Permalink
Browse files

Changed the app roles to be represented by an enum to remove all the …

…magic strings
  • Loading branch information...
robdmoore committed Oct 24, 2014
1 parent 0041d8c commit 05e9a52eaa20c4c07c6ec06f873b8b7f842a86ac
@@ -43,6 +43,9 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\packages\Antlr.3.5.0.2\lib\Antlr3.Runtime.dll</HintPath>
</Reference>
+ <Reference Include="Humanizer">
+ <HintPath>..\packages\Humanizer.1.29.0\lib\portable-win+net40+sl50+wp8+wpa81\Humanizer.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.Azure.ActiveDirectory.GraphClient">
<HintPath>..\packages\Microsoft.Azure.ActiveDirectory.GraphClient.1.0.3\lib\net40\Microsoft.Azure.ActiveDirectory.GraphClient.dll</HintPath>
</Reference>
@@ -159,8 +162,11 @@
<Compile Include="Global.asax.cs">
<DependentUpon>Global.asax</DependentUpon>
</Compile>
+ <Compile Include="Infrastructure\Auth\AppRoles.cs" />
+ <Compile Include="Infrastructure\Auth\AuthorizeRolesAttribute.cs" />
<Compile Include="Infrastructure\Auth\AzureADGraphConnection.cs" />
<Compile Include="Infrastructure\Auth\AzureADGraphClaimsAuthenticationManager.cs" />
+ <Compile Include="Infrastructure\Auth\IPrincipalExtensions.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
@@ -1,4 +1,5 @@
using System.Web.Mvc;
+using AzureAdMvcExample.Infrastructure.Auth;
namespace AzureAdMvcExample.Controllers
{
@@ -9,19 +10,19 @@ public ActionResult Index()
return View();
}
- [Authorize(Roles = "Group 1")]
+ [AuthorizeRoles(AppRoles.Group1)]
public ActionResult Group1()
{
return View();
}
- [Authorize(Roles = "Group 2")]
+ [AuthorizeRoles(AppRoles.Group2)]
public ActionResult Group2()
{
return View();
}
- [Authorize(Roles = "Group 3")]
+ [AuthorizeRoles(AppRoles.Group3)]
public ActionResult Group3()
{
return View();
@@ -0,0 +1,14 @@
+using System.ComponentModel;
+
+namespace AzureAdMvcExample.Infrastructure.Auth
+{
+ public enum AppRoles
+ {
+ [Description("Group 1")]
+ Group1,
+ [Description("Group 2")]
+ Group2,
+ [Description("Group 3")]
+ Group3
+ }
+}
@@ -0,0 +1,12 @@
+using System.Web.Mvc;
+
+namespace AzureAdMvcExample.Infrastructure.Auth
+{
+ public class AuthorizeRolesAttribute : AuthorizeAttribute
+ {
+ public AuthorizeRolesAttribute(params AppRoles[] allowedRoles)
+ {
+ Roles = string.Join(",", allowedRoles);
+ }
+ }
+}
@@ -20,7 +20,7 @@ public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipa
var roles = graphConnection.GetRolesForUser(incomingPrincipal);
foreach (var r in roles)
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
- new Claim(ClaimTypes.Role, r, ClaimValueTypes.String, "GRAPH"));
+ new Claim(ClaimTypes.Role, r.ToString(), ClaimValueTypes.String, "GRAPH"));
return incomingPrincipal;
}
}
@@ -2,14 +2,15 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
+using Humanizer;
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace AzureAdMvcExample.Infrastructure.Auth
{
public interface IAzureADGraphConnection
{
- IList<string> GetRolesForUser(ClaimsPrincipal userPrincipal);
+ IList<AppRoles> GetRolesForUser(ClaimsPrincipal userPrincipal);
}
public class AzureADGraphConnection : IAzureADGraphConnection
@@ -27,12 +28,15 @@ public AzureADGraphConnection(string tenantName, string clientId, string clientS
_graphConnection = new GraphConnection(token, ClientRequestId);
}
- public IList<string> GetRolesForUser(ClaimsPrincipal userPrincipal)
+ public IList<AppRoles> GetRolesForUser(ClaimsPrincipal userPrincipal)
{
return _graphConnection.GetMemberGroups(new User(userPrincipal.Identity.Name), true)
.Select(groupId => _graphConnection.Get<Group>(groupId))
.Where(g => g != null)
.Select(g => g.DisplayName)
+ .Select(g => ((AppRoles?)g.DehumanizeTo(typeof(AppRoles), OnNoMatch.ReturnsNull)))
+ .Where(r => r.HasValue)
+ .Select(r => r.Value)
.ToList();
}
}
@@ -0,0 +1,12 @@
+using System.Security.Principal;
+
+namespace AzureAdMvcExample.Infrastructure.Auth
+{
+ public static class IPrincipalExtensions
+ {
+ public static bool IsInRole(this IPrincipal user, AppRoles role)
+ {
+ return user.IsInRole(role.ToString());
+ }
+ }
+}
@@ -1,4 +1,5 @@
@using System.Security.Claims
+@using AzureAdMvcExample.Infrastructure.Auth
@using ClaimTypes = System.IdentityModel.Claims.ClaimTypes
<!DOCTYPE html>
<html>
@@ -23,15 +24,15 @@
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li>@Html.ActionLink("Home", "Index", "Home")</li>
- @if (User.IsInRole("Group 1"))
+ @if (User.IsInRole(AppRoles.Group1))
{
<li>@Html.ActionLink("Group 1", "Group1", "Home")</li>
}
- @if (User.IsInRole("Group 2"))
+ @if (User.IsInRole(AppRoles.Group2))
{
<li>@Html.ActionLink("Group 2", "Group2", "Home")</li>
}
- @if (User.IsInRole("Group 3"))
+ @if (User.IsInRole(AppRoles.Group3))
{
<li>@Html.ActionLink("Group 3", "Group3", "Home")</li>
}
@@ -2,6 +2,7 @@
<packages>
<package id="Antlr" version="3.5.0.2" targetFramework="net45" />
<package id="bootstrap" version="3.2.0" targetFramework="net45" />
+ <package id="Humanizer" version="1.29.0" targetFramework="net45" />
<package id="jQuery" version="2.1.1" targetFramework="net45" />
<package id="jQuery.Validation" version="1.13.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Mvc" version="5.2.2" targetFramework="net45" />

0 comments on commit 05e9a52

Please sign in to comment.