첨부 실행 코드는 나눔고딕코딩 폰트를 사용합니다.
유용한 소스 코드가 있으면 icodebroker@naver.com으로 보내주시면 감사합니다.
블로그 자료는 자유롭게 사용하세요.

728x90
반응형

TestProject.zip
다운로드

▶ Models/AccountModel.ca

namespace TestProject.Models
{
    /// <summary>
    /// 계정 모델
    /// </summary>
    public class AccountModel
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 사용자 ID - UserID

        /// <summary>
        /// 사용자 ID
        /// </summary>
        public string UserID { get; set; }

        #endregion
        #region 사용자명 - UserName

        /// <summary>
        /// 사용자명
        /// </summary>
        public string UserName { get; set; }

        #endregion
        #region 부서 - Department

        /// <summary>
        /// 부서
        /// </summary>
        public string Department { get; set; }

        #endregion
    }
}

 

▶ Handlers/DocumentMethod.cs

namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 메소드
    /// </summary>
    public static class DocumentMethod
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region Field

        /// <summary>
        /// 작성
        /// </summary>
        public static readonly string Write = "Write";

        /// <summary>
        /// 수정
        /// </summary>
        public static readonly string Update = "Update";

        #endregion
    }
}

 

▶ Handlers/DocumentAuthorizationRequirement.cs

using Microsoft.AspNetCore.Authorization.Infrastructure;

namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 권한 요청
    /// </summary>
    public static class DocumentAuthorizationRequirement
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 작성 요청 - Write

        /// <summary>
        /// 작성 요청
        /// </summary>
        public static OperationAuthorizationRequirement Write => new OperationAuthorizationRequirement
        {
            Name = DocumentMethod.Write
        };

        #endregion
        #region 수정 요청 - Update

        /// <summary>
        /// 수정 요청
        /// </summary>
        public static OperationAuthorizationRequirement Update => new OperationAuthorizationRequirement
        {
            Name = DocumentMethod.Update
        };

        #endregion
    }
}

 

▶ Handlers/DocumentAuthorizationHandler.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Infrastructure;
using System.Threading.Tasks;

using TestProject.Models;

namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 권한 핸들러
    /// </summary>
    public class DocumentAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, AccountModel>
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Protected

        #region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement, account)

        /// <summary>
        /// 요청 처리하기 (비동기)
        /// </summary>
        /// <param name="context">권한 핸들러 컨텍스트</param>
        /// <param name="requirement">운영 권한 요청</param>
        /// <param name="account">계정</param>
        /// <returns>태스크</returns>
        protected override Task HandleRequirementAsync
        (
            AuthorizationHandlerContext       context,
            OperationAuthorizationRequirement requirement,
            AccountModel                      account
        )
        {
            if(requirement.Name == DocumentMethod.Write)
            {
                if(context.User.Identity.IsAuthenticated)
                {
                    if(account.Department == "영업팀")
                    {
                        if(context.User.HasClaim("SalesLevel", "A"))
                        {
                            context.Succeed(requirement);
                        }
                        else
                        {
                            context.Fail();
                        }
                    }
                    else
                    {
                        context.Fail();
                    }
                }
            }
            else if(requirement.Name == DocumentMethod.Update)
            {
                if(context.User.Identity.IsAuthenticated)
                {
                    if(account.Department == "기획팀")
                    {
                        context.Succeed(requirement);
                    }
                    else
                    {
                        context.Fail();
                    }
                }
            }

            return Task.CompletedTask;
        }

        #endregion
    }
}

 

▶ Startup.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

using TestProject.Handlers;

namespace TestProject
{
    /// <summary>
    /// 시작
    /// </summary>
    public class Startup
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 서비스 컬렉션 구성하기 - ConfigureServices(services)

        /// <summary>
        /// 서비스 컬렉션 구성하기
        /// </summary>
        /// <param name="services">서비스 컬렉션</param>
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication("CookieAuthentication")
                .AddCookie
                (
                    "CookieAuthentication",
                    options =>
                    {
                        options.Cookie.Name      = "TestProject.Cookie";
                        options.LoginPath        = "/Home/Login";
                        options.AccessDeniedPath = "/Home/NoAuthorized";
                    }
                );

            services.AddScoped<IAuthorizationHandler, DocumentAuthorizationHandler>();

            services.AddControllersWithViews();
        }

        #endregion
        #region 구성하기 - Configure(app, environment)

        /// <summary>
        /// 구성하기
        /// </summary>
        /// <param name="app">애플리케이션 빌더</param>
        /// <param name="environment">웹 호스트 환경</param>
        public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
        {
            if(environment.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints
            (
                endpoints =>
                {
                    endpoints.MapDefaultControllerRoute();
                }
            );
        }

        #endregion
    }
}

 

▶ Controllers/DocumentController.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;

using TestProject.Handlers;
using TestProject.Models;

namespace TestProject.Controllers
{
    /// <summary>
    /// 문서 컨트롤러
    /// </summary>
    public class DocumentController : Controller
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Field
        ////////////////////////////////////////////////////////////////////////////////////////// Private

        #region Field

        /// <summary>
        /// 권한 서비스
        /// </summary>
        private IAuthorizationService authorizationService;

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - DocumentController(authorizationService)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="authorizationService">권한 서비스</param>
        public DocumentController(IAuthorizationService authorizationService)
        {
            this.authorizationService = authorizationService;
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 작성 페이지 처리하기 - Write()

        /// <summary>
        /// 작성 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과 태스크</returns>
        public async Task<IActionResult> Write()
        {
            // 데이터베이스에서 조회한 정보라고 가정한다.
            AccountModel account = new AccountModel
            {
                UserID     = "E0001",
                UserName   = "홍길동",
                Department = "영업팀"
            };

            var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Write);

            if(!result.Succeeded)
            {
                return Forbid();
            }

            return View();
        }

        #endregion
        #region 수정 페이지 처리하기 - Update()

        /// <summary>
        /// 수정 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과 태스크</returns>
        public async Task<IActionResult> Update()
        {
            // 데이터베이스에서 조회한 정보라고 가정한다.
            AccountModel account = new AccountModel
            {
                UserID     = "E0001",
                UserName   = "홍길동",
                Department = "영업팀"
            };

            var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Update);

            if(!result.Succeeded)
            {
                return Forbid();
            }

            return View();
        }

        #endregion
    }
}
728x90
반응형

'.NetCore > ASP.NET MVC' 카테고리의 다른 글

[.NETCORE/ASP.NET MVC] HostingHostBuilderExtensions 클래스 : ConfigureLogging 확장 메소드를 사용해 콘솔 로그 기록기만 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] RAZOR 페이지 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] PageConventionCollectionExtensions 클래스 : AuthorizePage/AuthorizeFolder/AllowAnonymousToPage 확장 메소드를 사용해 RAZOR 페이지 권한 설정하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] DefaultAuthorizationPolicyProvider 클래스 : 커스텀 권한 정책 공급자 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] IClaimsTransformation 인터페이스 : TransformAsync 메소드를 사용해 클레임 정책에 클레임 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizationHandler<TRequirement, TResource> 클래스 : 리소스 기반 작업 권한 부여하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizeFilter 클래스 : 글로벌 권한 필터 사용하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationService 인터페이스 : AuthorizeAsync 메소드를 사용해 권한 조사하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationRequirement 인터페이스 : 커스텀 권한 설정하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] PolicyServiceCollectionExtensions 클래스 : AddAuthorization 확장 메소드를 사용해 권한 설정하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] ClaimsPrincipal 클래스 사용하기  (0) 2020.10.25
Posted by 사용자 icodebroker

댓글을 달아 주세요