React to AuthZ changes

This commit is contained in:
Hao Kung 2015-10-14 17:04:31 -07:00
parent 2dcec8fe51
commit fd17481a73
3 changed files with 10 additions and 10 deletions

View File

@ -44,10 +44,10 @@ namespace Microsoft.AspNet.Mvc.Filters
} }
// Build a ClaimsPrincipal with the Policy's required authentication types // Build a ClaimsPrincipal with the Policy's required authentication types
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any()) if (Policy.AuthenticationSchemes != null && Policy.AuthenticationSchemes.Any())
{ {
ClaimsPrincipal newPrincipal = null; ClaimsPrincipal newPrincipal = null;
foreach (var scheme in Policy.ActiveAuthenticationSchemes) foreach (var scheme in Policy.AuthenticationSchemes)
{ {
var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme); var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme);
if (result != null) if (result != null)
@ -77,7 +77,7 @@ namespace Microsoft.AspNet.Mvc.Filters
!httpContext.User.Identities.Any(i => i.IsAuthenticated) || !httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
!await authService.AuthorizeAsync(httpContext.User, context, Policy)) !await authService.AuthorizeAsync(httpContext.User, context, Policy))
{ {
context.Result = new ChallengeResult(Policy.ActiveAuthenticationSchemes.ToArray()); context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray());
} }
} }
} }

View File

@ -13,7 +13,7 @@ namespace FiltersWebSite
{ {
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions> public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
{ {
protected override Task<AuthenticationTicket> HandleAuthenticateAsync() protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{ {
var principal = new ClaimsPrincipal(); var principal = new ClaimsPrincipal();
principal.AddIdentity(new ClaimsIdentity( principal.AddIdentity(new ClaimsIdentity(
@ -24,8 +24,8 @@ namespace FiltersWebSite
new Claim(ClaimTypes.NameIdentifier, "John") new Claim(ClaimTypes.NameIdentifier, "John")
}, },
Options.AuthenticationScheme)); Options.AuthenticationScheme));
return Task.FromResult(new AuthenticationTicket(principal, return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal,
new AuthenticationProperties(), Options.AuthenticationScheme)); new AuthenticationProperties(), Options.AuthenticationScheme)));
} }
} }
} }

View File

@ -20,22 +20,22 @@ namespace FiltersWebSite
// This policy cannot succeed since the claim is never added // This policy cannot succeed since the claim is never added
options.AddPolicy("Impossible", policy => options.AddPolicy("Impossible", policy =>
{ {
policy.ActiveAuthenticationSchemes.Add("Interactive"); policy.AuthenticationSchemes.Add("Interactive");
policy.RequireClaim("Never"); policy.RequireClaim("Never");
}); });
options.AddPolicy("Api", policy => options.AddPolicy("Api", policy =>
{ {
policy.ActiveAuthenticationSchemes.Add("Api"); policy.AuthenticationSchemes.Add("Api");
policy.RequireClaim(ClaimTypes.NameIdentifier); policy.RequireClaim(ClaimTypes.NameIdentifier);
}); });
options.AddPolicy("Api-Manager", policy => options.AddPolicy("Api-Manager", policy =>
{ {
policy.ActiveAuthenticationSchemes.Add("Api"); policy.AuthenticationSchemes.Add("Api");
policy.Requirements.Add(Operations.Edit); policy.Requirements.Add(Operations.Edit);
}); });
options.AddPolicy("Interactive", policy => options.AddPolicy("Interactive", policy =>
{ {
policy.ActiveAuthenticationSchemes.Add("Interactive"); policy.AuthenticationSchemes.Add("Interactive");
policy.RequireClaim(ClaimTypes.NameIdentifier) policy.RequireClaim(ClaimTypes.NameIdentifier)
.RequireClaim("Permission", "CanViewPage"); .RequireClaim("Permission", "CanViewPage");
}); });