첨부 실행 코드는 나눔고딕코딩 폰트를 사용합니다.
본 블로그는 광고를 포함하고 있습니다.
광고 클릭에서 발생하는 수익금은 모두 블로그 콘텐츠 향상을 위해 쓰여집니다.

728x90
반응형
728x170

TestProject.zip
다운로드

▶ Providers/CustomPolicyNameList.cs

using System.Collections.Generic;

namespace TestProject.Providers
{
    /// <summary>
    /// 커스텀 정책명 리스트
    /// </summary>
    public static class CustomPolicyNameList
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Field
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region Field

        /// <summary>
        /// 보안 레벨
        /// </summary>
        public const string SecurityLevel = "SecurityLevel";

        /// <summary>
        /// 순위
        /// </summary>
        public const string Rank = "Rank";

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 구하기 - Get()

        /// <summary>
        /// 구하기
        /// </summary>
        /// <returns>리스트</returns>
        public static List<string> Get()
        {
            return new List<string>
            {
                SecurityLevel,
                Rank
            };
        }

        #endregion
    }
}

 

728x90

 

▶ Providers/SecurityLevelAuthorizationRequirement.cs

using Microsoft.AspNetCore.Authorization;

namespace TestProject.Providers
{
    /// <summary>
    /// 보안 레벨 권한 요청
    /// </summary>
    public class SecurityLevelAuthorizationRequirement : IAuthorizationRequirement
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 보안 레벨 - SecurityLevel

        /// <summary>
        /// 보안 레벨
        /// </summary>
        public int SecurityLevel { get; private set; }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - SecurityLevelRequirement(securityLevel)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="securityLevel">보안 레벨</param>
        public SecurityLevelAuthorizationRequirement(int securityLevel)
        {
            SecurityLevel = securityLevel;
        }

        #endregion
    }
}

 

300x250

 

▶ Providers/CustomAuthorizationPilicyFactory.cs

using Microsoft.AspNetCore.Authorization;
using System;
using System.Linq;

namespace TestProject.Providers
{
    /// <summary>
    /// 커스텀 권한 정책 팩토리
    /// </summary>
    public static class CustomAuthorizationPilicyFactory
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Static
        //////////////////////////////////////////////////////////////////////////////// Public

        #region 생성하기 - Create(policyName)

        /// <summary>
        /// 생성하기
        /// </summary>
        /// <param name="policyName">정책명</param>
        /// <returns>권한 정책</returns>
        public static AuthorizationPolicy Create(string policyName)
        {
            string[] partArray = policyName.Split('.');
            string   type      = partArray.First();
            string   value     = partArray.Last();

            switch(type)
            {
                case CustomPolicyNameList.Rank :

                    return new AuthorizationPolicyBuilder()
                        .RequireClaim("Rank", value)
                        .Build();

                case CustomPolicyNameList.SecurityLevel :

                    return new AuthorizationPolicyBuilder()
                        .AddRequirements(new SecurityLevelAuthorizationRequirement(Convert.ToInt32(value)))
                        .Build();

                default :

                    return null;
            }
        }

        #endregion
    }
}

 

▶ Providers/CustomAuthorizationPolicyProvider.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Options;
using System.Threading.Tasks;

namespace TestProject.Providers
{
    /// <summary>
    /// 커스텀 권한 정책 공급자
    /// </summary>
    public class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - CustomAuthorizationPolicyProvider(options)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="options">옵션</param>
        public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options)
        {
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 정책 구하기 (비동기) - GetPolicyAsync(policyName)

        /// <summary>
        /// 정책 구하기 (비동기)
        /// </summary>
        /// <param name="policyName">정책명</param>
        /// <returns>권한 정책 태스크</returns>
        public override Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
        {
            foreach(string customPolicyName in CustomPolicyNameList.Get())
            {
                if(policyName.StartsWith(customPolicyName))
                {
                    AuthorizationPolicy policy = CustomAuthorizationPilicyFactory.Create(policyName);

                    return Task.FromResult(policy);
                }
            }

            return base.GetPolicyAsync(policyName);
        }

        #endregion
    }
}

 

▶ Providers/SecurityLevelAuthorizeAttribute.cs

using Microsoft.AspNetCore.Authorization;

namespace TestProject.Providers
{
    /// <summary>
    /// 보안 레벨 권한 어트리뷰트
    /// </summary>
    public class SecurityLevelAuthorizeAttribute : AuthorizeAttribute
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - SecurityLevelAttribute(level)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="level">레벨</param>
        public SecurityLevelAuthorizeAttribute(int level)
        {
            Policy = $"{CustomPolicyNameList.SecurityLevel}.{level}"; 
        }

        #endregion
    }
}

 

▶ Providers/SecurityLevelAuthorizationHandler.cs

using Microsoft.AspNetCore.Authorization;
using System;
using System.Linq;
using System.Threading.Tasks;

namespace TestProject.Providers
{
    /// <summary>
    /// 보안 레벨 권한 핸들러
    /// </summary>
    public class SecurityLevelAuthorizationHandler : AuthorizationHandler<SecurityLevelAuthorizationRequirement>
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Protected

        #region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement)

        /// <summary>
        /// 요청 처리하기 (비동기)
        /// </summary>
        /// <param name="context">컨텍스트</param>
        /// <param name="requirement">요청</param>
        /// <returns>태스크</returns>
        protected override Task HandleRequirementAsync
        (
            AuthorizationHandlerContext           context,
            SecurityLevelAuthorizationRequirement requirement
        )
        {
            int securityLevel = Convert.ToInt32
            (
                context.User.Claims.FirstOrDefault(x => x.Type == CustomPolicyNameList.SecurityLevel) ?.Value ?? "0"
            );

            if(requirement.SecurityLevel <= securityLevel)
            {
                context.Succeed(requirement);
            }
            else
            {
                context.Fail();
            }

            return Task.CompletedTask;
        }

        #endregion
    }
}

 

▶ Startup.cs

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

using TestProject.Providers;

namespace TestProject
{
    /// <summary>
    /// 시작
    /// </summary>
    public class Startup
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 서비스 컬렉션 구성하기 - ConfigureServices(services)

        /// <summary>
        /// 서비스 컬렉션 구성하기
        /// </summary>
        /// <param name="services">서비스 컬렉션</param>
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication("CookieAuthentication")
                .AddCookie
                (
                    "CookieAuthentication",
                    options =>
                    {
                        options.Cookie.Name      = "TestProject.Cookie";
                        options.LoginPath        = "/Home/Login";
                        options.AccessDeniedPath = "/Home/NoAuthorized";
                    }
                );

            services.AddSingleton<IAuthorizationPolicyProvider, CustomAuthorizationPolicyProvider>();

            services.AddScoped<IAuthorizationHandler, SecurityLevelAuthorizationHandler>();

            services.AddControllersWithViews();
        }

        #endregion
        #region 구성하기 - Configure(app, environment)

        /// <summary>
        /// 구성하기
        /// </summary>
        /// <param name="app">애플리케이션 빌더</param>
        /// <param name="environment">웹 호스트 환경</param>
        public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
        {
            if(environment.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints
            (
                endpoints =>
                {
                    endpoints.MapDefaultControllerRoute();
                }
            );
        }

        #endregion
    }
}

 

▶ Controllers/HomeController.cs

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;

using TestProject.Providers;

namespace TestProject.Controllers
{
    /// <summary>
    /// 홈 컨트롤러
    /// </summary>
    public class HomeController : Controller
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 인덱스 페이지 처리하기 - Index()

        /// <summary>
        /// 인덱스 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과</returns>
        public IActionResult Index()
        {
            return View();
        }

        #endregion
        #region 비밀 페이지 처리하기 - Secret() 

        /// <summary>
        /// 비밀 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과</returns>
        [Authorize]
        public IActionResult Secret()
        {
            return View();
        }

        #endregion
        #region 상위 비밀 페이지 처리하기 - HighSecret()

        /// <summary>
        /// 상위 비밀 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과</returns>
        [SecurityLevelAuthorize(5)]
        public IActionResult HighSecret()
        {
            return View();
        }

        #endregion
        #region 최상위 비밀 페이지 처리하기 - TopSecret()

        /// <summary>
        /// 최상위 비밀 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과</returns>
        [SecurityLevelAuthorize(10)]
        public IActionResult TopSecret()
        {
            return View();
        }

        #endregion
        #region 로그인 페이지 처리하기 - Login(returnURL)

        /// <summary>
        /// 로그인 페이지 처리하기
        /// </summary>
        /// <param name="returnURL">반환 URL</param>
        /// <returns>액션 결과</returns>
        [HttpGet]
        public IActionResult Login(string returnURL = null)
        {
            ViewData["ReturnURL"] = returnURL;

            return View();
        }

        #endregion
        #region 로그인 페이지 처리하기 - Login(userName, password, returnURL)

        /// <summary>
        /// 로그인 페이지 처리하기
        /// </summary>
        /// <param name="userName">사용자명</param>
        /// <param name="password">패스워드</param>
        /// <param name="returnURL">반환 URL</param>
        /// <returns>액션 결과</returns>
        [HttpPost]
        public async Task<IActionResult> Login(string userName, string password, string returnURL)
        {
            if(userName == "홍길동" && password == "1234")
            {
                List<Claim> personClaimList = new List<Claim>()
                {
                    new Claim(ClaimTypes.Name                   , "홍길동"        ),
                    new Claim(ClaimTypes.Gender                 , "남성"          ),
                    new Claim(ClaimTypes.DateOfBirth            , "2000-01-01"    ),
                    new Claim(ClaimTypes.HomePhone              , "02-700-1000"   ),
                    new Claim(ClaimTypes.MobilePhone            , "010-3000-4000" ),
                    new Claim(ClaimTypes.Email                  , "hkd@daum.net"  ),
                    new Claim(ClaimTypes.Country                , "한국"          ),
                    new Claim(ClaimTypes.PostalCode             , "300-400"       ),
                    new Claim(ClaimTypes.Role                   , "User"          ),
                    new Claim(CustomPolicyNameList.SecurityLevel, "7"             )
                };

                List<Claim> licenseClaimList = new List<Claim>()
                {
                    new Claim(ClaimTypes.Name , "홍길동"),
                    new Claim("License"       , "1급"   )
                };

                ClaimsIdentity personClaimsIdentity  = new ClaimsIdentity(personClaimList , "개인");
                ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부");

                ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal
                (
                    new []
                    {
                        personClaimsIdentity,
                        licenseClaimsIdentity
                    }
                );

                await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal);

                if(returnURL == null)
                {
                    return RedirectToAction("Index");
                }
                else
                {
                    return Redirect(returnURL);
                }
            }
            else
            {
                ViewData["Message"] = "등록되지 않은 사용자 입니다.";

                return View();
            }
        }

        #endregion
        #region 로그아웃 페이지 처리하기 - Logout()

        /// <summary>
        /// 로그아웃 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과 태스크</returns>
        public async Task<IActionResult> Logout()
        {
            await HttpContext.SignOutAsync("CookieAuthentication");

            return RedirectToAction("Index");
        }

        #endregion
        #region 권한 없음 페이지 처리하기 - NoAuthorized()

        /// <summary>
        /// 권한 없음 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과</returns>
        public IActionResult NoAuthorized()
        {
            return View();
        }

        #endregion
    }
}
728x90
반응형
그리드형(광고전용)

'.NetCore > ASP.NET MVC' 카테고리의 다른 글

[.NETCORE/ASP.NET MVC] ILoggerFactory 인터페이스 : CreateLogger 메소드를 사용해 명시적 범주 설정하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] dotnet run 명령 : 로그 환경 변수를 설정하고 프로그램 실행하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] HostingHostBuilderExtensions 클래스 : ConfigureLogging 확장 메소드를 사용해 콘솔 로그 기록기만 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] RAZOR 페이지 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] PageConventionCollectionExtensions 클래스 : AuthorizePage/AuthorizeFolder/AllowAnonymousToPage 확장 메소드를 사용해 RAZOR 페이지 권한 설정하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] DefaultAuthorizationPolicyProvider 클래스 : 커스텀 권한 정책 공급자 사용하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] IClaimsTransformation 인터페이스 : TransformAsync 메소드를 사용해 클레임 정책에 클레임 추가하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizationHandler<TRequirement, TResource> 클래스 : 리소스 기반 작업 권한 부여하기  (0) 2020.10.26
[.NETCORE/ASP.NET MVC] AuthorizeFilter 클래스 : 글로벌 권한 필터 사용하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationService 인터페이스 : AuthorizeAsync 메소드를 사용해 권한 조사하기  (0) 2020.10.25
[.NETCORE/ASP.NET MVC] IAuthorizationRequirement 인터페이스 : 커스텀 권한 설정하기  (0) 2020.10.25
Posted by 사용자 icodebroker

댓글을 달아 주세요