
示例#2
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="context"></param>
        /// <param name="requirement"></param>
        /// <returns></returns>
        protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, ScopeRequirement requirement)
        {
            // Split the scopes string into an array
            var scopesData = context.User.FindFirst(c => c.Type == "http://schemas.microsoft.com/identity/claims/scope" && c.Issuer == issuer);

            if (scopesData != null)
            {
                var scopes = scopesData.Value.Split(' ');
                // Succeed if the scope array contains the required scope
                if (scopes.Any(s => s == "user_impersonation"))
                {
                    var oid = context.User.FindFirst(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier" && c.Issuer == issuer);
                    UserResourceResponse response;
                    string userPolicies = await _cache.GetStringAsync(oid.Value.ToLower());

                    if (!string.IsNullOrEmpty(userPolicies))
                    {
                        response = JsonConvert.DeserializeObject <UserResourceResponse>(userPolicies);
                    }
                    else
                    {
                        response = _userRepository.GetUserResourcesByAzureAdId(new Guid(oid.Value));
                        await _cache.SetStringAsync(oid.Value.ToLower(), JsonConvert.SerializeObject(response), new DistributedCacheEntryOptions { SlidingExpiration = new TimeSpan(0, 30, 0) }); //30 min
                    }

                    AuthorizationFilterContext authFilterContext = context.Resource as AuthorizationFilterContext;
                    if (authFilterContext != null)
                    {
                        var httpMethod = authFilterContext.HttpContext.Request.Method;
                        var url        = authFilterContext.ActionDescriptor.AttributeRouteInfo.Template;
                        if (response != null && response.Resources != null)
                        {
                            if (response.Resources.Any(p => p.ResourceUri == url && p.Mehtod == httpMethod))
                            {
                                context.Succeed(requirement);
                            }
                        }
                    }
                }
            }
            else if (!string.IsNullOrEmpty(confidentialAppId))
            {
                var appId = context.User.FindFirst(c => c.Type == "appid" && c.Issuer == issuer);
                if (appId != null && appId.Value == confidentialAppId)
                {
                    context.Succeed(requirement);
                }
            }
        }