I searched the web and I couldn't find one that will solve my problem. I created a custom policy based authorization in .NET core
//Group.cs
public class Group
{
public string GroupType { get; set; }
public string GroupValue { get; set; }
}
//AuthorizeAdmin.cs
public class AuthorizeAdmin : AuthorizeAttribute
{
public AuthorizeAdmin() : base(AuthorizationPolicyNames.Admin)
{
}
}
//AdminClaimRequirement.cs
public class AdminClaimRequirement : IAuthorizationRequirement
{
public Group Group { get; private set; }
}
public AdminClaimRequirement()
{
Group group = new Group();
claim.GroupType = "groups";
claim.GroupValue = "SiteAdmin";
Group = group;
}
//AdminClaimRequirementHandler.cs
public class AdminClaimRequirementHandler : AuthorizationHandler<AdminClaimRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AdminClaimRequirement requirement)
{
if (context.User.HasClaim(requirement.Group.GroupType, requirement.Group.GroupValue))
{
context.Succeed(requirement);
return Task.CompletedTask;
}
return Task.CompletedTask;
}
}
//AuthorizationPolicyNames.cs
public static class AuthorizationPolicyNames
{
public static string Admin => "AdminOnly";
}
And this how I used in my controller
[ApiController]
[AuthorizeAdmin]
public class MyController : ControllerBase
{
}
I followed this Unit test AuthorizationHandler
this http://blog.stoverud.no/posts/how-to-unit-test-asp-net-core-authorizationhandler/
and this Is it possible to write a test that can test an AuthorizationPolicy Object?
but couldnt make it work...
This is my solution for now but I dont know how to use my policies I created
[Test]
public async Task AdminAuthorizationHandler_Should_Succeed()
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new List<System.Security.Claims.Claim> { new System.Security.Claims.Claim("groups", "SiteAdmin") }));
var policy = new AuthorizationPolicyBuilder()
.RequireClaim("groups", "SiteAdmin")
.Build();
Assert.That(await CanAuthorizeUserWithPolicyAsync(user, policy), Is.EqualTo(true));
}
private static async Task<bool> CanAuthorizeUserWithPolicyAsync(ClaimsPrincipal user, AuthorizationPolicy policy)
{
var handlers = policy.Requirements.Select(x => x as IAuthorizationHandler).ToArray();
// add your custom authorization handlers here to the `handlers` collection
var authorizationOptions = Options.Create(new AuthorizationOptions());
authorizationOptions.Value.AddPolicy(nameof(policy), policy);
var policyProvider = new DefaultAuthorizationPolicyProvider(authorizationOptions);
var handlerProvider = new DefaultAuthorizationHandlerProvider(handlers);
var contextFactory = new DefaultAuthorizationHandlerContextFactory();
var authorizationService = new DefaultAuthorizationService(
policyProvider,
handlerProvider,
new NullLogger<DefaultAuthorizationService>(),
contextFactory,
new DefaultAuthorizationEvaluator(),
authorizationOptions);
var result = await authorizationService.AuthorizeAsync(user, policy);
return result.Succeeded;
}
also this
[Test]
public async Task AdminAuthorizationHandler3_Should_Succeed()
{
// Arrange
var authorizationService = BuildAuthorizationService(services =>
{
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationPolicyNames.Admin, policy => policy.Requirements.Add(new AdminClaimRequirement()));
});
});
var user = new ClaimsPrincipal(new ClaimsIdentity(new System.Security.Claims.Claim[] { new System.Security.Claims.Claim("groups", "SiteAdmin") }));
// Act
var allowed = await authorizationService.AuthorizeAsync(user, AuthorizationPolicyNames.Admin);
// Assert
Assert.True(allowed.Succeeded);
}
My goal is to test the AdminClaimRequirement / AdminClaimRequirementHandler not the controller.
