[C#/ASP.NET MVC] DefaultAuthorizationPolicyProvider 클래스 : 커스텀 권한 정책 공급자 사용하기
C#/ASP.NET MVC 2020. 10. 26. 02:24728x90
반응형
728x170
▶ Providers/CustomPolicyNameList.cs
using System.Collections.Generic;
namespace TestProject.Providers
{
/// <summary>
/// 커스텀 정책명 리스트
/// </summary>
public static class CustomPolicyNameList
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Field
////////////////////////////////////////////////////////////////////////////////////////// Public
#region Field
/// <summary>
/// 보안 레벨
/// </summary>
public const string SecurityLevel = "SecurityLevel";
/// <summary>
/// 순위
/// </summary>
public const string Rank = "Rank";
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 구하기 - Get()
/// <summary>
/// 구하기
/// </summary>
/// <returns>리스트</returns>
public static List<string> Get()
{
return new List<string>
{
SecurityLevel,
Rank
};
}
#endregion
}
}
728x90
▶ Providers/SecurityLevelAuthorizationRequirement.cs
using Microsoft.AspNetCore.Authorization;
namespace TestProject.Providers
{
/// <summary>
/// 보안 레벨 권한 요청
/// </summary>
public class SecurityLevelAuthorizationRequirement : IAuthorizationRequirement
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Property
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 보안 레벨 - SecurityLevel
/// <summary>
/// 보안 레벨
/// </summary>
public int SecurityLevel { get; private set; }
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - SecurityLevelRequirement(securityLevel)
/// <summary>
/// 생성자
/// </summary>
/// <param name="securityLevel">보안 레벨</param>
public SecurityLevelAuthorizationRequirement(int securityLevel)
{
SecurityLevel = securityLevel;
}
#endregion
}
}
300x250
▶ Providers/CustomAuthorizationPilicyFactory.cs
using Microsoft.AspNetCore.Authorization;
using System;
using System.Linq;
namespace TestProject.Providers
{
/// <summary>
/// 커스텀 권한 정책 팩토리
/// </summary>
public static class CustomAuthorizationPilicyFactory
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Static
//////////////////////////////////////////////////////////////////////////////// Public
#region 생성하기 - Create(policyName)
/// <summary>
/// 생성하기
/// </summary>
/// <param name="policyName">정책명</param>
/// <returns>권한 정책</returns>
public static AuthorizationPolicy Create(string policyName)
{
string[] partArray = policyName.Split('.');
string type = partArray.First();
string value = partArray.Last();
switch(type)
{
case CustomPolicyNameList.Rank :
return new AuthorizationPolicyBuilder()
.RequireClaim("Rank", value)
.Build();
case CustomPolicyNameList.SecurityLevel :
return new AuthorizationPolicyBuilder()
.AddRequirements(new SecurityLevelAuthorizationRequirement(Convert.ToInt32(value)))
.Build();
default :
return null;
}
}
#endregion
}
}
▶ Providers/CustomAuthorizationPolicyProvider.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Options;
using System.Threading.Tasks;
namespace TestProject.Providers
{
/// <summary>
/// 커스텀 권한 정책 공급자
/// </summary>
public class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - CustomAuthorizationPolicyProvider(options)
/// <summary>
/// 생성자
/// </summary>
/// <param name="options">옵션</param>
public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options)
{
}
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 정책 구하기 (비동기) - GetPolicyAsync(policyName)
/// <summary>
/// 정책 구하기 (비동기)
/// </summary>
/// <param name="policyName">정책명</param>
/// <returns>권한 정책 태스크</returns>
public override Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
{
foreach(string customPolicyName in CustomPolicyNameList.Get())
{
if(policyName.StartsWith(customPolicyName))
{
AuthorizationPolicy policy = CustomAuthorizationPilicyFactory.Create(policyName);
return Task.FromResult(policy);
}
}
return base.GetPolicyAsync(policyName);
}
#endregion
}
}
▶ Providers/SecurityLevelAuthorizeAttribute.cs
using Microsoft.AspNetCore.Authorization;
namespace TestProject.Providers
{
/// <summary>
/// 보안 레벨 권한 어트리뷰트
/// </summary>
public class SecurityLevelAuthorizeAttribute : AuthorizeAttribute
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - SecurityLevelAttribute(level)
/// <summary>
/// 생성자
/// </summary>
/// <param name="level">레벨</param>
public SecurityLevelAuthorizeAttribute(int level)
{
Policy = $"{CustomPolicyNameList.SecurityLevel}.{level}";
}
#endregion
}
}
▶ Providers/SecurityLevelAuthorizationHandler.cs
using Microsoft.AspNetCore.Authorization;
using System;
using System.Linq;
using System.Threading.Tasks;
namespace TestProject.Providers
{
/// <summary>
/// 보안 레벨 권한 핸들러
/// </summary>
public class SecurityLevelAuthorizationHandler : AuthorizationHandler<SecurityLevelAuthorizationRequirement>
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Protected
#region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement)
/// <summary>
/// 요청 처리하기 (비동기)
/// </summary>
/// <param name="context">컨텍스트</param>
/// <param name="requirement">요청</param>
/// <returns>태스크</returns>
protected override Task HandleRequirementAsync
(
AuthorizationHandlerContext context,
SecurityLevelAuthorizationRequirement requirement
)
{
int securityLevel = Convert.ToInt32
(
context.User.Claims.FirstOrDefault(x => x.Type == CustomPolicyNameList.SecurityLevel) ?.Value ?? "0"
);
if(requirement.SecurityLevel <= securityLevel)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
#endregion
}
}
▶ Startup.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using TestProject.Providers;
namespace TestProject
{
/// <summary>
/// 시작
/// </summary>
public class Startup
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 서비스 컬렉션 구성하기 - ConfigureServices(services)
/// <summary>
/// 서비스 컬렉션 구성하기
/// </summary>
/// <param name="services">서비스 컬렉션</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("CookieAuthentication")
.AddCookie
(
"CookieAuthentication",
options =>
{
options.Cookie.Name = "TestProject.Cookie";
options.LoginPath = "/Home/Login";
options.AccessDeniedPath = "/Home/NoAuthorized";
}
);
services.AddSingleton<IAuthorizationPolicyProvider, CustomAuthorizationPolicyProvider>();
services.AddScoped<IAuthorizationHandler, SecurityLevelAuthorizationHandler>();
services.AddControllersWithViews();
}
#endregion
#region 구성하기 - Configure(app, environment)
/// <summary>
/// 구성하기
/// </summary>
/// <param name="app">애플리케이션 빌더</param>
/// <param name="environment">웹 호스트 환경</param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
{
if(environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints
(
endpoints =>
{
endpoints.MapDefaultControllerRoute();
}
);
}
#endregion
}
}
▶ Controllers/HomeController.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using TestProject.Providers;
namespace TestProject.Controllers
{
/// <summary>
/// 홈 컨트롤러
/// </summary>
public class HomeController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 처리하기 - Index()
/// <summary>
/// 인덱스 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult Index()
{
return View();
}
#endregion
#region 비밀 페이지 처리하기 - Secret()
/// <summary>
/// 비밀 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[Authorize]
public IActionResult Secret()
{
return View();
}
#endregion
#region 상위 비밀 페이지 처리하기 - HighSecret()
/// <summary>
/// 상위 비밀 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[SecurityLevelAuthorize(5)]
public IActionResult HighSecret()
{
return View();
}
#endregion
#region 최상위 비밀 페이지 처리하기 - TopSecret()
/// <summary>
/// 최상위 비밀 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[SecurityLevelAuthorize(10)]
public IActionResult TopSecret()
{
return View();
}
#endregion
#region 로그인 페이지 처리하기 - Login(returnURL)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="returnURL">반환 URL</param>
/// <returns>액션 결과</returns>
[HttpGet]
public IActionResult Login(string returnURL = null)
{
ViewData["ReturnURL"] = returnURL;
return View();
}
#endregion
#region 로그인 페이지 처리하기 - Login(userName, password, returnURL)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="userName">사용자명</param>
/// <param name="password">패스워드</param>
/// <param name="returnURL">반환 URL</param>
/// <returns>액션 결과</returns>
[HttpPost]
public async Task<IActionResult> Login(string userName, string password, string returnURL)
{
if(userName == "홍길동" && password == "1234")
{
List<Claim> personClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "홍길동" ),
new Claim(ClaimTypes.Gender , "남성" ),
new Claim(ClaimTypes.DateOfBirth , "2000-01-01" ),
new Claim(ClaimTypes.HomePhone , "02-700-1000" ),
new Claim(ClaimTypes.MobilePhone , "010-3000-4000" ),
new Claim(ClaimTypes.Email , "hkd@daum.net" ),
new Claim(ClaimTypes.Country , "한국" ),
new Claim(ClaimTypes.PostalCode , "300-400" ),
new Claim(ClaimTypes.Role , "User" ),
new Claim(CustomPolicyNameList.SecurityLevel, "7" )
};
List<Claim> licenseClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "홍길동"),
new Claim("License" , "1급" )
};
ClaimsIdentity personClaimsIdentity = new ClaimsIdentity(personClaimList , "개인");
ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부");
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal
(
new []
{
personClaimsIdentity,
licenseClaimsIdentity
}
);
await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal);
if(returnURL == null)
{
return RedirectToAction("Index");
}
else
{
return Redirect(returnURL);
}
}
else
{
ViewData["Message"] = "등록되지 않은 사용자 입니다.";
return View();
}
}
#endregion
#region 로그아웃 페이지 처리하기 - Logout()
/// <summary>
/// 로그아웃 페이지 처리하기
/// </summary>
/// <returns>액션 결과 태스크</returns>
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync("CookieAuthentication");
return RedirectToAction("Index");
}
#endregion
#region 권한 없음 페이지 처리하기 - NoAuthorized()
/// <summary>
/// 권한 없음 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult NoAuthorized()
{
return View();
}
#endregion
}
}728x90
반응형
그리드형(광고전용)
댓글을 달아 주세요