huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

React to AuthN changes

This commit is contained in:
Hao Kung 2015-03-02 16:14:38 -08:00
parent ae4cafc002
commit 46aaf790c4
21 changed files with 74 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
samples/MvcSample.Web/FiltersController.cs
View File

@ -3,7 +3,6 @@
using System;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Security;
using MvcSample.Web.Filters;
using MvcSample.Web.Models;

3
samples/MvcSample.Web/Startup.cs
View File

@ -3,10 +3,11 @@
using System;
using System.Security.Claims;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Razor;
using Microsoft.AspNet.Security;
using Microsoft.Framework.ConfigurationModel;
using Microsoft.Framework.DependencyInjection;
using MvcSample.Web.Filters;

22
src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs
View File

@ -2,7 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Collections.Generic;
using Microsoft.AspNet.Http.Security;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.Framework.Internal;
namespace Microsoft.AspNet.Mvc
@ -14,13 +14,13 @@ namespace Microsoft.AspNet.Mvc
{
}
public ChallengeResult(string authenticationType)
: this(new[] { authenticationType })
public ChallengeResult(string authenticationScheme)
: this(new[] { authenticationScheme })
{
}
public ChallengeResult(IList<string> authenticationTypes)
: this(authenticationTypes, properties: null)
public ChallengeResult(IList<string> authenticationSchemes)
: this(authenticationSchemes, properties: null)
{
}
@ -29,25 +29,25 @@ namespace Microsoft.AspNet.Mvc
{
}
public ChallengeResult(string authenticationType, AuthenticationProperties properties)
: this(new[] { authenticationType }, properties)
public ChallengeResult(string authenticationScheme, AuthenticationProperties properties)
: this(new[] { authenticationScheme }, properties)
{
}
public ChallengeResult(IList<string> authenticationTypes, AuthenticationProperties properties)
public ChallengeResult(IList<string> authenticationSchemes, AuthenticationProperties properties)
{
AuthenticationTypes = authenticationTypes;
AuthenticationSchemes = authenticationSchemes;
Properties = properties;
}
public IList<string> AuthenticationTypes { get; set; }
public IList<string> AuthenticationSchemes { get; set; }
public AuthenticationProperties Properties { get; set; }
public override void ExecuteResult([NotNull] ActionContext context)
{
var response = context.HttpContext.Response;
response.Challenge(Properties, AuthenticationTypes);
response.Challenge(Properties, AuthenticationSchemes);
}
}
}

2
src/Microsoft.AspNet.Mvc.Core/ApplicationModels/DefaultActionModelBuilder.cs
View File

@ -5,10 +5,10 @@ using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc.Description;
using Microsoft.AspNet.Mvc.ModelBinding;
using Microsoft.AspNet.Mvc.Routing;
using Microsoft.AspNet.Security;
using Microsoft.Framework.Internal;
using Microsoft.Framework.OptionsModel;

2
src/Microsoft.AspNet.Mvc.Core/ApplicationModels/DefaultControllerModelBuilder.cs
View File

@ -5,10 +5,10 @@ using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc.Description;
using Microsoft.AspNet.Mvc.Filters;
using Microsoft.AspNet.Mvc.Routing;
using Microsoft.AspNet.Security;
using Microsoft.Framework.Internal;
using Microsoft.Framework.Logging;
using Microsoft.Framework.OptionsModel;

15
src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs
View File

@ -4,7 +4,7 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
using Microsoft.Framework.DependencyInjection;
using Microsoft.Framework.Internal;
@ -33,12 +33,17 @@ namespace Microsoft.AspNet.Mvc
public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext context)
{
// Build a ClaimsPrincipal with the Policy's required authentication types
if (Policy.ActiveAuthenticationTypes != null && Policy.ActiveAuthenticationTypes.Any())
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any())
{
var results = await context.HttpContext.AuthenticateAsync(Policy.ActiveAuthenticationTypes);
var results = await context.HttpContext.AuthenticateAsync(Policy.ActiveAuthenticationSchemes);
if (results != null)
{
context.HttpContext.User = new ClaimsPrincipal(results.Where(r => r.Identity != null).Select(r => r.Identity));
var newPrincipal = new ClaimsPrincipal();
foreach (var principal in results.Where(r => r.Principal != null).Select(r => r.Principal))
{
newPrincipal.AddIdentities(principal.Identities);
}
context.HttpContext.User = newPrincipal;
}
}
@ -56,7 +61,7 @@ namespace Microsoft.AspNet.Mvc
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
{
context.Result = new ChallengeResult(Policy.ActiveAuthenticationTypes.ToArray());
context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray());
}
}
}

3
src/Microsoft.AspNet.Mvc.Core/project.json
View File

@ -5,6 +5,8 @@
"warningsAsErrors": true
},
"dependencies": {
"Microsoft.AspNet.Authentication": "1.0.0-*",
"Microsoft.AspNet.Authorization": "1.0.0-*",
"Microsoft.AspNet.DataProtection": "1.0.0-*",
"Microsoft.AspNet.Diagnostics.Interfaces": "1.0.0-*",
"Microsoft.AspNet.FileProviders": "1.0.0-*",
@ -13,7 +15,6 @@
"Microsoft.AspNet.Mvc.Common": { "version": "6.0.0-*", "type": "build" },
"Microsoft.AspNet.Mvc.ModelBinding": "6.0.0-*",
"Microsoft.AspNet.Routing": "1.0.0-*",
"Microsoft.AspNet.Security": "1.0.0-*",
"Microsoft.Framework.CopyOnWriteDictionary.Internal": { "version": "1.0.0-*", "type": "build" },
"Microsoft.Framework.NotNullAttribute.Internal": { "version": "1.0.0-*", "type": "build" },
"Microsoft.Framework.PropertyActivator.Internal": { "version": "1.0.0-*", "type": "build" },

1
src/Microsoft.AspNet.Mvc/project.json
View File

@ -5,6 +5,7 @@
"warningsAsErrors": true
},
"dependencies": {
"Microsoft.AspNet.Authorization": "1.0.0-*",
"Microsoft.AspNet.Mvc.Common": { "version": "6.0.0-*", "type": "build" },
"Microsoft.AspNet.Mvc.Razor": "6.0.0-*",
"Microsoft.Framework.Cache.Memory": "1.0.0-*",

2
test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/ActionModelTest.cs
View File

@ -4,7 +4,7 @@
using System;
using System.Collections.Generic;
using System.Reflection;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
using Xunit;
namespace Microsoft.AspNet.Mvc.ApplicationModels

2
test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/ControllerModelTest.cs
View File

@ -4,7 +4,7 @@
using System;
using System.Collections.Generic;
using System.Reflection;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
using Xunit;
namespace Microsoft.AspNet.Mvc.ApplicationModels

6
test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/DefaultActionModelBuilderTest.cs
View File

@ -5,7 +5,7 @@ using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
using Microsoft.Framework.Internal;
using Microsoft.Framework.OptionsModel;
using Moq;
@ -329,8 +329,8 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
{
// Arrange
var options = new AuthorizationOptions();
options.AddPolicy("Base", policy => policy.RequiresClaim("Basic").RequiresClaim("Basic2"));
options.AddPolicy("Derived", policy => policy.RequiresClaim("Derived"));
options.AddPolicy("Base", policy => policy.RequireClaim("Basic").RequireClaim("Basic2"));
options.AddPolicy("Derived", policy => policy.RequireClaim("Derived"));
var builder = CreateTestDefaultActionModelBuilder(options);
var typeInfo = typeof(DerivedController).GetTypeInfo();
var actionName = nameof(DerivedController.Authorize);

2
test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/DefaultControllerModelBuilderTest.cs
View File

@ -5,8 +5,8 @@ using System;
using System.Linq;
using System.Reflection;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc.Filters;
using Microsoft.AspNet.Security;
using Microsoft.Framework.Internal;
using Xunit;

2
test/Microsoft.AspNet.Mvc.Core.Test/DefaultActionDescriptorCollectionProviderLoggingTest.cs
View File

@ -5,9 +5,9 @@ using System.Collections.Generic;
using System.ComponentModel.Design;
using System.Linq;
using System.Reflection;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc.ApplicationModels;
using Microsoft.AspNet.Mvc.Core;
using Microsoft.AspNet.Security;
using Microsoft.Framework.Logging;
using Xunit;

26
test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs
View File

@ -5,9 +5,9 @@ using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Routing;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Framework.DependencyInjection;
using Microsoft.Framework.DependencyInjection.Fallback;
@ -29,7 +29,7 @@ namespace Microsoft.AspNet.Mvc.Test
public async Task Invoke_ValidClaimShouldNotFail()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewPage").Build());
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewPage").Build());
var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization());
// Act
@ -99,7 +99,7 @@ namespace Microsoft.AspNet.Mvc.Test
public async Task Invoke_SingleValidClaimShouldSucceed()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequiresClaim("Permission", "CanViewComment", "CanViewPage").Build());
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireClaim("Permission", "CanViewComment", "CanViewPage").Build());
var authorizationContext = GetAuthorizationContext(services =>
{
services.AddAuthorization();
@ -117,7 +117,7 @@ namespace Microsoft.AspNet.Mvc.Test
public async Task Invoke_RequireAdminRoleShouldFailWithNoHandlers()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequiresRole("Administrator").Build());
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build());
var authorizationContext = GetAuthorizationContext(services =>
{
services.AddOptions();
@ -135,7 +135,7 @@ namespace Microsoft.AspNet.Mvc.Test
public async Task Invoke_RequireAdminAndUserRoleWithNoPolicyShouldSucceed()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequiresRole("Administrator").Build());
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Administrator").Build());
var authorizationContext = GetAuthorizationContext(services =>
{
services.AddAuthorization();
@ -153,7 +153,7 @@ namespace Microsoft.AspNet.Mvc.Test
public async Task Invoke_RequireUnknownRoleShouldFail()
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequiresRole("Wut").Build());
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireRole("Wut").Build());
var authorizationContext = GetAuthorizationContext(services =>
{
services.AddAuthorization();
@ -172,8 +172,8 @@ namespace Microsoft.AspNet.Mvc.Test
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequiresRole("Administrator")
.RequiresClaim("Permission", "CanViewComment")
.RequireRole("Administrator")
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
{
@ -193,7 +193,7 @@ namespace Microsoft.AspNet.Mvc.Test
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequiresClaim("Permission", "CanViewComment")
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
{
@ -223,7 +223,7 @@ namespace Microsoft.AspNet.Mvc.Test
});
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequiresClaim("Permission", "CanViewComment")
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
services.AddInstance(authorizationService.Object)
@ -243,7 +243,7 @@ namespace Microsoft.AspNet.Mvc.Test
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder()
.RequiresClaim("Permission", "CanViewComment")
.RequireClaim("Permission", "CanViewComment")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
{
@ -263,8 +263,8 @@ namespace Microsoft.AspNet.Mvc.Test
{
// Arrange
var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Basic", "Bearer")
.RequiresClaim("Permission", "CanViewComment")
.RequiresClaim("Permission", "CupBearer")
.RequireClaim("Permission", "CanViewComment")
.RequireClaim("Permission", "CupBearer")
.Build());
var authorizationContext = GetAuthorizationContext(services =>
{

10
test/WebSites/FiltersWebSite/AuthorizeBasicMiddleware.cs
View File

@ -4,10 +4,10 @@
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http.Security;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Security.Infrastructure;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.Framework.OptionsModel;
namespace FiltersWebSite
@ -18,9 +18,9 @@ namespace FiltersWebSite
RequestDelegate next,
IServiceProvider services,
IOptions<BasicOptions> options,
string authType) :
string authScheme) :
base(next, services, options,
new ConfigureOptions<BasicOptions>(o => o.AuthenticationType = authType) { Name = authType })
new ConfigureOptions<BasicOptions>(o => o.AuthenticationScheme = authScheme) { Name = authScheme })
{
}

12
test/WebSites/FiltersWebSite/BasicAuthenticationHandler.cs
View File

@ -4,10 +4,9 @@
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http.Security;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Security.Infrastructure;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.Framework.OptionsModel;
namespace FiltersWebSite
@ -24,15 +23,16 @@ namespace FiltersWebSite
protected override AuthenticationTicket AuthenticateCore()
{
var id = new ClaimsIdentity(
var principal = new ClaimsPrincipal();
principal.AddIdentity(new ClaimsIdentity(
new Claim[] {
new Claim("Permission", "CanViewPage"),
new Claim("Manager", "yes"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim(ClaimTypes.NameIdentifier, "John")
},
Options.AuthenticationType);
return new AuthenticationTicket(id, new AuthenticationProperties());
Options.AuthenticationScheme));
return new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
}
}
}

6
test/WebSites/FiltersWebSite/BasicOptions.cs
View File

@ -4,10 +4,9 @@
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http.Security;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Security.Infrastructure;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.Framework.OptionsModel;
namespace FiltersWebSite
@ -16,7 +15,6 @@ namespace FiltersWebSite
{
public BasicOptions()
{
AuthenticationMode = AuthenticationMode.Passive;
}
}
}

2
test/WebSites/FiltersWebSite/Controllers/AuthorizeUserController.cs
View File

@ -2,7 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
namespace FiltersWebSite
{

4
test/WebSites/FiltersWebSite/ManagerHandler.cs
View File

@ -3,14 +3,14 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
using Microsoft.Framework.DependencyInjection;
namespace FiltersWebSite
{
public class ManagerHandler : AuthorizationHandler<OperationAuthorizationRequirement>
{
public override void Handle(Microsoft.AspNet.Security.AuthorizationContext context, OperationAuthorizationRequirement requirement)
public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
{
if (context.User.HasClaim("Manager", "yes"))
{

2
test/WebSites/FiltersWebSite/Operations.cs
View File

@ -1,7 +1,7 @@
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using Microsoft.AspNet.Security;
using Microsoft.AspNet.Authorization;
namespace FiltersWebSite
{

18
test/WebSites/FiltersWebSite/Startup.cs
View File

@ -3,9 +3,9 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Security;
using Microsoft.Framework.DependencyInjection;
namespace FiltersWebSite
@ -25,26 +25,26 @@ namespace FiltersWebSite
options.AddPolicy("Impossible", policy => { });
options.AddPolicy("Api", policy =>
{
policy.ActiveAuthenticationTypes.Add("Api");
policy.RequiresClaim(ClaimTypes.NameIdentifier);
policy.ActiveAuthenticationSchemes.Add("Api");
policy.RequireClaim(ClaimTypes.NameIdentifier);
});
options.AddPolicy("Api-Manager", policy =>
{
policy.ActiveAuthenticationTypes.Add("Api");
policy.ActiveAuthenticationSchemes.Add("Api");
policy.Requirements.Add(Operations.Edit);
});
options.AddPolicy("Interactive", policy =>
{
policy.ActiveAuthenticationTypes.Add("Interactive");
policy.RequiresClaim(ClaimTypes.NameIdentifier)
.RequiresClaim("Permission", "CanViewPage");
policy.ActiveAuthenticationSchemes.Add("Interactive");
policy.RequireClaim(ClaimTypes.NameIdentifier)
.RequireClaim("Permission", "CanViewPage");
});
});
services.AddSingleton<RandomNumberFilter>();
services.AddSingleton<RandomNumberService>();
services.AddTransient<IAuthorizationHandler, ManagerHandler>();
services.Configure<BasicOptions>(o => o.AuthenticationType = "Api", "Api");
services.Configure<BasicOptions>(o => o.AuthenticationType = "Interactive", "Interactive");
services.Configure<BasicOptions>(o => o.AuthenticationScheme = "Api", "Api");
services.Configure<BasicOptions>(o => o.AuthenticationScheme = "Interactive", "Interactive");
services.Configure<MvcOptions>(options =>
{