Last active
May 14, 2021 09:06
-
-
Save Platonenkov/598ebdaa73bebf81fc8d4f66c87fc226 to your computer and use it in GitHub Desktop.
Policy for authorization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class OlderThanRequirement : IAuthorizationRequirement | |
{ | |
public OlderThanRequirement(int years) | |
{ | |
Years = years; | |
} | |
public int Years { get; } | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class OlderThanRequirementHandler : AuthorizationHandler<OlderThanRequirement> | |
{ | |
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OlderThanRequirement requirement) | |
{ | |
var hasClaim = context.User.HasClaim(x => x.Type == ClaimTypes.DateOfBirth); | |
if (!hasClaim) | |
{ | |
return Task.CompletedTask; | |
} | |
var dateOfBirth = context.User.FindFirst(x => x.Type == ClaimTypes.DateOfBirth)?.Value; | |
if(dateOfBirth is null) | |
return Task.CompletedTask; | |
if (!DateTime.TryParse(dateOfBirth, new CultureInfo("ru-RU"), DateTimeStyles.None, out var date)) | |
return Task.CompletedTask; | |
var canEnterDiff = DateTime.Now.Year - date.Year; | |
if (canEnterDiff >= requirement.Years) | |
{ | |
context.Succeed(requirement); | |
} | |
return Task.CompletedTask; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public void ConfigureServices(IServiceCollection services) | |
{ | |
//services.AddAuthorization(options=> | |
//{ | |
//options.AddPolicy("OlderThan18", policy=> | |
//{ | |
//policy.AddRequirements(new OlderThanRequirement(18)); | |
//}); | |
//} | |
services.AddAuthorization(); | |
services.AddSingleton<IAuthorizationHandler, OlderThanRequirementHandler>(); | |
services.AddSingleton<IAuthorizationPolicyProvider, CustomAuthorizationPolicyProvider>(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Microsoft.AspNetCore.Mvc; | |
using Microsoft.Extensions.Logging; | |
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Threading.Tasks; | |
using IdentityServer4.AccessTokenValidation; | |
using Microsoft.AspNetCore.Authorization; | |
namespace ApiSample1.Controllers | |
{ | |
[ApiController] | |
[Route("[controller]")] | |
[Authorize(Policy = "OlderThan18")] | |
public class WeatherForecastController : ControllerBase | |
{ | |
//code | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
по этапам:
Если вдруг api отвечает что-то подобное
Authorization failed. These requirements were not met: ApiSample1.Startup+OlderThanRequirement AuthenticationScheme: Bearer was forbidden.
значит вы неправильно зарегистрировали сервисы и сервер просто не видит политику для проверки требования
не забыть добавить в ApiResources: Scopes и Claims если требования стоят на них