첨부 실행 코드는 나눔고딕코딩 폰트를 사용합니다.
유용한 소스 코드가 있으면 icodebroker@naver.com으로 보내주시면 감사합니다.
블로그 자료는 자유롭게 사용하세요.

728x90
반응형

■ DefaultAuthorizationPolicyProvider 클래스 : 커스텀 권한 정책 공급자 사용하기

------------------------------------------------------------------------------------------------------------------------


TestProject.zip


Providers/CustomPolicyNameList.cs

 

 

using System.Collections.Generic;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 커스텀 정책명 리스트

    /// </summary>

    public static class CustomPolicyNameList

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Field

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region Field

 

        /// <summary>

        /// 보안 레벨

        /// </summary>

        public const string SecurityLevel = "SecurityLevel";

 

        /// <summary>

        /// 순위

        /// </summary>

        public const string Rank = "Rank";

 

        #endregion

 

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 구하기 - Get()

 

        /// <summary>

        /// 구하기

        /// </summary>

        /// <returns>리스트</returns>

        public static List<string> Get()

        {

            return new List<string>

            {

                SecurityLevel,

                Rank

            };

        }

 

        #endregion

    }

}

 

 

Providers/SecurityLevelAuthorizationRequirement.cs

 

 

using Microsoft.AspNetCore.Authorization;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 보안 레벨 권한 요청

    /// </summary>

    public class SecurityLevelAuthorizationRequirement : IAuthorizationRequirement

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Property

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 보안 레벨 - SecurityLevel

 

        /// <summary>

        /// 보안 레벨

        /// </summary>

        public int SecurityLevel { get; private set; }

 

        #endregion

 

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 생성자 - SecurityLevelRequirement(securityLevel)

 

        /// <summary>

        /// 생성자

        /// </summary>

        /// <param name="securityLevel">보안 레벨</param>

        public SecurityLevelAuthorizationRequirement(int securityLevel)

        {

            SecurityLevel = securityLevel;

        }

 

        #endregion

    }

}

 

 

Providers/CustomAuthorizationPilicyFactory.cs

 

 

using Microsoft.AspNetCore.Authorization;

using System;

using System.Linq;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 커스텀 권한 정책 팩토리

    /// </summary>

    public static class CustomAuthorizationPilicyFactory

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Static

        //////////////////////////////////////////////////////////////////////////////// Public

 

        #region 생성하기 - Create(policyName)

 

        /// <summary>

        /// 생성하기

        /// </summary>

        /// <param name="policyName">정책명</param>

        /// <returns>권한 정책</returns>

        public static AuthorizationPolicy Create(string policyName)

        {

            string[] partArray = policyName.Split('.');

            string   type      = partArray.First();

            string   value     = partArray.Last();

 

            switch(type)

            {

                case CustomPolicyNameList.Rank :

 

                    return new AuthorizationPolicyBuilder()

                        .RequireClaim("Rank", value)

                        .Build();

 

                case CustomPolicyNameList.SecurityLevel :

 

                    return new AuthorizationPolicyBuilder()

                        .AddRequirements(new SecurityLevelAuthorizationRequirement(Convert.ToInt32(value)))

                        .Build();

 

                default :

 

                    return null;

            }

        }

 

        #endregion

    }

}

 

 

Providers/CustomAuthorizationPolicyProvider.cs

 

 

using Microsoft.AspNetCore.Authorization;

using Microsoft.Extensions.Options;

using System.Threading.Tasks;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 커스텀 권한 정책 공급자

    /// </summary>

    public class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 생성자 - CustomAuthorizationPolicyProvider(options)

 

        /// <summary>

        /// 생성자

        /// </summary>

        /// <param name="options">옵션</param>

        public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options)

        {

        }

 

        #endregion

 

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 정책 구하기 (비동기) - GetPolicyAsync(policyName)

 

        /// <summary>

        /// 정책 구하기 (비동기)

        /// </summary>

        /// <param name="policyName">정책명</param>

        /// <returns>권한 정책 태스크</returns>

        public override Task<AuthorizationPolicy> GetPolicyAsync(string policyName)

        {

            foreach(string customPolicyName in CustomPolicyNameList.Get())

            {

                if(policyName.StartsWith(customPolicyName))

                {

                    AuthorizationPolicy policy = CustomAuthorizationPilicyFactory.Create(policyName);

 

                    return Task.FromResult(policy);

                }

            }

 

            return base.GetPolicyAsync(policyName);

        }

 

        #endregion

    }

}

 

 

Providers/SecurityLevelAuthorizeAttribute.cs

 

 

using Microsoft.AspNetCore.Authorization;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 보안 레벨 권한 어트리뷰트

    /// </summary>

    public class SecurityLevelAuthorizeAttribute : AuthorizeAttribute

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 생성자 - SecurityLevelAttribute(level)

 

        /// <summary>

        /// 생성자

        /// </summary>

        /// <param name="level">레벨</param>

        public SecurityLevelAuthorizeAttribute(int level)

        {

            Policy = $"{CustomPolicyNameList.SecurityLevel}.{level}";

        }

 

        #endregion

    }

}

 

 

Providers/SecurityLevelAuthorizationHandler.cs

 

 

using Microsoft.AspNetCore.Authorization;

using System;

using System.Linq;

using System.Threading.Tasks;

 

namespace TestProject.Providers

{

    /// <summary>

    /// 보안 레벨 권한 핸들러

    /// </summary>

    public class SecurityLevelAuthorizationHandler : AuthorizationHandler<SecurityLevelAuthorizationRequirement>

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Protected

 

        #region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement)

 

        /// <summary>

        /// 요청 처리하기 (비동기)

        /// </summary>

        /// <param name="context">컨텍스트</param>

        /// <param name="requirement">요청</param>

        /// <returns>태스크</returns>

        protected override Task HandleRequirementAsync

        (

            AuthorizationHandlerContext           context,

            SecurityLevelAuthorizationRequirement requirement

        )

        {

            int securityLevel = Convert.ToInt32

            (

                context.User.Claims.FirstOrDefault(x => x.Type == CustomPolicyNameList.SecurityLevel) ?.Value ?? "0"

            );

 

            if(requirement.SecurityLevel <= securityLevel)

            {

                context.Succeed(requirement);

            }

            else

            {

                context.Fail();

            }

 

            return Task.CompletedTask;

        }

 

        #endregion

    }

}

 

 

Startup.cs

 

 

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Hosting;

 

using TestProject.Providers;

 

namespace TestProject

{

    /// <summary>

    /// 시작

    /// </summary>

    public class Startup

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 서비스 컬렉션 구성하기 - ConfigureServices(services)

 

        /// <summary>

        /// 서비스 컬렉션 구성하기

        /// </summary>

        /// <param name="services">서비스 컬렉션</param>

        public void ConfigureServices(IServiceCollection services)

        {

            services.AddAuthentication("CookieAuthentication")

                .AddCookie

                (

                    "CookieAuthentication",

                    options =>

                    {

                        options.Cookie.Name      = "TestProject.Cookie";

                        options.LoginPath        = "/Home/Login";

                        options.AccessDeniedPath = "/Home/NoAuthorized";

                    }

                );

 

            services.AddSingleton<IAuthorizationPolicyProvider, CustomAuthorizationPolicyProvider>();

 

            services.AddScoped<IAuthorizationHandler, SecurityLevelAuthorizationHandler>();

 

            services.AddControllersWithViews();

        }

 

        #endregion

        #region 구성하기 - Configure(app, environment)

 

        /// <summary>

        /// 구성하기

        /// </summary>

        /// <param name="app">애플리케이션 빌더</param>

        /// <param name="environment">웹 호스트 환경</param>

        public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)

        {

            if(environment.IsDevelopment())

            {

                app.UseDeveloperExceptionPage();

            }

 

            app.UseRouting();

 

            app.UseAuthentication();

 

            app.UseAuthorization();

 

            app.UseEndpoints

            (

                endpoints =>

                {

                    endpoints.MapDefaultControllerRoute();

                }

            );

        }

 

        #endregion

    }

}

 

 

Controllers/HomeController.cs

 

 

using Microsoft.AspNetCore.Authentication;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

using System.Collections.Generic;

using System.Security.Claims;

using System.Threading.Tasks;

 

using TestProject.Providers;

 

namespace TestProject.Controllers

{

    /// <summary>

    /// 홈 컨트롤러

    /// </summary>

    public class HomeController : Controller

    {

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method

        ////////////////////////////////////////////////////////////////////////////////////////// Public

 

        #region 인덱스 페이지 처리하기 - Index()

 

        /// <summary>

        /// 인덱스 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과</returns>

        public IActionResult Index()

        {

            return View();

        }

 

        #endregion

        #region 비밀 페이지 처리하기 - Secret()

 

        /// <summary>

        /// 비밀 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과</returns>

        [Authorize]

        public IActionResult Secret()

        {

            return View();

        }

 

        #endregion

        #region 상위 비밀 페이지 처리하기 - HighSecret()

 

        /// <summary>

        /// 상위 비밀 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과</returns>

        [SecurityLevelAuthorize(5)]

        public IActionResult HighSecret()

        {

            return View();

        }

 

        #endregion

        #region 최상위 비밀 페이지 처리하기 - TopSecret()

 

        /// <summary>

        /// 최상위 비밀 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과</returns>

        [SecurityLevelAuthorize(10)]

        public IActionResult TopSecret()

        {

            return View();

        }

 

        #endregion

        #region 로그인 페이지 처리하기 - Login(returnURL)

 

        /// <summary>

        /// 로그인 페이지 처리하기

        /// </summary>

        /// <param name="returnURL">반환 URL</param>

        /// <returns>액션 결과</returns>

        [HttpGet]

        public IActionResult Login(string returnURL = null)

        {

            ViewData["ReturnURL"] = returnURL;

 

            return View();

        }

 

        #endregion

        #region 로그인 페이지 처리하기 - Login(userName, password, returnURL)

 

        /// <summary>

        /// 로그인 페이지 처리하기

        /// </summary>

        /// <param name="userName">사용자명</param>

        /// <param name="password">패스워드</param>

        /// <param name="returnURL">반환 URL</param>

        /// <returns>액션 결과</returns>

        [HttpPost]

        public async Task<IActionResult> Login(string userName, string password, string returnURL)

        {

            if(userName == "홍길동" && password == "1234")

            {

                List<Claim> personClaimList = new List<Claim>()

                {

                    new Claim(ClaimTypes.Name                   , "홍길동"        ),

                    new Claim(ClaimTypes.Gender                 , "남성"          ),

                    new Claim(ClaimTypes.DateOfBirth            , "2000-01-01"    ),

                    new Claim(ClaimTypes.HomePhone              , "02-700-1000"   ),

                    new Claim(ClaimTypes.MobilePhone            , "010-3000-4000" ),

                    new Claim(ClaimTypes.Email                  , "hkd@daum.net"  ),

                    new Claim(ClaimTypes.Country                , "한국"          ),

                    new Claim(ClaimTypes.PostalCode             , "300-400"       ),

                    new Claim(ClaimTypes.Role                   , "User"          ),

                    new Claim(CustomPolicyNameList.SecurityLevel, "7"             )

                };

 

                List<Claim> licenseClaimList = new List<Claim>()

                {

                    new Claim(ClaimTypes.Name , "홍길동"),

                    new Claim("License"       , "1급"   )

                };

 

                ClaimsIdentity personClaimsIdentity  = new ClaimsIdentity(personClaimList , "개인");

                ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부");

 

                ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal

                (

                    new []

                    {

                        personClaimsIdentity,

                        licenseClaimsIdentity

                    }

                );

 

                await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal);

 

                if(returnURL == null)

                {

                    return RedirectToAction("Index");

                }

                else

                {

                    return Redirect(returnURL);

                }

            }

            else

            {

                ViewData["Message"] = "등록되지 않은 사용자 입니다.";

 

                return View();

            }

        }

 

        #endregion

        #region 로그아웃 페이지 처리하기 - Logout()

 

        /// <summary>

        /// 로그아웃 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과 태스크</returns>

        public async Task<IActionResult> Logout()

        {

            await HttpContext.SignOutAsync("CookieAuthentication");

 

            return RedirectToAction("Index");

        }

 

        #endregion

        #region 권한 없음 페이지 처리하기 - NoAuthorized()

 

        /// <summary>

        /// 권한 없음 페이지 처리하기

        /// </summary>

        /// <returns>액션 결과</returns>

        public IActionResult NoAuthorized()

        {

            return View();

        }

 

        #endregion

    }

}

 

------------------------------------------------------------------------------------------------------------------------

728x90
반응형

'.NetCore > ASP.NET MVC' 카테고리의 다른 글

[.NETCORE/ASP.NET MVC] ILoggerFactory 인터페이스 : CreateLogger 메소드를 사용해 명시적 범주 설정하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] dotnet run 명령 : 로그 환경 변수를 설정하고 프로그램 실행하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] HostingHostBuilderExtensions 클래스 : ConfigureLogging 확장 메소드를 사용해 콘솔 로그 기록기만 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] RAZOR 페이지 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] PageConventionCollectionExtensions 클래스 : AuthorizePage/AuthorizeFolder/AllowAnonymousToPage 확장 메소드를 사용해 RAZOR 페이지 권한 설정하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] DefaultAuthorizationPolicyProvider 클래스 : 커스텀 권한 정책 공급자 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] IClaimsTransformation 인터페이스 : TransformAsync 메소드를 사용해 클레임 정책에 클레임 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizationHandler<TRequirement, TResource> 클래스 : 리소스 기반 작업 권한 부여하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizeFilter 클래스 : 글로벌 권한 필터 사용하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationService 인터페이스 : AuthorizeAsync 메소드를 사용해 권한 조사하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationRequirement 인터페이스 : 커스텀 권한 설정하기  (0) 2020.10.25
Posted by 사용자 icodebroker

댓글을 달아 주세요