|
|
|
//Setup Authentication & Authorization |
|
services.AddMvc(); |
|
services.AddAuthentication(sharedOptions => |
|
{ |
|
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; |
|
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; |
|
}).AddCookie() |
|
.AddOpenIdConnect(o => |
|
{ |
|
o.ClientId = Configuration["AzureAD:ClientId"]; |
|
o.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]); |
|
o.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"]; |
|
o.Events = new OpenIdConnectEvents |
|
{ |
|
OnRemoteFailure = OnAuthenticationFailed, |
|
}; |
|
}); |
|
services.AddAuthorization(options => |
|
{ |
|
options.AddPolicy("SecurityGroup", |
|
policy => policy.Requirements.Add(new MySecurityGroupRequirement(new Guid("38df74de-de2b-48b4-8aec-d308d07f7e07")))); |
|
}); |
|
services.AddSingleton<IAuthorizationHandler, MySecurityGroupHandler>(); |
|
|
|
|
|
|
|
//Requirement and Handler |
|
public class MySecurityGroupRequirement:IAuthorizationRequirement |
|
{ |
|
public Guid SecurityGroupGuid { get; set; } |
|
public MySecurityGroupRequirement(Guid securityGroupGuid) |
|
{ |
|
this.SecurityGroupGuid=securityGroupGuid; |
|
} |
|
} |
|
public class MySecurityGroupHandler : AuthorizationHandler<MySecurityGroupRequirement> |
|
{ |
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MySecurityGroupRequirement requirement) |
|
{ |
|
var groupIdsFromClaims = context.User.FindAll("groups").Select(c => c.Value).ToList(); |
|
if (groupIdsFromClaims.Contains(requirement.SecurityGroupGuid.ToString())) |
|
{ |
|
context.Succeed(requirement); |
|
return Task.CompletedTask; |
|
|
|
} |
|
else |
|
{ |
|
context.Fail(); |
|
return Task.CompletedTask; //<--- StackOverFlow here |
|
} |
|
} |
|
} |
