Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET 5 Authorize against two or more policies (OR-combined policy)

Tags:

c#

asp.net-core

authorization

asp.net-core-mvc

Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1.

[Authorize(Policy = "Limited,Full")] public class FooBarController : Controller {     // This code doesn't work }

If not, how may I achieve this without using policies? There are two groups of users that may access this controller: "Full" and "Limited". Users may either belong to "Full" or "Limited", or both. They only require to belong to one of the two groups in order to access this controller.

like image 877
painiyff Avatar asked Feb 24 '16 18:02

painiyff

People also ask

How would you apply an authorization policy to a controller in an ASP NET core application?

Role-Based Authorization in ASP.NET Core You can specify what roles are authorized to access a specific resource by using the [Authorize] attribute. You can even declare them in such a way that the authorization evaluates at the controller level, action level, or even at a global level. Let's take Slack as an example.

Under Which method should a policy be registered for it to be a part of the authorization service?

Authorization Policy The user must satisfy all the requirements. We Add the policy using the AddAuthorization method in the ConfigureServices of the startup class.

What is IHttpContextAccessor?

IHttpContextAccessor Interface (Microsoft.AspNetCore.Http)Provides access to the current HttpContext, if one is available.

What is IAuthorizationRequirement?

The IAuthorizationRequirement will contain pure data (reads: No services, no dependencies that need to be injected) required for your requirement, the handler will validate it.

2 Answers

Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.

You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in my Authorization Workshop.

like image 117
blowdart Avatar answered Oct 10 '22 10:10

blowdart

Once setting up a new policy "LimitedOrFull" (assuming they match the claim type names) create a requirement like this:

options.AddPolicy("LimitedOrFull", policy =>     policy.RequireAssertion(context =>         context.User.HasClaim(c =>             (c.Type == "Limited" ||              c.Type == "Full"))));

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1#using-a-func-to-fulfill-a-policy

like image 30
Andrius Naruševičius Avatar answered Oct 10 '22 10:10

Andrius Naruševičius
Sign in to Comment

Related questions

Why can't you use 'this' in member initializers? [duplicate]
Nullable reference types with generic return type
Is there any danger in using ConfigureAwait(false) in WebApi or MVC controllers?
What is WebResource.axd?
How to eliminate warning about ambiguity?
Does C# WinForms have a slider control?
Razor: No overload for method 'Write' takes 0 arguments
Defining Local Variable const vs Class const
Xamarin iOS memory leaks everywhere
When and why do you use TryUpdateModel in asp.net mvc 2?
Optional parameters "must be a compile-time constant"
What namespace will a class have if no namespace is defined
XML Auto Commenting C# in Visual Studio Code
What is the c# equivalent of public final static in java
'Code First From Database' Template not showing in Visual Studio Entity Data Model Wizard
@Html.DropDownListFor how to set default value [duplicate]
Concept of Private class in C#
Delegates, Why? [duplicate]
Can I LINQ a JSON?
Use Task.Run() in synchronous method to avoid deadlock waiting on async method?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!