diff --git a/aspnetcore/security/authorization/iauthorizationpolicyprovider.md b/aspnetcore/security/authorization/iauthorizationpolicyprovider.md index f2c8467c4a..83f192402e 100644 --- a/aspnetcore/security/authorization/iauthorizationpolicyprovider.md +++ b/aspnetcore/security/authorization/iauthorizationpolicyprovider.md @@ -19,16 +19,19 @@ Examples of scenarios where a custom [IAuthorizationPolicyProvider](/dotnet/api/ * Using a large range of policies (for different room numbers or ages, for example), so it doesn’t make sense to add each individual authorization policy with an `AuthorizationOptions.AddPolicy` call. * Creating policies at runtime based on information in an external data source (like a database) or determining authorization requirements dynamically through another mechanism. -## Customizing policy retrieval +[View or download sample code](https://github.com/aspnet/AuthSamples/tree/master/samples/CustomPolicyProvider) from the [aspnet/AuthSamples GitHub repository](https://github.com/aspnet/AuthSamples). Download the aspnet/AuthSamples repository ZIP file. +Unzip the *AuthSamples-master.zip* file. Navigate to the *samples/CustomPolicyProvider* project folder. -ASP.NET Core apps use an implementation of the `IAuthorizationPolicyProvider` interface to retrieve authorization policies. By default, [DefaultAuthorizationPolicyProvider](https://docs.microsoft.com/dotnet/api/microsoft.aspnetcore.authorization.defaultauthorizationpolicyprovider) is registered and used. `DefaultAuthorizationPolicyProvider` returns policies from the `AuthorizationOptions` provided in an `IServiceCollection.AddAuthorization` call. +## Customize policy retrieval + +ASP.NET Core apps use an implementation of the `IAuthorizationPolicyProvider` interface to retrieve authorization policies. By default, [DefaultAuthorizationPolicyProvider](/dotnet/api/microsoft.aspnetcore.authorization.defaultauthorizationpolicyprovider) is registered and used. `DefaultAuthorizationPolicyProvider` returns policies from the `AuthorizationOptions` provided in an `IServiceCollection.AddAuthorization` call. You can customize this behavior by registering a different `IAuthorizationPolicyProvider` implementation in the app’s [dependency injection](xref:fundamentals/dependency-injection) container. The `IAuthorizationPolicyProvider` interface contains two APIs: -* [GetPolicyAsync](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authorization.iauthorizationpolicyprovider.getpolicyasync?view=aspnetcore-2.0#Microsoft_AspNetCore_Authorization_IAuthorizationPolicyProvider_GetPolicyAsync_System_String_) returns an authorization policy for a given name. -* [GetDefaultPolicyAsync](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authorization.iauthorizationpolicyprovider.getdefaultpolicyasync?view=aspnetcore-2.0) returns the default authorization policy (the policy used for `[Authorize]` attributes without a policy specified). +* [GetPolicyAsync](/dotnet/api/microsoft.aspnetcore.authorization.iauthorizationpolicyprovider.getpolicyasync#Microsoft_AspNetCore_Authorization_IAuthorizationPolicyProvider_GetPolicyAsync_System_String_) returns an authorization policy for a given name. +* [GetDefaultPolicyAsync](/dotnet/api/microsoft.aspnetcore.authorization.iauthorizationpolicyprovider.getdefaultpolicyasync) returns the default authorization policy (the policy used for `[Authorize]` attributes without a policy specified). By implementing these two APIs, you can customize how authorization policies are provided. @@ -41,7 +44,7 @@ One scenario where `IAuthorizationPolicyProvider` is useful is enabling custom ` Authorization policies are identified by their names. The custom `MinimumAgeAuthorizeAttribute` described previously needs to map arguments into a string that can be used to retrieve the corresponding authorization policy. You can do this by deriving from `AuthorizeAttribute` and making the `Age` property wrap the `AuthorizeAttribute.Policy` property. -```CSharp +```csharp internal class MinimumAgeAuthorizeAttribute : AuthorizeAttribute { const string POLICY_PREFIX = "MinimumAge"; @@ -71,7 +74,7 @@ This attribute type has a `Policy` string based on the hard-coded prefix (`"Mini You can apply it to actions in the same way as other `Authorize` attributes except that it takes an integer as a parameter. -```CSharp +```csharp [MinimumAgeAuthorize(10)] public IActionResult RequiresMinimumAge10() ``` @@ -86,7 +89,7 @@ When using `MinimumAgeAuthorizationAttribute`, the authorization policy names wi * Using `AuthorizationPolicyBuilder` to create a new `AuthorizationPolicy` * Adding requirements to the policy based on the age with `AuthorizationPolicyBuilder.AddRequirements`. In other scenarios, you might use `RequireClaim`, `RequireRole`, or `RequireUserName` instead. -```CSharp +```csharp internal class MinimumAgePolicyProvider : IAuthorizationPolicyProvider { const string POLICY_PREFIX = "MinimumAge"; @@ -125,7 +128,7 @@ In addition to providing named authorization policies, a custom `IAuthorizationP In many cases, this authorization attribute only requires an authenticated user, so you can make the necessary policy with a call to `RequireAuthenticatedUser`: -```CSharp +```csharp public Task GetDefaultPolicyAsync() => Task.FromResult(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()); ``` @@ -135,14 +138,14 @@ As with all aspects of a custom `IAuthorizationPolicyProvider`, you can customiz * Default authorization policies might not be used. * Retrieving the default policy can be delegated to a fallback `IAuthorizationPolicyProvider`. -## Using a Custom IAuthorizationPolicyProvider +## Use a custom IAuthorizationPolicyProvider To use custom policies from an `IAuthorizationPolicyProvider`, you must: * Register the appropriate `AuthorizationHandler` types with dependency injection (described in [policy-based authorization](xref:security/authorization/policies#authorization-handlers)), as with all policy-based authorization scenarios. * Register the custom `IAuthorizationPolicyProvider` type in the app's dependency injection service collection (in `Startup.ConfigureServices`) to replace the default policy provider. -```CSharp +```csharp services.AddTransient(); ```