174 lines
4.5 KiB
C#
174 lines
4.5 KiB
C#
using System.Net;
|
|
using System.Security.Claims;
|
|
using Microsoft.AspNetCore.DataProtection;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
// Add services to the container.
|
|
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
builder.Services.AddDataProtection();
|
|
var app = builder.Build();
|
|
|
|
// Configure the HTTP request pipeline.
|
|
if (app.Environment.IsDevelopment())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseHttpsRedirection();
|
|
|
|
#region Basic
|
|
|
|
const string AuthCookie = "auth";
|
|
|
|
app.MapGet("/secured-method", (HttpContext ctx) =>
|
|
{
|
|
// authentication
|
|
if (ctx.Request.Cookies.ContainsKey(AuthCookie))
|
|
{
|
|
var cookie = ctx.Request.Cookies[AuthCookie];
|
|
var parts = cookie!.Split("&").ToList();
|
|
var entityType = parts[1].Split(":")[1];
|
|
|
|
// authorization
|
|
if (entityType == "admin")
|
|
{
|
|
return "secured message";
|
|
}
|
|
else if (entityType == "user")
|
|
{
|
|
return "common message";
|
|
}
|
|
}
|
|
|
|
ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
return "Unauthorized";
|
|
});
|
|
|
|
app.MapGet("/login-admin", (HttpContext ctx) =>
|
|
{
|
|
var cookie = "user:ivan&type:admin";
|
|
ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
|
|
});
|
|
|
|
app.MapGet("/login-user", (HttpContext ctx) =>
|
|
{
|
|
var cookie = "user:danil&type:user";
|
|
ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookie}";
|
|
});
|
|
|
|
#endregion
|
|
|
|
#region Secured
|
|
//todo: add to services
|
|
|
|
|
|
const string DataProtectorName = "cookie-protector";
|
|
// https://learn.microsoft.com/ru-ru/dotnet/api/microsoft.aspnetcore.dataprotection.idataprotector?view=aspnetcore-8.0
|
|
|
|
|
|
app.MapGet("/login-user-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
|
|
{
|
|
var dp = protector.CreateProtector(DataProtectorName);
|
|
var cookieProtected = dp.Protect("user:danil&type:user");
|
|
ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
|
|
});
|
|
|
|
app.MapGet("/secured-method-protected", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
|
|
{
|
|
var dp = protector.CreateProtector(DataProtectorName);
|
|
|
|
// authentication
|
|
if (ctx.Request.Cookies.ContainsKey(AuthCookie))
|
|
{
|
|
var cookie = ctx.Request.Cookies[AuthCookie]!;
|
|
|
|
var cookieUnprotected = dp.Unprotect(cookie);
|
|
|
|
var parts = cookieUnprotected.Split("&").ToList();
|
|
var entityType = parts[1].Split(":")[1];
|
|
|
|
// authorization
|
|
if (entityType == "admin")
|
|
{
|
|
return "secured message";
|
|
}
|
|
else if (entityType == "user")
|
|
{
|
|
return "common message";
|
|
}
|
|
}
|
|
|
|
ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
return "Unauthorized";
|
|
});
|
|
|
|
#endregion
|
|
|
|
#region Claims
|
|
|
|
//todo: uncomment
|
|
//
|
|
app.Use((ctx,next) =>
|
|
{
|
|
var protector = ctx.RequestServices.GetService<IDataProtectionProvider>();
|
|
var dp = protector.CreateProtector(DataProtectorName);
|
|
|
|
// authentication
|
|
if (ctx.Request.Cookies.ContainsKey(AuthCookie))
|
|
{
|
|
var cookie = ctx.Request.Cookies[AuthCookie]!;
|
|
|
|
var cookieUnprotected = dp.Unprotect(cookie);
|
|
|
|
var parts = cookieUnprotected.Split("&").ToList();
|
|
var entityType = parts[1].Split(":")[1];
|
|
var entityName = parts[0].Split(":")[1];
|
|
|
|
// authorization
|
|
var claims = new List<Claim>();
|
|
claims.Add(new Claim("Type", entityType));
|
|
claims.Add(new Claim("Name", entityName));
|
|
|
|
var identity = new ClaimsIdentity(claims);
|
|
var user = new ClaimsPrincipal(identity);
|
|
ctx.User = user;
|
|
|
|
return next();
|
|
}
|
|
|
|
ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
return Task.CompletedTask;
|
|
});
|
|
|
|
app.MapGet("/login-user-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
|
|
{
|
|
var dp = protector.CreateProtector(DataProtectorName);
|
|
var cookieProtected = dp.Protect("user:danil&type:user");
|
|
ctx.Response.Headers["set-cookie"] = $"{AuthCookie}={cookieProtected}";
|
|
});
|
|
|
|
app.MapGet("/secured-method-claims", (HttpContext ctx, [FromServices] IDataProtectionProvider protector) =>
|
|
{
|
|
var user = ctx.User;
|
|
|
|
if (user.FindFirst("Type")?.Value == "admin")
|
|
{
|
|
return "secured message";
|
|
}
|
|
else if (user.FindFirst("Type")?.Value == "user")
|
|
{
|
|
return "common message";
|
|
}
|
|
|
|
return null;
|
|
});
|
|
|
|
#endregion
|
|
|
|
|
|
app.Run(); |