Adding Auth to endpoints
This commit is contained in:
parent
10782d59a2
commit
8f9f6bcb6f
|
|
@ -4,7 +4,6 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.IO.Pipelines;
|
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using System.Threading;
|
using System.Threading;
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,4 @@ namespace Microsoft.AspNetCore.Sockets
|
||||||
|
|
||||||
public TransportType Transports { get; set; } = TransportType.All;
|
public TransportType Transports { get; set; } = TransportType.All;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -35,9 +35,12 @@ namespace Microsoft.AspNetCore.Sockets
|
||||||
|
|
||||||
public async Task ExecuteAsync<TEndPoint>(string path, HttpContext context) where TEndPoint : EndPoint
|
public async Task ExecuteAsync<TEndPoint>(string path, HttpContext context) where TEndPoint : EndPoint
|
||||||
{
|
{
|
||||||
// Get the end point mapped to this http connection
|
|
||||||
var endpoint = (EndPoint)context.RequestServices.GetRequiredService<TEndPoint>();
|
|
||||||
var options = context.RequestServices.GetRequiredService<IOptions<EndPointOptions<TEndPoint>>>().Value;
|
var options = context.RequestServices.GetRequiredService<IOptions<EndPointOptions<TEndPoint>>>().Value;
|
||||||
|
// TODO: Authorize attribute on EndPoint
|
||||||
|
if (!await AuthorizeHelper.AuthorizeAsync(context, options.Policy))
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (context.Request.Path.StartsWithSegments(path + "/negotiate"))
|
if (context.Request.Path.StartsWithSegments(path + "/negotiate"))
|
||||||
{
|
{
|
||||||
|
|
@ -49,6 +52,8 @@ namespace Microsoft.AspNetCore.Sockets
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// Get the end point mapped to this http connection
|
||||||
|
var endpoint = (EndPoint)context.RequestServices.GetRequiredService<TEndPoint>();
|
||||||
await ExecuteEndpointAsync(path, context, endpoint, options);
|
await ExecuteEndpointAsync(path, context, endpoint, options);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,64 @@
|
||||||
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System.Security.Claims;
|
||||||
|
using System.Threading.Tasks;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Internal;
|
||||||
|
|
||||||
|
namespace Microsoft.AspNetCore.Sockets.Internal
|
||||||
|
{
|
||||||
|
public static class AuthorizeHelper
|
||||||
|
{
|
||||||
|
public static async Task<bool> AuthorizeAsync(HttpContext context, AuthorizationPolicy policy)
|
||||||
|
{
|
||||||
|
if (policy != null)
|
||||||
|
{
|
||||||
|
if (policy.AuthenticationSchemes != null && policy.AuthenticationSchemes.Count > 0)
|
||||||
|
{
|
||||||
|
ClaimsPrincipal newPrincipal = null;
|
||||||
|
foreach (var scheme in policy.AuthenticationSchemes)
|
||||||
|
{
|
||||||
|
var result = await context.Authentication.AuthenticateAsync(scheme);
|
||||||
|
if (result != null)
|
||||||
|
{
|
||||||
|
newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (newPrincipal == null)
|
||||||
|
{
|
||||||
|
newPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
|
||||||
|
}
|
||||||
|
|
||||||
|
context.User = newPrincipal;
|
||||||
|
}
|
||||||
|
|
||||||
|
var authService = context.RequestServices.GetRequiredService<IAuthorizationService>();
|
||||||
|
if (await authService.AuthorizeAsync(context.User, context, policy))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Challenge
|
||||||
|
if (policy.AuthenticationSchemes != null && policy.AuthenticationSchemes.Count > 0)
|
||||||
|
{
|
||||||
|
foreach (var scheme in policy.AuthenticationSchemes)
|
||||||
|
{
|
||||||
|
await context.Authentication.ChallengeAsync(scheme, properties: null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
await context.Authentication.ChallengeAsync(properties: null);
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -17,6 +17,7 @@
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="$(AspNetCoreVersion)" />
|
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="$(AspNetCoreVersion)" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="$(AspNetCoreVersion)" />
|
<PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="$(AspNetCoreVersion)" />
|
||||||
<PackageReference Include="Microsoft.AspNetCore.Routing" Version="$(AspNetCoreVersion)" />
|
<PackageReference Include="Microsoft.AspNetCore.Routing" Version="$(AspNetCoreVersion)" />
|
||||||
|
<PackageReference Include="Microsoft.Extensions.SecurityHelper.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
||||||
<PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
<PackageReference Include="Microsoft.Extensions.TaskCache.Sources" Version="$(AspNetCoreVersion)" PrivateAssets="All" />
|
||||||
<PackageReference Include="System.Reflection.TypeExtensions" Version="$(CoreFxVersion)" />
|
<PackageReference Include="System.Reflection.TypeExtensions" Version="$(CoreFxVersion)" />
|
||||||
<PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
|
<PackageReference Include="System.Security.Claims" Version="$(CoreFxVersion)" />
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue