hoetz/authorize.cs

## authorize.cs

//Setup Authentication & Authorization
services.AddMvc();
            services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            }).AddCookie()
            .AddOpenIdConnect(o =>
                        {
                            o.ClientId = Configuration["AzureAD:ClientId"];
                            o.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
                            o.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
                            o.Events = new OpenIdConnectEvents
                            {
                                OnRemoteFailure =  OnAuthenticationFailed,
                            };
                        });
            services.AddAuthorization(options =>
            {
                options.AddPolicy("SecurityGroup",
                    policy => policy.Requirements.Add(new MySecurityGroupRequirement(new Guid("38df74de-de2b-48b4-8aec-d308d07f7e07"))));
            });
            services.AddSingleton<IAuthorizationHandler, MySecurityGroupHandler>();


//Requirement and Handler
public class MySecurityGroupRequirement:IAuthorizationRequirement
    {
        public Guid SecurityGroupGuid { get; set; }
        public MySecurityGroupRequirement(Guid securityGroupGuid)
        {
            this.SecurityGroupGuid=securityGroupGuid;
        }
    }
    public class MySecurityGroupHandler : AuthorizationHandler<MySecurityGroupRequirement>
    {
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MySecurityGroupRequirement requirement)
        {
            var groupIdsFromClaims = context.User.FindAll("groups").Select(c => c.Value).ToList();
            if (groupIdsFromClaims.Contains(requirement.SecurityGroupGuid.ToString()))
            {
                context.Succeed(requirement);
                return Task.CompletedTask;

            }
            else
            {
                context.Fail();
                return Task.CompletedTask; //<--- StackOverFlow here
            }
        }
    }

	//Setup Authentication & Authorization
	services.AddMvc();
	services.AddAuthentication(sharedOptions =>
	{
	sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
	sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
	}).AddCookie()
	.AddOpenIdConnect(o =>
	{
	o.ClientId = Configuration["AzureAD:ClientId"];
	o.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
	o.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
	o.Events = new OpenIdConnectEvents
	{
	OnRemoteFailure = OnAuthenticationFailed,
	};
	});
	services.AddAuthorization(options =>
	{
	options.AddPolicy("SecurityGroup",
	policy => policy.Requirements.Add(new MySecurityGroupRequirement(new Guid("38df74de-de2b-48b4-8aec-d308d07f7e07"))));
	});
	services.AddSingleton<IAuthorizationHandler, MySecurityGroupHandler>();



	//Requirement and Handler
	public class MySecurityGroupRequirement:IAuthorizationRequirement
	{
	public Guid SecurityGroupGuid { get; set; }
	public MySecurityGroupRequirement(Guid securityGroupGuid)
	{
	this.SecurityGroupGuid=securityGroupGuid;
	}
	}
	public class MySecurityGroupHandler : AuthorizationHandler<MySecurityGroupRequirement>
	{
	protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MySecurityGroupRequirement requirement)
	{
	var groupIdsFromClaims = context.User.FindAll("groups").Select(c => c.Value).ToList();
	if (groupIdsFromClaims.Contains(requirement.SecurityGroupGuid.ToString()))
	{
	context.Succeed(requirement);
	return Task.CompletedTask;

	}
	else
	{
	context.Fail();
	return Task.CompletedTask; //<--- StackOverFlow here
	}
	}
	}