■ IAuthorizationRequirement 인터페이스를 사용해 커스텀 권한을 설정하는 방법을 보여준다.
▶ AuthorizationRequirement/CustomAuthorizationRequirement.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
using Microsoft.AspNetCore.Authorization; namespace TestProject.AuthorizationRequirements { /// <summary> /// 커스텀 권한 요청 /// </summary> public class CustomAuthorizationRequirement : IAuthorizationRequirement { //////////////////////////////////////////////////////////////////////////////////////////////////// Property ////////////////////////////////////////////////////////////////////////////////////////// Public #region 클레임 타입 - ClaimType /// <summary> /// 클레임 타입 /// </summary> public string ClaimType { private set; get; } #endregion //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor ////////////////////////////////////////////////////////////////////////////////////////// Public #region 생성자 - CustomAuthorizationRequirement(claimType) /// <summary> /// 생성자 /// </summary> /// <param name="claimType">클레임 타입</param> public CustomAuthorizationRequirement(string claimType) { ClaimType = claimType; } #endregion } } |
▶ AuthorizationRequirement/CustomAuthorizationHandler.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
using Microsoft.AspNetCore.Authorization; using System.Linq; using System.Threading.Tasks; namespace TestProject.AuthorizationRequirements { /// <summary> /// 커스텀 권한 핸들러 /// </summary> public class CustomAuthorizationHandler : AuthorizationHandler<CustomAuthorizationRequirement> { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Protected #region 요청 사항 처리하기 (비동기) - HandleRequirementAsync(context, requirement) /// <summary> /// 요청 사항 처리하기 (비동기) /// </summary> /// <param name="context">컨텍스트</param> /// <param name="requirement">요청</param> /// <returns>태스크</returns> protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomAuthorizationRequirement requirement) { bool hasClaim = context.User.Claims.Any(x => x.Type == requirement.ClaimType); if(hasClaim) { context.Succeed(requirement); } return Task.CompletedTask; } #endregion } } |
▶ AuthorizationRequirement/CustomAuthorizatonPolicyBuilderExtension.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
using Microsoft.AspNetCore.Authorization; namespace TestProject.AuthorizationRequirements { /// <summary> /// 커스텀 권한 정책 빌더 확장 /// </summary> public static class CustomAuthorizatonPolicyBuilderExtension { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Static //////////////////////////////////////////////////////////////////////////////// Public #region 커스텀 클레임 요청하기 - RequireCustomClaim(builder, claimType) /// <summary> /// 커스텀 클레임 요청하기 /// </summary> /// <param name="builder">권한 정책 빌더</param> /// <param name="claimType">클레임 타입</param> /// <returns>권한 정책 빌더</returns> public static AuthorizationPolicyBuilder RequireCustomClaim(this AuthorizationPolicyBuilder builder, string claimType) { builder.AddRequirements(new CustomAuthorizationRequirement(claimType)); return builder; } #endregion } } |
▶ Startup.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using System.Security.Claims; using TestProject.AuthorizationRequirements; namespace TestProject { /// <summary> /// 시작 /// </summary> public class Startup { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Public #region 서비스 컬렉션 구성하기 - ConfigureServices(services) /// <summary> /// 서비스 컬렉션 구성하기 /// </summary> /// <param name="services">서비스 컬렉션</param> public void ConfigureServices(IServiceCollection services) { services.AddAuthentication("CookieAuthentication") .AddCookie ( "CookieAuthentication", options => { options.Cookie.Name = "TestProject.Cookie"; options.LoginPath = "/Home/Login"; } ); services.AddAuthorization ( options => { options.AddPolicy ( "Claim.DateOfBirth", builder => { builder.RequireCustomClaim(ClaimTypes.DateOfBirth); } ); } ); services.AddScoped<IAuthorizationHandler, CustomAuthorizationHandler>(); services.AddControllersWithViews(); } #endregion #region 구성하기 - Configure(app, environment) /// <summary> /// 구성하기 /// </summary> /// <param name="app">애플리케이션 빌더</param> /// <param name="environment">웹 호스트 환경</param> public void Configure(IApplicationBuilder app, IWebHostEnvironment environment) { if(environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints ( endpoints => { endpoints.MapDefaultControllerRoute(); } ); } #endregion } } |
▶ Controllers/HomeController.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; namespace TestProject.Controllers { /// <summary> /// 홈 컨트롤러 /// </summary> public class HomeController : Controller { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Public #region 인덱스 페이지 처리하기 - Index() /// <summary> /// 인덱스 페이지 처리하기 /// </summary> /// <returns>액션 결과</returns> public IActionResult Index() { return View(); } #endregion #region 사용자 페이지 처리하기 - UserPage() /// <summary> /// 사용자 페이지 처리하기 /// </summary> /// <returns>액션 결과</returns> [Authorize(Roles = "User")] public IActionResult UserPage() { return View(); } #endregion #region 비밀 페이지 처리하기 - Secret() /// <summary> /// 비밀 페이지 처리하기 /// </summary> /// <returns>액션 결과</returns> [Authorize(Policy = "Claim.DateOfBirth")] public IActionResult Secret() { return View(); } #endregion #region 로그인 페이지 처리하기 - Login(returnURL) /// <summary> /// 로그인 페이지 처리하기 /// </summary> /// <param name="returnURL">반환 URL</param> /// <returns>액션 결과</returns> [HttpGet] public IActionResult Login(string returnURL = null) { ViewData["ReturnURL"] = returnURL; return View(); } #endregion #region 로그인 페이지 처리하기 - Login(userName, password, returnURL) /// <summary> /// 로그인 페이지 처리하기 /// </summary> /// <param name="userName">사용자명</param> /// <param name="password">패스워드</param> /// <param name="returnURL">반환 URL</param> /// <returns>액션 결과</returns> [HttpPost] public async Task<IActionResult> Login(string userName, string password, string returnURL) { if(userName == "홍길동" && password == "1234") { List<Claim> personClaimList = new List<Claim>() { new Claim(ClaimTypes.Name , "홍길동" ), new Claim(ClaimTypes.Gender , "남성" ), new Claim(ClaimTypes.DateOfBirth, "2000-01-01" ), new Claim(ClaimTypes.HomePhone , "02-700-1000" ), new Claim(ClaimTypes.MobilePhone, "010-3000-4000" ), new Claim(ClaimTypes.Email , "hkd@daum.net" ), new Claim(ClaimTypes.Country , "한국" ), new Claim(ClaimTypes.PostalCode , "300-400" ), new Claim(ClaimTypes.Role , "User" ) }; List<Claim> licenseClaimList = new List<Claim>() { new Claim(ClaimTypes.Name , "홍길동"), new Claim("License" , "1급" ) }; ClaimsIdentity personClaimsIdentity = new ClaimsIdentity(personClaimList , "개인"); ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부"); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal ( new [] { personClaimsIdentity, licenseClaimsIdentity } ); await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal); if(returnURL == null) { return RedirectToAction("Index"); } else { return Redirect(returnURL); } } else if(userName == "김철수" && password == "1234") { List<Claim> personClaimList = new List<Claim>() { new Claim(ClaimTypes.Name , "김철수" ), new Claim(ClaimTypes.Gender , "남성" ), //new Claim(ClaimTypes.DateOfBirth, "2000-05-01" ), new Claim(ClaimTypes.HomePhone , "02-500-3000" ), new Claim(ClaimTypes.MobilePhone, "010-5000-3000" ), new Claim(ClaimTypes.Email , "hkd@daum.net" ), new Claim(ClaimTypes.Country , "kcs" ), new Claim(ClaimTypes.PostalCode , "200-100" ), new Claim(ClaimTypes.Role , "User" ) }; List<Claim> licenseClaimList = new List<Claim>() { new Claim(ClaimTypes.Name , "김철수"), new Claim("License" , "2급" ) }; ClaimsIdentity personClaimsIdentity = new ClaimsIdentity(personClaimList , "개인"); ClaimsIdentity licenseClaimsIdentity = new ClaimsIdentity(licenseClaimList, "정부"); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal ( new [] { personClaimsIdentity, licenseClaimsIdentity } ); await HttpContext.SignInAsync("CookieAuthentication", claimsPrincipal); if(returnURL == null) { return RedirectToAction("Index"); } else { return Redirect(returnURL); } } else { ViewData["Message"] = "등록되지 않은 사용자 입니다."; return View(); } } #endregion #region 로그아웃 페이지 처리하기 - Logout() /// <summary> /// 로그아웃 페이지 처리하기 /// </summary> /// <returns>액션 결과 태스크</returns> public async Task<IActionResult> Logout() { await HttpContext.SignOutAsync("CookieAuthentication"); return RedirectToAction("Index"); } #endregion } } |