Add AD auth and B1 currency fields
This commit is contained in:
@@ -0,0 +1,43 @@
|
||||
using System.Security.Claims;
|
||||
using System.Text.Encodings.Web;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace TrafagSalesExporter.Security;
|
||||
|
||||
public sealed class DevelopmentAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
||||
{
|
||||
public const string SchemeName = "Development";
|
||||
public const string AdminClaimType = "TrafagSalesExporter.Admin";
|
||||
|
||||
private readonly IConfiguration _configuration;
|
||||
|
||||
public DevelopmentAuthenticationHandler(
|
||||
IOptionsMonitor<AuthenticationSchemeOptions> options,
|
||||
ILoggerFactory logger,
|
||||
UrlEncoder encoder,
|
||||
IConfiguration configuration)
|
||||
: base(options, logger, encoder)
|
||||
{
|
||||
_configuration = configuration;
|
||||
}
|
||||
|
||||
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
var settings = _configuration.GetSection(SecurityOptions.SectionName).Get<SecurityOptions>() ?? new SecurityOptions();
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
new(ClaimTypes.Name, settings.DevelopmentUserName),
|
||||
new(ClaimTypes.NameIdentifier, settings.DevelopmentUserName)
|
||||
};
|
||||
|
||||
if (settings.DevelopmentUserIsAdmin)
|
||||
claims.Add(new Claim(AdminClaimType, "true"));
|
||||
|
||||
var identity = new ClaimsIdentity(claims, SchemeName);
|
||||
var principal = new ClaimsPrincipal(identity);
|
||||
var ticket = new AuthenticationTicket(principal, SchemeName);
|
||||
|
||||
return Task.FromResult(AuthenticateResult.Success(ticket));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
namespace TrafagSalesExporter.Security;
|
||||
|
||||
public sealed class SecurityOptions
|
||||
{
|
||||
public const string SectionName = "Security";
|
||||
|
||||
public bool DevelopmentBypass { get; set; }
|
||||
public bool DevelopmentUserIsAdmin { get; set; }
|
||||
public string DevelopmentUserName { get; set; } = "DEV\\TrafagDeveloper";
|
||||
public List<string> AccessGroups { get; set; } = [];
|
||||
public List<string> AdminGroups { get; set; } = [];
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
namespace TrafagSalesExporter.Security;
|
||||
|
||||
public static class SecurityPolicies
|
||||
{
|
||||
public const string AdminOnly = nameof(AdminOnly);
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace TrafagSalesExporter.Security;
|
||||
|
||||
public static class SecurityPolicyFactory
|
||||
{
|
||||
public static AuthorizationPolicy BuildAccessPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
|
||||
{
|
||||
var builder = new AuthorizationPolicyBuilder()
|
||||
.RequireAuthenticatedUser();
|
||||
|
||||
if (!useDevelopmentAuthentication && settings.AccessGroups.Count > 0)
|
||||
{
|
||||
builder.RequireAssertion(context =>
|
||||
settings.AccessGroups.Any(group => context.User.IsInRole(group)));
|
||||
}
|
||||
|
||||
return builder.Build();
|
||||
}
|
||||
|
||||
public static AuthorizationPolicy BuildAdminPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
|
||||
{
|
||||
var builder = new AuthorizationPolicyBuilder()
|
||||
.RequireAuthenticatedUser();
|
||||
|
||||
builder.RequireAssertion(context =>
|
||||
useDevelopmentAuthentication && context.User.HasClaim(DevelopmentAuthenticationHandler.AdminClaimType, "true") ||
|
||||
settings.AdminGroups.Any(group => context.User.IsInRole(group)));
|
||||
|
||||
return builder.Build();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user