Browse Source

Add authorization feature to CAP dashboard (#1113)

master
albertopm19 2 years ago
committed by GitHub
parent
commit
3482c553e7
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 2 deletions
  1. +8
    -2
      samples/Sample.Dashboard.Auth/Startup.cs
  2. +32
    -0
      src/DotNetCore.CAP.Dashboard/CAP.BuilderExtension.cs
  3. +5
    -0
      src/DotNetCore.CAP.Dashboard/CAP.DashboardOptions.cs

+ 8
- 2
samples/Sample.Dashboard.Auth/Startup.cs View File

@@ -17,8 +17,12 @@ namespace Sample.Dashboard.Auth


public void ConfigureServices(IServiceCollection services) public void ConfigureServices(IServiceCollection services)
{ {
services
.AddAuthorization()
services
.AddAuthorization((options =>
{
// only if you want to apply role filter to CAP Dashboard user
options.AddPolicy("PolicyCap", policy => policy.RequireRole("admin.events"));
}))
.AddAuthentication(options => .AddAuthentication(options =>
{ {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -55,6 +59,8 @@ namespace Sample.Dashboard.Auth
d.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; d.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
d.UseAuth = true; d.UseAuth = true;
d.DefaultAuthenticationScheme = "MyDashboardScheme"; d.DefaultAuthenticationScheme = "MyDashboardScheme";
// only if you want to apply policy authorization filter to CAP Dashboard user
d.AuthorizationPolicy = "PolicyCap";
}); });
cap.UseMySql(_configuration.GetValue<string>("ConnectionString")); cap.UseMySql(_configuration.GetValue<string>("ConnectionString"));
cap.UseRabbitMQ(aa => cap.UseRabbitMQ(aa =>


+ 32
- 0
src/DotNetCore.CAP.Dashboard/CAP.BuilderExtension.cs View File

@@ -9,6 +9,7 @@ using DotNetCore.CAP.Dashboard.GatewayProxy;
using DotNetCore.CAP.Dashboard.NodeDiscovery; using DotNetCore.CAP.Dashboard.NodeDiscovery;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
@@ -44,6 +45,12 @@ namespace DotNetCore.CAP
app.Map(options.PathMatch + "/api", false, x => app.Map(options.PathMatch + "/api", false, x =>
{ {


IAuthorizationService authService = null;
if (!String.IsNullOrEmpty(options.AuthorizationPolicy))
{
authService = app.ApplicationServices.GetService<IAuthorizationService>();
}

var builder = new RouteBuilder(x); var builder = new RouteBuilder(x);


var methods = typeof(RouteActionProvider).GetMethods(BindingFlags.Instance | BindingFlags.Public); var methods = typeof(RouteActionProvider).GetMethods(BindingFlags.Instance | BindingFlags.Public);
@@ -64,6 +71,12 @@ namespace DotNetCore.CAP
return; return;
} }


if (!await Authorize(request, response, options, authService))
{
response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}

var actionProvider = new RouteActionProvider(request, response, data); var actionProvider = new RouteActionProvider(request, response, data);
try try
{ {
@@ -88,6 +101,12 @@ namespace DotNetCore.CAP
return; return;
} }


if (!await Authorize(request, response, options, authService))
{
response.StatusCode = StatusCodes.Status401Unauthorized;
return;
}

var actionProvider = new RouteActionProvider(request, response, data); var actionProvider = new RouteActionProvider(request, response, data);
try try
{ {
@@ -144,5 +163,18 @@ namespace DotNetCore.CAP


return true; return true;
} }

internal static async Task<bool> Authorize(HttpRequest request, HttpResponse response, DashboardOptions options, IAuthorizationService authservice)
{
if (!String.IsNullOrEmpty(options.AuthorizationPolicy) && (authservice != null))
{
AuthorizationResult authorizationResult = await authservice.AuthorizeAsync(request.HttpContext.User, null, options.AuthorizationPolicy);
if (!authorizationResult.Succeeded)
{
return false;
}
}
return true;
}
} }
} }

+ 5
- 0
src/DotNetCore.CAP.Dashboard/CAP.DashboardOptions.cs View File

@@ -47,5 +47,10 @@ namespace DotNetCore.CAP
/// Default scheme used for authentication challenge. If no scheme is set, the DefaultChallengeScheme set up in AddAuthentication will be used. /// Default scheme used for authentication challenge. If no scheme is set, the DefaultChallengeScheme set up in AddAuthentication will be used.
/// </summary> /// </summary>
public string DefaultChallengeScheme { get; set; } public string DefaultChallengeScheme { get; set; }

/// <summary>
/// Authorization policy. If no policy is set, authorization will be inactive.
/// </summary>
public string AuthorizationPolicy { get; set; }
} }
} }

Loading…
Cancel
Save