Skip to content

Instantly share code, notes, and snippets.

@conwid

conwid/02Extending authorization

Created May 16, 2023 16:46
Show Gist options
  • Save conwid/c465eabde535c0acdf90b1ff9e5a1fb0 to your computer and use it in GitHub Desktop.
Save conwid/c465eabde535c0acdf90b1ff9e5a1fb0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
02Extending authorization
The second demo shows how to extend authorization using the custom user info.
Raw
a_CustomClaimFactory
public class CustomClaimFactory : UserClaimsPrincipalFactory<ApplicationUser>
{
public CustomClaimFactory(UserManager<ApplicationUser> userManager, IOptions<IdentityOptions> optionsAccessor) : base(userManager, optionsAccessor)
{
}
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(ApplicationUser user)
{
var claims = await base.GenerateClaimsAsync(user);
claims.AddClaim(new Claim("http://schemas.techeddemo.com/2023/05/identity/dateofbirth", user.DateOfBirth.ToShortDateString()));
return claims;
}
}
Raw
b_MinimumAgeRequirement
public class MinimumAgeRequirement : IAuthorizationRequirement
{
public MinimumAgeRequirement(int minimumAge)
{
MinimumAge = minimumAge;
}
public int MinimumAge { get; }
}
Raw
c_RequirementHandler
public class MinimumAgeHandler : IAuthorizationHandler
{
public async Task HandleAsync(AuthorizationHandlerContext context)
{
foreach (var item in context.PendingRequirements)
{
switch (item)
{
case MinimumAgeRequirement r:
await HandleMinimumAgeRequirement(context, r);
break;
};
}
}
protected async Task HandleMinimumAgeRequirement(AuthorizationHandlerContext context, MinimumAgeRequirement requirement)
{
var ageClaim = context.User.Claims.SingleOrDefault(c => c.Type == "http://schemas.techeddemo.com/2023/05/identity/dateofbirth");
if (ageClaim!=null && DateTime.Now.Subtract(DateTime.Parse(ageClaim.Value)) > TimeSpan.FromDays(requirement.MinimumAge * 365))
context.Succeed(requirement);
}
}
Raw
d_AuthAttriubte
public sealed class MinimumAgeAttribute : AuthorizeAttribute
{
private static readonly string policyPrefix = "minimumAge:";
public MinimumAgeAttribute(int minimumAge)
{
MinimumAge = minimumAge;
}
public int MinimumAge
{
get => int.Parse(Policy.Substring(policyPrefix.Length));
set => Policy = $"{policyPrefix}{value}";
}
}
Raw
e_PolicyProvider
public class MinimumAgePolicyProvider : DefaultAuthorizationPolicyProvider
{
private static readonly string policyPrefix = "minimumAge:";
public MinimumAgePolicyProvider(IOptions<AuthorizationOptions> options) : base(options) { }
public async override Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
{
if (policyName.StartsWith(policyPrefix, StringComparison.OrdinalIgnoreCase))
{
var minimumAge = int.Parse(policyName.Substring(policyPrefix.Length));
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements(new MinimumAgeRequirement(minimumAge));
return policy.Build();
}
return await base.GetPolicyAsync(policyName);
}
}
Raw
f_Registrations
builder.Services.AddIdentity<ApplicationUser, IdentityRole>(opts => opts.Stores.ProtectPersonalData = true)
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddClaimsPrincipalFactory<CustomClaimFactory>();
builder.Services.AddSingleton<IAuthorizationPolicyProvider, MinimumAgePolicyProvider>();
builder.Services.AddSingleton<IAuthorizationHandler, MinimumAgeHandler>();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment