huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implementing Authorize attribute 

#272
This commit is contained in:
Sebastien Ros 2014-04-24 16:21:43 -07:00
parent 2ba8780ee0
commit 0fe028a4dd
14 changed files with 362 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
samples/MvcSample.Web/Filters/BlockAnonymous.cs
View File

@ -1,4 +1,4 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc;
namespace MvcSample.Web.Filters
{
@ -6,9 +6,18 @@ namespace MvcSample.Web.Filters
{
public override void OnAuthorization(AuthorizationContext context)
{
if (!HasAllowAnonymous(context))
if (!HasAllowAnonymous(context))
{
context.Result = new HttpStatusCodeResult(401);
var user = content.HttpContext.User;
var userIsAnonymous =
user == null ||
user.Identity == null ||
!user.Identity.IsAuthenticated;
if(userIsAnonymous)
{
base.Fail(context);
}
}
}
}

21
samples/MvcSample.Web/Filters/FakeUserAttribute.cs Normal file
View File

@ -0,0 +1,21 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using System.Security.Claims;
namespace MvcSample.Web
{
public class FakeUserAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(AuthorizationContext context)
{
context.HttpContext.User = new ClaimsPrincipal(
new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.NameIdentifier, "John")},
"Basic"));
}
}
}

13
samples/MvcSample.Web/FiltersController.cs
View File

@ -38,6 +38,19 @@ namespace MvcSample.Web
return Index(age, userName);
}
[Authorize("Permission", "CanViewPage")]
public IActionResult NotGrantedClaim(int age, string userName)
{
return Index(age, userName);
}
[FakeUser]
[Authorize("Permission", "CanViewPage", "CanViewAnything")]
public IActionResult AllGranted(int age, string userName)
{
return Index(age, userName);
}
[ErrorMessages, AllowAnonymous]
public IActionResult Crash(string message)
{

1
samples/MvcSample.Web/MvcSample.Web.kproj
View File

@ -44,6 +44,7 @@
<Compile Include="Filters\AgeEnhancerFilterAttribute.cs" />
<Compile Include="Filters\BlockAnonymous.cs" />
<Compile Include="Filters\DelayAttribute.cs" />
<Compile Include="Filters\FakeUserAttribute.cs" />
<Compile Include="Filters\ErrorMessagesAttribute.cs" />
<Compile Include="Filters\InspectResultPageAttribute.cs" />
<Compile Include="Filters\PassThroughAttribute.cs" />

5
src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs
View File

@ -24,5 +24,10 @@ namespace Microsoft.AspNet.Mvc
{
return context.Filters.Any(item => item is IAllowAnonymous);
}
protected virtual void Fail([NotNull] AuthorizationContext context)
{
context.Result = new HttpStatusCodeResult(401);
}
}
}

82
src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeAttribute.cs Normal file
View File

@ -0,0 +1,82 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc.Core;
using Microsoft.AspNet.DependencyInjection;
using Microsoft.AspNet.Security.Authorization;
namespace Microsoft.AspNet.Mvc
{
public class AuthorizeAttribute : AuthorizationFilterAttribute
{
protected Claim[] _claims;
public AuthorizeAttribute()
{
_claims = new Claim[0];
}
public AuthorizeAttribute([NotNull]IEnumerable<Claim> claims)
{
_claims = claims.ToArray();
}
public AuthorizeAttribute(string claimType, string claimValue)
{
_claims = new [] { new Claim(claimType, claimValue) };
}
public AuthorizeAttribute(string claimType, string claimValue, params string[] otherClaimValues)
: this(claimType, claimValue)
{
if (otherClaimValues.Length > 0)
{
_claims = _claims.Concat(otherClaimValues.Select(claim => new Claim(claimType, claim))).ToArray();
}
}
public override async Task OnAuthorizationAsync([NotNull] AuthorizationContext context)
{
var httpContext = context.HttpContext;
var user = httpContext.User;
// when no claims are specified, we just need to ensure the user is authenticated
if (_claims.Length == 0)
{
var userIsAnonymous =
user == null ||
user.Identity == null ||
!user.Identity.IsAuthenticated;
if(userIsAnonymous)
{
base.Fail(context);
}
}
else
{
var authorizationService = httpContext.RequestServices.GetService<IAuthorizationService>();
if (authorizationService == null)
{
throw new InvalidOperationException(Resources.AuthorizeAttribute_AuthorizationServiceMustBeDefined);
}
var authorized = await authorizationService.AuthorizeAsync(_claims, user);
if (!authorized)
{
base.Fail(context);
}
}
}
public sealed override void OnAuthorization([NotNull] AuthorizationContext context)
{
// The async filter will be called by the filter pipeline.
throw new NotImplementedException(Resources.AuthorizeAttribute_OnAuthorizationNotImplemented);
}
}
}

1
src/Microsoft.AspNet.Mvc.Core/Microsoft.AspNet.Mvc.Core.kproj
View File

@ -61,6 +61,7 @@
<Compile Include="Filters\AllowAnonymousAttribute.cs" />
<Compile Include="Filters\AuthorizationContext.cs" />
<Compile Include="Filters\AuthorizationFilterAttribute.cs" />
<Compile Include="Filters\AuthorizeAttribute.cs" />
<Compile Include="Filters\DefaultFilterProvider.cs" />
<Compile Include="Filters\ExceptionContext.cs" />
<Compile Include="Filters\ExceptionFilterAttribute.cs" />

32
src/Microsoft.AspNet.Mvc.Core/Properties/Resources.Designer.cs generated
View File

@ -682,6 +682,38 @@ namespace Microsoft.AspNet.Mvc.Core
return string.Format(CultureInfo.CurrentCulture, GetString("ViewEngine_ViewNotFound"), p0, p1);
}
/// <summary>
/// Unable to locate an implementation of IAuthorizationService.
/// </summary>
internal static string AuthorizeAttribute_AuthorizationServiceMustBeDefined
{
get { return GetString("AuthorizeAttribute_AuthorizationServiceMustBeDefined"); }
}
/// <summary>
/// Unable to locate an implementation of IAuthorizationService.
/// </summary>
internal static string FormatAuthorizeAttribute_AuthorizationServiceMustBeDefined()
{
return GetString("AuthorizeAttribute_AuthorizationServiceMustBeDefined");
}
/// <summary>
/// OnAuthorization is not implemented by this filter, use OnAuthorizationAsync instead.
/// </summary>
internal static string AuthorizeAttribute_OnAuthorizationNotImplemented
{
get { return GetString("AuthorizeAttribute_OnAuthorizationNotImplemented"); }
}
/// <summary>
/// OnAuthorization is not implemented by this filter, use OnAuthorizationAsync instead.
/// </summary>
internal static string FormatAuthorizeAttribute_OnAuthorizationNotImplemented()
{
return GetString("AuthorizeAttribute_OnAuthorizationNotImplemented");
}
private static string GetString(string name, params string[] formatterNames)
{
var value = _resourceManager.GetString(name);

6
src/Microsoft.AspNet.Mvc.Core/Resources.resx
View File

@ -243,4 +243,10 @@
<data name="ViewEngine_ViewNotFound" xml:space="preserve">
<value>The view '{0}' was not found. The following locations were searched:{1}.</value>
</data>
<data name="AuthorizeAttribute_AuthorizationServiceMustBeDefined" xml:space="preserve">
<value>Unable to locate an implementation of IAuthorizationService.</value>
</data>
<data name="AuthorizeAttribute_OnAuthorizationNotImplemented" xml:space="preserve">
<value>OnAuthorization is not implemented by this filter, use OnAuthorizationAsync instead.</value>
</data>
</root>

1
src/Microsoft.AspNet.Mvc.Core/project.json
View File

@ -8,6 +8,7 @@
"Microsoft.AspNet.DependencyInjection": "0.1-alpha-*",
"Microsoft.AspNet.Abstractions": "0.1-alpha-*",
"Microsoft.AspNet.Routing": "0.1-alpha-*",
"Microsoft.AspNet.Security": "0.1-alpha-*",
"Common": "",
"Microsoft.AspNet.Mvc.ModelBinding": "",
"Microsoft.Net.Runtime.Interfaces": "0.1-alpha-*"

3
src/Microsoft.AspNet.Mvc/MvcServices.cs
View File

@ -8,6 +8,7 @@ using Microsoft.AspNet.Mvc.ModelBinding;
using Microsoft.AspNet.Mvc.Razor;
using Microsoft.AspNet.Mvc.Razor.Compilation;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.AspNet.Security.Authorization;
namespace Microsoft.AspNet.Mvc
{
@ -76,6 +77,8 @@ namespace Microsoft.AspNet.Mvc
yield return describe.Transient<IViewComponentResultHelper, DefaultViewComponentResultHelper>();
yield return describe.Transient<IViewComponentHelper, DefaultViewComponentHelper>();
yield return describe.Transient<IAuthorizationService, DefaultAuthorizationService>();
yield return
describe.Describe(
typeof(INestedProviderManager<>),

127
test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeAttributeTests.cs Normal file
View File

@ -0,0 +1,127 @@
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Security.Authorization;
using Moq;
using Xunit;
namespace Microsoft.AspNet.Mvc.Core.Test
{
public class AuthorizeAttributeTests : AuthorizeAttributeTestsBase
{
[Fact]
public async void Invoke_ValidClaimShouldNotFail()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewPage");
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService)
);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact]
public async void Invoke_EmptyClaimsShouldRejectAnonymousUser()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
var authorizeAttribute = new AuthorizeAttribute();
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService),
anonymous: true
);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async void Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
var authorizeAttribute = new AuthorizeAttribute();
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService)
);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact]
public async void Invoke_SingleValidClaimShouldSucceed()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewComment", "CanViewPage");
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService)
);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.Null(authorizationContext.Result);
}
[Fact]
public async void Invoke_InvalidClaimShouldFail()
{
// Arrange
var authorizationService = new DefaultAuthorizationService(Enumerable.Empty<IAuthorizationPolicy>());
var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewComment");
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService)
);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.NotNull(authorizationContext.Result);
}
[Fact]
public async void Invoke_FailedContextShouldNotCheckPermission()
{
// Arrange
bool authorizationServiceIsCalled = false;
var authorizationService = new Mock<IAuthorizationService>();
authorizationService
.Setup(x => x.AuthorizeAsync(null, null))
.Returns(() =>
{
authorizationServiceIsCalled = true;
return Task.FromResult(true);
});
var authorizeAttribute = new AuthorizeAttribute("Permission", "CanViewComment");
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance<IAuthorizationService>(authorizationService.Object)
);
authorizationContext.Result = new HttpStatusCodeResult(401);
// Act
await authorizeAttribute.OnAuthorizationAsync(authorizationContext);
// Assert
Assert.False(authorizationServiceIsCalled);
}
}
}

56
test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeAttributeTestsBase.cs Normal file
View File

@ -0,0 +1,56 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using Microsoft.AspNet.Abstractions;
using Microsoft.AspNet.DependencyInjection;
using Microsoft.AspNet.DependencyInjection.Fallback;
using Moq;
namespace Microsoft.AspNet.Mvc.Core.Test
{
public class AuthorizeAttributeTestsBase
{
protected AuthorizationContext GetAuthorizationContext(Action<ServiceCollection> registerServices, bool anonymous = false)
{
var validUser = new ClaimsPrincipal(
new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.NameIdentifier, "John")},
"Basic"));
// ServiceProvider
var serviceCollection = new ServiceCollection();
if (registerServices != null)
{
registerServices(serviceCollection);
}
var serviceProvider = serviceCollection.BuildServiceProvider();
// HttpContext
var httpContext = new Mock<HttpContext>();
httpContext.SetupGet(c => c.User).Returns(anonymous ? null : validUser);
httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
// AuthorizationContext
var actionContext = new ActionContext(
httpContext: httpContext.Object,
router: null,
routeValues: null,
actionDescriptor: null
);
var authorizationContext = new AuthorizationContext(
actionContext,
Enumerable.Empty<IFilter>().ToList()
);
return authorizationContext;
}
}
}

2
test/Microsoft.AspNet.Mvc.Core.Test/Microsoft.AspNet.Mvc.Core.Test.kproj
View File

@ -26,6 +26,8 @@
<Compile Include="ActionResults\RedirectToActionResultTest.cs" />
<Compile Include="ActionResults\RedirectToRouteResultTest.cs" />
<Compile Include="ActionSelectionConventionTests.cs" />
<Compile Include="Filters\AuthorizeAttributeTests.cs" />
<Compile Include="Filters\AuthorizeAttributeTestsBase.cs" />
<Compile Include="ControllerTests.cs" />
<Compile Include="DefaultActionSelectorTest.cs" />
<Compile Include="DefaultControllerAssemblyProviderTests.cs" />