5

I have this code for visual studio Identity 

namespace BlazorBoilerplate.Shared.AuthorizationDefinitions
{
    public static class Policies
    {
        public const string IsAdmin = "IsAdmin";
        public const string IsUser = "IsUser";
        public const string IsReadOnly = "IsReadOnly";
        public const string IsMyDomain = "IsMyDomain";

        public static AuthorizationPolicy IsAdminPolicy()
        {
            return new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .RequireClaim("IsAdministrator")
                .Build();
        }

        public static AuthorizationPolicy IsUserPolicy()
        {
            return new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .RequireClaim("IsUser")
                .Build();
        }

        public static AuthorizationPolicy IsReadOnlyPolicy()
        {
            return new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .RequireClaim("ReadOnly", "true")
                .Build();
        }

        public static AuthorizationPolicy IsMyDomainPolicy()
        {
            return new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddRequirements(new DomainRequirement("blazorboilerplate.com"))
            .Build();                
        }
    }
}

The usage of this is as follows:

[Authorize(Policy = Policies.IsAdmin)]

So clearly if someone is an Admin they should pass Policies.IsUser, but this design does not accommodate that. So how can I do either an OR statement in the Policy, or with in the Authorize to accept one of multiple policies.

David Liang
  • 20,385
  • 6
  • 44
  • 70
Tom Crosman
  • 1,137
  • 1
  • 12
  • 37

1 Answers1

2

You need to use RequireAssertion

                   case Policies.IsUser:
                        policy = new AuthorizationPolicyBuilder()
                            .RequireAuthenticatedUser()
                            .RequireAssertion(ctx =>
                            ctx.User.HasClaim(claim => claim.Type == "IsUser") ||
                            ctx.User.IsInRole(DefaultRoleNames.Administrator))
                            .Build();
GioviQ
  • 75
  • 1
  • 9