public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable<IAuthorizeData> attributes) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (attributes == null) { throw new ArgumentNullException(nameof(attributes)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in attributes.OfType<AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = options.GetPolicy(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(options.DefaultPolicy); } } return any ? policyBuilder.Build() : null; }
/// <summary> /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/> /// </summary> /// <param name="policyName">The policy name to retrieve.</param> /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns> public virtual Task <AuthorizationPolicy> GetPolicyAsync(string policyName) { // MVC caches policies specifically for this class, so this method MUST return the same policy per // policyName for every request or it could allow undesired access. It also must return synchronously. // A change to either of these behaviors would require shipping a patch of MVC as well. return(Task.FromResult(_options.GetPolicy(policyName))); }
public static AuthorizationPolicy Combine(AuthorizationOptions options, IEnumerable <IAuthorizeData> attributes) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (attributes == null) { throw new ArgumentNullException(nameof(attributes)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in attributes.OfType <AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = options.GetPolicy(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(options.DefaultPolicy); } } return(any ? policyBuilder.Build() : null); }
/// <summary> /// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/> /// </summary> /// <param name="policyName">The policy name to retrieve.</param> /// <returns>The named <see cref="AuthorizationPolicy"/>.</returns> public virtual Task <AuthorizationPolicy> GetPolicyAsync(string policyName) { return(Task.FromResult(_options.GetPolicy(policyName))); }