mgernand / aspnetcore.authorization.permissions Goto Github PK
View Code? Open in Web Editor NEWA libary that provides permission-based authorization.
License: MIT License
aspnetcore.authorization.permissions's People
Contributors
Stargazers
Watchers
aspnetcore.authorization.permissions's Issues
Create an admin tool.
Add tenant example for Single Database with Tenant Column
Context Issue
I have a project where DBcontext is in another project. Initially there was an error as Dbcontext not found. So used IDesignTimeContextFactory. Migrations are created Successfully but one error is still shown. How can I overcome this issue?
Create RolePermissions using EF
Hello @mgernand
Thank you for your great effort in publishing such a great library.
I was trying to add role permissions in the table RolePermissions which accepts a role Id and permission Id, so far this is what I come up with
[Route("api/[controller]")]
[ApiController]
public class RolePermissionsController(ILogger<RolePermissionsController> _logger,
PermissionStore<IdentityPermission, IdentityRole> _rolePermissions) : ControllerBase
{
[HttpPost("Post")]
public async Task<IActionResult> CreateRolePermission([FromQuery] string RoleId, [FromQuery] string PermissionId)
{
_logger.LogInformation("Create Role Permission called");
var permission = await _rolePermissions.FindByIdAsync(PermissionId,default);
if (permission is not null)
{
await _rolePermissions.AddToRoleAsync(permission, RoleId.Normalize(), default);
}
return Ok();
}
}
but it keeps giving me
### Unable to resolve service for type 'MadEyeMatt.AspNetCore.Identity.Permissions.EntityFrameworkCore.PermissionStore
Altho, the AddPermissionsEntityFrameworkStores<ApplicationDbContext>(); should handle registering this service.
Here is my program.cs
using Core.Identity.WepApi;
using Core.Identity.WepApi.Modal;
using MadEyeMatt.AspNetCore.Authorization.Permissions;
using MadEyeMatt.AspNetCore.Identity.Permissions;
using MadEyeMatt.AspNetCore.Identity.Permissions.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers();
builder.Services.AddAuthorization();
builder.Services.AddPermissionsAuthorization();
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options =>
options.User.AllowedUserNameCharacters += " ")
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>
{
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
In = ParameterLocation.Cookie,
Description = "Please enter 'Bearer [jwt]'",
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
var scheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
};
options.AddSecurityRequirement(new OpenApiSecurityRequirement { { scheme, Array.Empty<string>() } });
});
using var loggerFactory = LoggerFactory.Create(b => b.SetMinimumLevel(LogLevel.Trace).AddConsole());
var secret = builder.Configuration["JWT:Secret"] ?? throw new InvalidOperationException("Secret not configured");
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
ValidAudience = builder.Configuration["JWT:ValidAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)),
ClockSkew = new TimeSpan(0, 0, 5)
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Cookies[PresentingOptions.AccessTokenKey]; // Replace 'YourCookieName' with the actual name of your cookie
if (!string.IsNullOrEmpty(accessToken))
{
context.Request.Headers.Append("Authorization", $"Bearer {accessToken}");
}
return Task.CompletedTask;
},
OnChallenge = ctx => LogAttempt(ctx.Request.Headers, "OnChallenge"),
OnTokenValidated = ctx => LogAttempt(ctx.Request.Headers, "OnTokenValidated")
};
});
builder.Services
.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));
})
.AddPermissionsIdentityCore<IdentityUser, IdentityRole, IdentityPermission>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddPermissionClaimsProvider()
.AddUserManager<AspNetUserManager<IdentityUser>>()
.AddRoleManager<AspNetRoleManager<IdentityRole>>()
.AddPermissionManager<AspNetPermissionManager<IdentityPermission>>()
.AddPermissionsEntityFrameworkStores<ApplicationDbContext>();
const string policy = "defaultPolicy";
builder.Services.AddCors(options =>
{
options.AddPolicy(policy,
p =>
{
p.AllowAnyHeader();
p.AllowAnyMethod();
p.AllowAnyHeader();
p.AllowAnyOrigin();
});
});
var app = builder.Build();
//PopulateDb();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseCors(policy);
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Task LogAttempt(IHeaderDictionary headers, string eventType)
{
var logger = loggerFactory.CreateLogger<Program>();
var authorizationHeader = headers["Authorization"].FirstOrDefault();
if (authorizationHeader is null)
logger.LogInformation($"{eventType}. JWT not present");
else
{
string jwtString = authorizationHeader.Substring("Bearer ".Length);
var jwt = new JwtSecurityToken(jwtString);
logger.LogInformation($"{eventType}. Expiration: {jwt.ValidTo.ToLongTimeString()}. System time: {DateTime.UtcNow.ToLongTimeString()}");
}
return Task.CompletedTask;
}
Any thoughts?
Add Ability to override the RequirePermissionAttribute For better readability
For Example:
I could write these attribtues:
ReadPermission("user")
WritePermission("user")
DeletePermission("user")
If it's possible to make this even more readable a resource attribute to the controller could be also added to avoid setting it in the Permission attributes
Add hierarchical tenants feature.
Add tenant example for Database per Tenant
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.