mgernand / aspnetcore.authorization.permissions Goto Github PK
View Code? Open in Web Editor NEWA libary that provides permission-based authorization.
License: MIT License
A libary that provides permission-based authorization.
License: MIT License
Hello @mgernand
Thank you for your great effort in publishing such a great library.
I was trying to add role permissions in the table RolePermissions which accepts a role Id and permission Id, so far this is what I come up with
[Route("api/[controller]")]
[ApiController]
public class RolePermissionsController(ILogger<RolePermissionsController> _logger,
PermissionStore<IdentityPermission, IdentityRole> _rolePermissions) : ControllerBase
{
[HttpPost("Post")]
public async Task<IActionResult> CreateRolePermission([FromQuery] string RoleId, [FromQuery] string PermissionId)
{
_logger.LogInformation("Create Role Permission called");
var permission = await _rolePermissions.FindByIdAsync(PermissionId,default);
if (permission is not null)
{
await _rolePermissions.AddToRoleAsync(permission, RoleId.Normalize(), default);
}
return Ok();
}
}
but it keeps giving me
### Unable to resolve service for type 'MadEyeMatt.AspNetCore.Identity.Permissions.EntityFrameworkCore.PermissionStore
Altho, the AddPermissionsEntityFrameworkStores<ApplicationDbContext>();
should handle registering this service.
Here is my program.cs
using Core.Identity.WepApi;
using Core.Identity.WepApi.Modal;
using MadEyeMatt.AspNetCore.Authorization.Permissions;
using MadEyeMatt.AspNetCore.Identity.Permissions;
using MadEyeMatt.AspNetCore.Identity.Permissions.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.IdentityModel.Tokens.Jwt;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers();
builder.Services.AddAuthorization();
builder.Services.AddPermissionsAuthorization();
builder.Services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection")));
builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options =>
options.User.AllowedUserNameCharacters += " ")
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options =>
{
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
In = ParameterLocation.Cookie,
Description = "Please enter 'Bearer [jwt]'",
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
var scheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
};
options.AddSecurityRequirement(new OpenApiSecurityRequirement { { scheme, Array.Empty<string>() } });
});
using var loggerFactory = LoggerFactory.Create(b => b.SetMinimumLevel(LogLevel.Trace).AddConsole());
var secret = builder.Configuration["JWT:Secret"] ?? throw new InvalidOperationException("Secret not configured");
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = builder.Configuration["JWT:ValidIssuer"],
ValidAudience = builder.Configuration["JWT:ValidAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)),
ClockSkew = new TimeSpan(0, 0, 5)
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Cookies[PresentingOptions.AccessTokenKey]; // Replace 'YourCookieName' with the actual name of your cookie
if (!string.IsNullOrEmpty(accessToken))
{
context.Request.Headers.Append("Authorization", $"Bearer {accessToken}");
}
return Task.CompletedTask;
},
OnChallenge = ctx => LogAttempt(ctx.Request.Headers, "OnChallenge"),
OnTokenValidated = ctx => LogAttempt(ctx.Request.Headers, "OnTokenValidated")
};
});
builder.Services
.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));
})
.AddPermissionsIdentityCore<IdentityUser, IdentityRole, IdentityPermission>()
.AddDefaultUI()
.AddDefaultTokenProviders()
.AddPermissionClaimsProvider()
.AddUserManager<AspNetUserManager<IdentityUser>>()
.AddRoleManager<AspNetRoleManager<IdentityRole>>()
.AddPermissionManager<AspNetPermissionManager<IdentityPermission>>()
.AddPermissionsEntityFrameworkStores<ApplicationDbContext>();
const string policy = "defaultPolicy";
builder.Services.AddCors(options =>
{
options.AddPolicy(policy,
p =>
{
p.AllowAnyHeader();
p.AllowAnyMethod();
p.AllowAnyHeader();
p.AllowAnyOrigin();
});
});
var app = builder.Build();
//PopulateDb();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseCors(policy);
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Task LogAttempt(IHeaderDictionary headers, string eventType)
{
var logger = loggerFactory.CreateLogger<Program>();
var authorizationHeader = headers["Authorization"].FirstOrDefault();
if (authorizationHeader is null)
logger.LogInformation($"{eventType}. JWT not present");
else
{
string jwtString = authorizationHeader.Substring("Bearer ".Length);
var jwt = new JwtSecurityToken(jwtString);
logger.LogInformation($"{eventType}. Expiration: {jwt.ValidTo.ToLongTimeString()}. System time: {DateTime.UtcNow.ToLongTimeString()}");
}
return Task.CompletedTask;
}
Any thoughts?
For Example:
I could write these attribtues:
ReadPermission("user")
WritePermission("user")
DeletePermission("user")
If it's possible to make this even more readable a resource attribute to the controller could be also added to avoid setting it in the Permission attributes
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.