Added new middleware to protect paths by authorization (also static files)

2023-06-27 11:01:54 +02:00
parent 371283e653
commit 28377a89eb
11 changed files with 249 additions and 8 deletions
--- a/AMWD.Common.AspNetCore/Attributes/BasicAuthenticationAttribute.cs
+++ b/AMWD.Common.AspNetCore/Attributes/BasicAuthenticationAttribute.cs
@@ -4,7 +4,7 @@ using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
-using AMWD.Common.AspNetCore.BasicAuthentication;
+using AMWD.Common.AspNetCore.Security.BasicAuthentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
--- a/AMWD.Common.AspNetCore/Security/BasicAuthentication/BasicAuthenticationHandler.cs
+++ b/AMWD.Common.AspNetCore/Security/BasicAuthentication/BasicAuthenticationHandler.cs
@@ -11,7 +11,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;

-namespace AMWD.Common.AspNetCore.BasicAuthentication
+namespace AMWD.Common.AspNetCore.Security.BasicAuthentication
 {
 	/// <summary>
 	/// Implements the <see cref="AuthenticationHandler{TOptions}"/> for Basic Authentication.
--- a/AMWD.Common.AspNetCore/Security/BasicAuthentication/BasicAuthenticationMiddleware.cs
+++ b/AMWD.Common.AspNetCore/Security/BasicAuthentication/BasicAuthenticationMiddleware.cs
@@ -6,7 +6,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;

-namespace AMWD.Common.AspNetCore.BasicAuthentication
+namespace AMWD.Common.AspNetCore.Security.BasicAuthentication
 {
 	/// <summary>
 	/// Implements a basic authentication.
--- a/AMWD.Common.AspNetCore/Security/BasicAuthentication/IBasicAuthenticationValidator.cs
+++ b/AMWD.Common.AspNetCore/Security/BasicAuthentication/IBasicAuthenticationValidator.cs
@@ -3,7 +3,7 @@ using System.Security.Claims;
 using System.Threading;
 using System.Threading.Tasks;

-namespace AMWD.Common.AspNetCore.BasicAuthentication
+namespace AMWD.Common.AspNetCore.Security.BasicAuthentication
 {
 	/// <summary>
 	/// Interface representing the validation of a basic authentication.
--- a/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathExtensions.cs
+++ b/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathExtensions.cs
@@ -0,0 +1,19 @@
+using Microsoft.AspNetCore.Builder;
+
+namespace AMWD.Common.AspNetCore.Security.PathProtection
+{
+	/// <summary>
+	/// Extnsion for <see cref="IApplicationBuilder"/> to enable folder protection.
+	/// </summary>
+	[System.Diagnostics.CodeAnalysis.ExcludeFromCodeCoverage]
+	public static class ProtectedPathExtensions
+	{
+		/// <summary>
+		/// Provide protected paths even for static files.
+		/// </summary>
+		/// <param name="app">The <see cref="IApplicationBuilder"/>.</param>
+		/// <param name="options">The <see cref="ProtectedPathOptions"/> with path and policy name.</param>
+		public static IApplicationBuilder UseProtectedPath(this IApplicationBuilder app, ProtectedPathOptions options)
+			=> app.UseMiddleware<ProtectedPathMiddleware>(options);
+	}
+}
--- a/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathMiddleware.cs
+++ b/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathMiddleware.cs
@@ -0,0 +1,50 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace AMWD.Common.AspNetCore.Security.PathProtection
+{
+	/// <summary>
+	/// Implements a check to provide protected paths.
+	/// </summary>
+	public class ProtectedPathMiddleware
+	{
+		private readonly RequestDelegate next;
+		private readonly PathString path;
+		private readonly string policyName;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="ProtectedPathExtensions"/> class.
+		/// </summary>
+		/// <param name="next">The following delegate in the process chain.</param>
+		/// <param name="options">The options to configure the middleware.</param>
+		public ProtectedPathMiddleware(RequestDelegate next, ProtectedPathOptions options)
+		{
+			this.next = next;
+			path = options.Path;
+			policyName = options.PolicyName;
+		}
+
+		/// <summary>
+		/// The delegate invokation.
+		/// Performs the protection check.
+		/// </summary>
+		/// <param name="httpContext">The corresponding HTTP context.</param>
+		/// <param name="authorizationService">The <see cref="IAuthorizationService"/>.</param>
+		/// <returns>An awaitable task.</returns>
+		public async Task InvokeAsync(HttpContext httpContext, IAuthorizationService authorizationService)
+		{
+			if (httpContext.Request.Path.StartsWithSegments(path))
+			{
+				var result = await authorizationService.AuthorizeAsync(httpContext.User, null, policyName);
+				if (!result.Succeeded)
+				{
+					await httpContext.ChallengeAsync();
+					return;
+				}
+			}
+			await next.Invoke(httpContext);
+		}
+	}
+}
--- a/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathOptions.cs
+++ b/AMWD.Common.AspNetCore/Security/PathProtection/ProtectedPathOptions.cs
@@ -0,0 +1,20 @@
+using Microsoft.AspNetCore.Http;
+
+namespace AMWD.Common.AspNetCore.Security.PathProtection
+{
+	/// <summary>
+	/// Options to define which folder should be protected.
+	/// </summary>
+	public class ProtectedPathOptions
+	{
+		/// <summary>
+		/// Gets or sets the path to the protected folder.
+		/// </summary>
+		public PathString Path { get; set; }
+
+		/// <summary>
+		/// Gets or sets the policy name to use.
+		/// </summary>
+		public string PolicyName { get; set; }
+	}
+}