-
Notifications
You must be signed in to change notification settings - Fork 28
Expand file tree
/
Copy pathProgram.cs
More file actions
91 lines (70 loc) · 3 KB
/
Program.cs
File metadata and controls
91 lines (70 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
using System.Security.Claims;
using JwtBearerSample.Authentication;
using JwtBearerSample.Controllers;
using Microsoft.AspNetCore.Authentication;
using SimpleAuthentication;
using SimpleAuthentication.Permissions;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddHttpContextAccessor();
builder.Services.AddControllers();
builder.Services.AddProblemDetails();
// Add authentication services.
builder.Services.AddSimpleAuthentication(builder.Configuration);
// Enable permission-based authorization.
builder.Services.AddScopePermissions(); // This is equivalent to builder.Services.AddPermissions<ScopeClaimPermissionHandler>();
// Define a custom handler for permission handling.
//builder.Services.AddPermissions<CustomPermissionHandler>();
builder.Services.AddAuthorizationBuilder()
// Define permissions using a policy.
.AddPolicy("PeopleRead", builder => builder.RequirePermission(Permissions.PeopleRead, Permissions.PeopleAdmin))
//.AddPolicy("Bearer", builder => builder.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser())
//.SetDefaultPolicy(new AuthorizationPolicyBuilder()
// .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
// .RequireAuthenticatedUser()
// .Build())
//.SetFallbackPolicy(new AuthorizationPolicyBuilder()
// .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
// .RequireAuthenticatedUser()
// .Build())
;
// Uncomment the following line if you have multiple authentication schemes and
// you need to determine the authentication scheme at runtime (for example, you don't want to use the default authentication scheme).
//builder.Services.AddSingleton<IAuthenticationSchemeProvider, ApplicationAuthenticationSchemeProvider>();
builder.Services.AddTransient<IClaimsTransformation, ClaimsTransformer>();
builder.Services.AddOpenApi(options =>
{
options.AddSimpleAuthentication(builder.Configuration);
});
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UseHttpsRedirection();
app.UseExceptionHandler();
app.UseStatusCodePages();
app.MapOpenApi();
app.UseSwaggerUI(options =>
{
options.SwaggerEndpoint("/openapi/v1.json", app.Environment.ApplicationName);
});
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
public class CustomPermissionHandler : IPermissionHandler
{
public Task<bool> IsGrantedAsync(ClaimsPrincipal user, IEnumerable<string> permissions)
{
bool isGranted;
if (!permissions?.Any() ?? true)
{
isGranted = true;
}
else
{
var permissionClaim = user.FindFirstValue("permissions");
var userPermissions = permissionClaim?.Split(",", StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries) ?? Enumerable.Empty<string>();
isGranted = userPermissions.Intersect(permissions!).Any();
}
return Task.FromResult(isGranted);
}
}