[C#/ASP.NET MVC/.NETCORE] IAuthorizationRequirement 인터페이스 : 커스텀 권한 설정하기
C#/ASP.NET MVC 2020. 10. 25. 17:24728x90
반응형
728x170
▶ AuthorizationRequirement/CustomAuthorizationRequirement.cs
using Microsoft.AspNetCore.Authorization;
namespace TestProject.AuthorizationRequirements
{
/// <summary>
/// 커스텀 권한 요청
/// </summary>
public class CustomAuthorizationRequirement : IAuthorizationRequirement
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Property
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 클레임 타입 - ClaimType
/// <summary>
/// 클레임 타입
/// </summary>
public string ClaimType { private set; get; }
#endregion
//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 생성자 - CustomAuthorizationRequirement(claimType)
/// <summary>
/// 생성자
/// </summary>
/// <param name="claimType">클레임 타입</param>
public CustomAuthorizationRequirement(string claimType)
{
ClaimType = claimType;
}
#endregion
}
}
728x90
▶ AuthorizationRequirement/CustomAuthorizationHandler.cs
using Microsoft.AspNetCore.Authorization;
using System.Linq;
using System.Threading.Tasks;
namespace TestProject.AuthorizationRequirements
{
/// <summary>
/// 커스텀 권한 핸들러
/// </summary>
public class CustomAuthorizationHandler : AuthorizationHandler<CustomAuthorizationRequirement>
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Protected
#region 요청 사항 처리하기 (비동기) - HandleRequirementAsync(context, requirement)
/// <summary>
/// 요청 사항 처리하기 (비동기)
/// </summary>
/// <param name="context">컨텍스트</param>
/// <param name="requirement">요청</param>
/// <returns>태스크</returns>
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomAuthorizationRequirement requirement)
{
bool hasClaim = context.User.Claims.Any(x => x.Type == requirement.ClaimType);
if(hasClaim)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
#endregion
}
}
300x250
▶ AuthorizationRequirement/CustomAuthorizatonPolicyBuilderExtension.cs
using Microsoft.AspNetCore.Authorization;
namespace TestProject.AuthorizationRequirements
{
/// <summary>
/// 커스텀 권한 정책 빌더 확장
/// </summary>
public static class CustomAuthorizatonPolicyBuilderExtension
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Static
//////////////////////////////////////////////////////////////////////////////// Public
#region 커스텀 클레임 요청하기 - RequireCustomClaim(builder, claimType)
/// <summary>
/// 커스텀 클레임 요청하기
/// </summary>
/// <param name="builder">권한 정책 빌더</param>
/// <param name="claimType">클레임 타입</param>
/// <returns>권한 정책 빌더</returns>
public static AuthorizationPolicyBuilder RequireCustomClaim(this AuthorizationPolicyBuilder builder, string claimType)
{
builder.AddRequirements(new CustomAuthorizationRequirement(claimType));
return builder;
}
#endregion
}
}
▶ Startup.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System.Security.Claims;
using TestProject.AuthorizationRequirements;
namespace TestProject
{
/// <summary>
/// 시작
/// </summary>
public class Startup
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 서비스 컬렉션 구성하기 - ConfigureServices(services)
/// <summary>
/// 서비스 컬렉션 구성하기
/// </summary>
/// <param name="services">서비스 컬렉션</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication("CookieAuthentication")
.AddCookie
(
"CookieAuthentication",
options =>
{
options.Cookie.Name = "TestProject.Cookie";
options.LoginPath = "/Home/Login";
}
);
services.AddAuthorization
(
options =>
{
options.AddPolicy
(
"Claim.DateOfBirth",
builder =>
{
builder.RequireCustomClaim(ClaimTypes.DateOfBirth);
}
);
}
);
services.AddScoped<IAuthorizationHandler, CustomAuthorizationHandler>();
services.AddControllersWithViews();
}
#endregion
#region 구성하기 - Configure(app, environment)
/// <summary>
/// 구성하기
/// </summary>
/// <param name="app">애플리케이션 빌더</param>
/// <param name="environment">웹 호스트 환경</param>
public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
{
if(environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints
(
endpoints =>
{
endpoints.MapDefaultControllerRoute();
}
);
}
#endregion
}
}
▶ Controllers/HomeController.cs
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
namespace TestProject.Controllers
{
/// <summary>
/// 홈 컨트롤러
/// </summary>
public class HomeController : Controller
{
//////////////////////////////////////////////////////////////////////////////////////////////////// Method
////////////////////////////////////////////////////////////////////////////////////////// Public
#region 인덱스 페이지 처리하기 - Index()
/// <summary>
/// 인덱스 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
public IActionResult Index()
{
return View();
}
#endregion
#region 사용자 페이지 처리하기 - UserPage()
/// <summary>
/// 사용자 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[Authorize(Roles = "User")]
public IActionResult UserPage()
{
return View();
}
#endregion
#region 비밀 페이지 처리하기 - Secret()
/// <summary>
/// 비밀 페이지 처리하기
/// </summary>
/// <returns>액션 결과</returns>
[Authorize(Policy = "Claim.DateOfBirth")]
public IActionResult Secret()
{
return View();
}
#endregion
#region 로그인 페이지 처리하기 - Login(returnURL)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="returnURL">반환 URL</param>
/// <returns>액션 결과</returns>
[HttpGet]
public IActionResult Login(string returnURL = null)
{
ViewData["ReturnURL"] = returnURL;
return View();
}
#endregion
#region 로그인 페이지 처리하기 - Login(userName, password, returnURL)
/// <summary>
/// 로그인 페이지 처리하기
/// </summary>
/// <param name="userName">사용자명</param>
/// <param name="password">패스워드</param>
/// <param name="returnURL">반환 URL</param>
/// <returns>액션 결과</returns>
[HttpPost]
public async Task<IActionResult> Login(string userName, string password, string returnURL)
{
if(userName == "홍길동" && password == "1234")
{
List<Claim> personClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "홍길동" ),
new Claim(ClaimTypes.Gender , "남성" ),
new Claim(ClaimTypes.DateOfBirth, "2000-01-01" ),
new Claim(ClaimTypes.HomePhone , "02-700-1000" ),
new Claim(ClaimTypes.MobilePhone, "010-3000-4000" ),
new Claim(ClaimTypes.Email , "hkd@daum.net" ),
new Claim(ClaimTypes.Country , "한국" ),
new Claim(ClaimTypes.PostalCode , "300-400" ),
new Claim(ClaimTypes.Role , "User" )
};
List<Claim> licenseClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "홍길동"),
new Claim("License" , "1급" )
};
ClaimsIdentity personClaimsIdentity = new ClaimsIdentity(personClaimList , "개인");
ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부");
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal
(
new []
{
personClaimsIdentity,
licenseClaimsIdentity
}
);
await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal);
if(returnURL == null)
{
return RedirectToAction("Index");
}
else
{
return Redirect(returnURL);
}
}
else if(userName == "김철수" && password == "1234")
{
List<Claim> personClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "김철수" ),
new Claim(ClaimTypes.Gender , "남성" ),
//new Claim(ClaimTypes.DateOfBirth, "2000-05-01" ),
new Claim(ClaimTypes.HomePhone , "02-500-3000" ),
new Claim(ClaimTypes.MobilePhone, "010-5000-3000" ),
new Claim(ClaimTypes.Email , "hkd@daum.net" ),
new Claim(ClaimTypes.Country , "kcs" ),
new Claim(ClaimTypes.PostalCode , "200-100" ),
new Claim(ClaimTypes.Role , "User" )
};
List<Claim> licenseClaimList = new List<Claim>()
{
new Claim(ClaimTypes.Name , "김철수"),
new Claim("License" , "2급" )
};
ClaimsIdentity personClaimsIdentity = new ClaimsIdentity(personClaimList , "개인");
ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부");
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal
(
new []
{
personClaimsIdentity,
licenseClaimsIdentity
}
);
await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal);
if(returnURL == null)
{
return RedirectToAction("Index");
}
else
{
return Redirect(returnURL);
}
}
else
{
ViewData["Message"] = "등록되지 않은 사용자 입니다.";
return View();
}
}
#endregion
#region 로그아웃 페이지 처리하기 - Logout()
/// <summary>
/// 로그아웃 페이지 처리하기
/// </summary>
/// <returns>액션 결과 태스크</returns>
public async Task<IActionResult> Logout()
{
await HttpContext.SignOutAsync("CookieAuthentication");
return RedirectToAction("Index");
}
#endregion
}
}728x90
반응형
그리드형(광고전용)
댓글을 달아 주세요