public async Task CanCombineAuthorizeAttributes() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute(), new AuthorizeAttribute("1") { ActiveAuthenticationSchemes = "dupe" }, new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" }, new AuthorizeAttribute { Roles = "r1,r2", ActiveAuthenticationSchemes = "roles" }, }; var options = new AuthorizationOptions(); options.AddPolicy("1", policy => policy.RequireClaim("1")); options.AddPolicy("2", policy => policy.RequireClaim("2")); var provider = new DefaultAuthorizationPolicyProvider(Options.Create(options)); // Act var combined = await AuthorizationPolicy.CombineAsync(provider, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Contains("dupe")); Assert.True(combined.AuthenticationSchemes.Contains("roles")); Assert.Equal(4, combined.Requirements.Count()); Assert.True(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement)); Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count()); Assert.Equal(1, combined.Requirements.OfType<RolesAuthorizationRequirement>().Count()); }
public static void AddTestAuthorization( Microsoft.AspNetCore.Authorization.AuthorizationOptions options) { options.AddPolicy(Constants.Policies.Internal, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.Application, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.User, builder => { builder.RequireClaim("scope", "test"); }); options.AddPolicy(Constants.Policies.InternalOrApplication, builder => { builder.RequireClaim("scope", "test"); }); }
public void ConfigureAutrorization(AuthorizationOptions options) { options.AddPolicy(UserManagement, policyBuilder => { policyBuilder.RequireClaim("ManageUsers"); }); }
public static void RegisterAuthorizations(AuthorizationOptions options) { options.AddPolicy("Administrator", p => { p.RequireAuthenticatedUser(); p.RequireClaim(DAG.Security.Safe.Owin.ClaimTypes.Email); }); }
public static void AddPlatformAuthorization( Microsoft.AspNetCore.Authorization.AuthorizationOptions authorizationOptions) { authorizationOptions.AddPolicy(Constants.Policies.Internal, builder => { builder.RequireScope(Constants.Scopes.PlatformInternal); }); authorizationOptions.AddPolicy(Constants.Policies.User, builder => { builder.RequireScope(Constants.Scopes.PlatformUser); }); authorizationOptions.AddPolicy(Constants.Policies.Application, builder => { builder.RequireScope(Constants.Scopes.PlatformApplication); }); authorizationOptions.AddPolicy(Constants.Policies.InternalOrApplication, builder => { builder.RequireScope(Constants.Scopes.PlatformApplication, Constants.Scopes.PlatformInternal); }); }
public static void AddGitAutomationPolicies(this AuthorizationOptions options) { var anyPermission = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); options.DefaultPolicy = anyPermission; options.AddPolicy( PolicyNames.Read, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Read.ToString().ToLower()) .Build() ); options.AddPolicy( PolicyNames.Create, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Create.ToString().ToLower()) .Build() ); options.AddPolicy( PolicyNames.Delete, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Delete.ToString().ToLower()) .Build() ); options.AddPolicy( PolicyNames.Update, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Update.ToString().ToLower()) .Build() ); options.AddPolicy( PolicyNames.Approve, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower(), Permission.Approve.ToString().ToLower()) .Build() ); options.AddPolicy( PolicyNames.Administrate, new AuthorizationPolicyBuilder() .Combine(anyPermission) .RequireRole(Permission.Administrate.ToString().ToLower()) .Build() ); }
public void CanReplaceDefaultPolicy() { // Arrange var attributes = new AuthorizeAttribute[] { new AuthorizeAttribute(), new AuthorizeAttribute("2") { ActiveAuthenticationSchemes = "dupe" } }; var options = new AuthorizationOptions(); options.DefaultPolicy = new AuthorizationPolicyBuilder("default").RequireClaim("default").Build(); options.AddPolicy("2", policy => policy.RequireClaim("2")); // Act var combined = AuthorizationPolicy.Combine(options, attributes); // Assert Assert.Equal(2, combined.AuthenticationSchemes.Count()); Assert.True(combined.AuthenticationSchemes.Contains("dupe")); Assert.True(combined.AuthenticationSchemes.Contains("default")); Assert.Equal(2, combined.Requirements.Count()); Assert.False(combined.Requirements.Any(r => r is DenyAnonymousAuthorizationRequirement)); Assert.Equal(2, combined.Requirements.OfType<ClaimsAuthorizationRequirement>().Count()); }
private void AuthorizationOptions(AuthorizationOptions options) { options.AddPolicy("doctoruser", policy => policy.RequireClaim("doctor", "true")); }