Add AD auth and B1 currency fields

This commit is contained in:
2026-04-29 11:07:35 +02:00
parent 3ac03a4782
commit 4a1561d85f
29 changed files with 1016 additions and 31 deletions
@@ -0,0 +1,43 @@
using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Options;
namespace TrafagSalesExporter.Security;
public sealed class DevelopmentAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public const string SchemeName = "Development";
public const string AdminClaimType = "TrafagSalesExporter.Admin";
private readonly IConfiguration _configuration;
public DevelopmentAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
IConfiguration configuration)
: base(options, logger, encoder)
{
_configuration = configuration;
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var settings = _configuration.GetSection(SecurityOptions.SectionName).Get<SecurityOptions>() ?? new SecurityOptions();
var claims = new List<Claim>
{
new(ClaimTypes.Name, settings.DevelopmentUserName),
new(ClaimTypes.NameIdentifier, settings.DevelopmentUserName)
};
if (settings.DevelopmentUserIsAdmin)
claims.Add(new Claim(AdminClaimType, "true"));
var identity = new ClaimsIdentity(claims, SchemeName);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, SchemeName);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}
@@ -0,0 +1,12 @@
namespace TrafagSalesExporter.Security;
public sealed class SecurityOptions
{
public const string SectionName = "Security";
public bool DevelopmentBypass { get; set; }
public bool DevelopmentUserIsAdmin { get; set; }
public string DevelopmentUserName { get; set; } = "DEV\\TrafagDeveloper";
public List<string> AccessGroups { get; set; } = [];
public List<string> AdminGroups { get; set; } = [];
}
@@ -0,0 +1,6 @@
namespace TrafagSalesExporter.Security;
public static class SecurityPolicies
{
public const string AdminOnly = nameof(AdminOnly);
}
@@ -0,0 +1,32 @@
using Microsoft.AspNetCore.Authorization;
namespace TrafagSalesExporter.Security;
public static class SecurityPolicyFactory
{
public static AuthorizationPolicy BuildAccessPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
{
var builder = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser();
if (!useDevelopmentAuthentication && settings.AccessGroups.Count > 0)
{
builder.RequireAssertion(context =>
settings.AccessGroups.Any(group => context.User.IsInRole(group)));
}
return builder.Build();
}
public static AuthorizationPolicy BuildAdminPolicy(SecurityOptions settings, bool useDevelopmentAuthentication)
{
var builder = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser();
builder.RequireAssertion(context =>
useDevelopmentAuthentication && context.User.HasClaim(DevelopmentAuthenticationHandler.AdminClaimType, "true") ||
settings.AdminGroups.Any(group => context.User.IsInRole(group)));
return builder.Build();
}
}