React to AuthZ changes
This commit is contained in:
parent
2dcec8fe51
commit
fd17481a73
|
|
@ -44,10 +44,10 @@ namespace Microsoft.AspNet.Mvc.Filters
|
||||||
}
|
}
|
||||||
|
|
||||||
// Build a ClaimsPrincipal with the Policy's required authentication types
|
// Build a ClaimsPrincipal with the Policy's required authentication types
|
||||||
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any())
|
if (Policy.AuthenticationSchemes != null && Policy.AuthenticationSchemes.Any())
|
||||||
{
|
{
|
||||||
ClaimsPrincipal newPrincipal = null;
|
ClaimsPrincipal newPrincipal = null;
|
||||||
foreach (var scheme in Policy.ActiveAuthenticationSchemes)
|
foreach (var scheme in Policy.AuthenticationSchemes)
|
||||||
{
|
{
|
||||||
var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme);
|
var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme);
|
||||||
if (result != null)
|
if (result != null)
|
||||||
|
|
@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Mvc.Filters
|
||||||
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
|
!httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
|
||||||
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
|
!await authService.AuthorizeAsync(httpContext.User, context, Policy))
|
||||||
{
|
{
|
||||||
context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray());
|
context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ namespace FiltersWebSite
|
||||||
{
|
{
|
||||||
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
|
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
|
||||||
{
|
{
|
||||||
protected override Task<AuthenticationTicket> HandleAuthenticateAsync()
|
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||||
{
|
{
|
||||||
var principal = new ClaimsPrincipal();
|
var principal = new ClaimsPrincipal();
|
||||||
principal.AddIdentity(new ClaimsIdentity(
|
principal.AddIdentity(new ClaimsIdentity(
|
||||||
|
|
@ -24,8 +24,8 @@ namespace FiltersWebSite
|
||||||
new Claim(ClaimTypes.NameIdentifier, "John")
|
new Claim(ClaimTypes.NameIdentifier, "John")
|
||||||
},
|
},
|
||||||
Options.AuthenticationScheme));
|
Options.AuthenticationScheme));
|
||||||
return Task.FromResult(new AuthenticationTicket(principal,
|
return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal,
|
||||||
new AuthenticationProperties(), Options.AuthenticationScheme));
|
new AuthenticationProperties(), Options.AuthenticationScheme)));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -20,22 +20,22 @@ namespace FiltersWebSite
|
||||||
// This policy cannot succeed since the claim is never added
|
// This policy cannot succeed since the claim is never added
|
||||||
options.AddPolicy("Impossible", policy =>
|
options.AddPolicy("Impossible", policy =>
|
||||||
{
|
{
|
||||||
policy.ActiveAuthenticationSchemes.Add("Interactive");
|
policy.AuthenticationSchemes.Add("Interactive");
|
||||||
policy.RequireClaim("Never");
|
policy.RequireClaim("Never");
|
||||||
});
|
});
|
||||||
options.AddPolicy("Api", policy =>
|
options.AddPolicy("Api", policy =>
|
||||||
{
|
{
|
||||||
policy.ActiveAuthenticationSchemes.Add("Api");
|
policy.AuthenticationSchemes.Add("Api");
|
||||||
policy.RequireClaim(ClaimTypes.NameIdentifier);
|
policy.RequireClaim(ClaimTypes.NameIdentifier);
|
||||||
});
|
});
|
||||||
options.AddPolicy("Api-Manager", policy =>
|
options.AddPolicy("Api-Manager", policy =>
|
||||||
{
|
{
|
||||||
policy.ActiveAuthenticationSchemes.Add("Api");
|
policy.AuthenticationSchemes.Add("Api");
|
||||||
policy.Requirements.Add(Operations.Edit);
|
policy.Requirements.Add(Operations.Edit);
|
||||||
});
|
});
|
||||||
options.AddPolicy("Interactive", policy =>
|
options.AddPolicy("Interactive", policy =>
|
||||||
{
|
{
|
||||||
policy.ActiveAuthenticationSchemes.Add("Interactive");
|
policy.AuthenticationSchemes.Add("Interactive");
|
||||||
policy.RequireClaim(ClaimTypes.NameIdentifier)
|
policy.RequireClaim(ClaimTypes.NameIdentifier)
|
||||||
.RequireClaim("Permission", "CanViewPage");
|
.RequireClaim("Permission", "CanViewPage");
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue