■ AuthorizationHandler<TRequirement, TResource> 클래스를 사용해 리소스 기반 작업 권한을 부여하는 방법을 보여준다.
▶ Models/AccountModel.ca
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
namespace TestProject.Models { /// <summary> /// 계정 모델 /// </summary> public class AccountModel { //////////////////////////////////////////////////////////////////////////////////////////////////// Property ////////////////////////////////////////////////////////////////////////////////////////// Public #region 사용자 ID - UserID /// <summary> /// 사용자 ID /// </summary> public string UserID { get; set; } #endregion #region 사용자명 - UserName /// <summary> /// 사용자명 /// </summary> public string UserName { get; set; } #endregion #region 부서 - Department /// <summary> /// 부서 /// </summary> public string Department { get; set; } #endregion } } |
▶ Handlers/DocumentMethod.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
namespace TestProject.Handlers { /// <summary> /// 문서 메소드 /// </summary> public static class DocumentMethod { //////////////////////////////////////////////////////////////////////////////////////////////////// Property ////////////////////////////////////////////////////////////////////////////////////////// Public #region Field /// <summary> /// 작성 /// </summary> public static readonly string Write = "Write"; /// <summary> /// 수정 /// </summary> public static readonly string Update = "Update"; #endregion } } |
▶ Handlers/DocumentAuthorizationRequirement.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
using Microsoft.AspNetCore.Authorization.Infrastructure; namespace TestProject.Handlers { /// <summary> /// 문서 권한 요청 /// </summary> public static class DocumentAuthorizationRequirement { //////////////////////////////////////////////////////////////////////////////////////////////////// Property ////////////////////////////////////////////////////////////////////////////////////////// Public #region 작성 요청 - Write /// <summary> /// 작성 요청 /// </summary> public static OperationAuthorizationRequirement Write => new OperationAuthorizationRequirement { Name = DocumentMethod.Write }; #endregion #region 수정 요청 - Update /// <summary> /// 수정 요청 /// </summary> public static OperationAuthorizationRequirement Update => new OperationAuthorizationRequirement { Name = DocumentMethod.Update }; #endregion } } |
▶ Handlers/DocumentAuthorizationHandler.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization.Infrastructure; using System.Threading.Tasks; using TestProject.Models; namespace TestProject.Handlers { /// <summary> /// 문서 권한 핸들러 /// </summary> public class DocumentAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, AccountModel> { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Protected #region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement, account) /// <summary> /// 요청 처리하기 (비동기) /// </summary> /// <param name="context">권한 핸들러 컨텍스트</param> /// <param name="requirement">운영 권한 요청</param> /// <param name="account">계정</param> /// <returns>태스크</returns> protected override Task HandleRequirementAsync ( AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement, AccountModel account ) { if(requirement.Name == DocumentMethod.Write) { if(context.User.Identity.IsAuthenticated) { if(account.Department == "영업팀") { if(context.User.HasClaim("SalesLevel", "A")) { context.Succeed(requirement); } else { context.Fail(); } } else { context.Fail(); } } } else if(requirement.Name == DocumentMethod.Update) { if(context.User.Identity.IsAuthenticated) { if(account.Department == "기획팀") { context.Succeed(requirement); } else { context.Fail(); } } } return Task.CompletedTask; } #endregion } } |
▶ Startup.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using TestProject.Handlers; namespace TestProject { /// <summary> /// 시작 /// </summary> public class Startup { //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Public #region 서비스 컬렉션 구성하기 - ConfigureServices(services) /// <summary> /// 서비스 컬렉션 구성하기 /// </summary> /// <param name="services">서비스 컬렉션</param> public void ConfigureServices(IServiceCollection services) { services.AddAuthentication("CookieAuthentication") .AddCookie ( "CookieAuthentication", options => { options.Cookie.Name = "TestProject.Cookie"; options.LoginPath = "/Home/Login"; options.AccessDeniedPath = "/Home/NoAuthorized"; } ); services.AddScoped<IAuthorizationHandler, DocumentAuthorizationHandler>(); services.AddControllersWithViews(); } #endregion #region 구성하기 - Configure(app, environment) /// <summary> /// 구성하기 /// </summary> /// <param name="app">애플리케이션 빌더</param> /// <param name="environment">웹 호스트 환경</param> public void Configure(IApplicationBuilder app, IWebHostEnvironment environment) { if(environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints ( endpoints => { endpoints.MapDefaultControllerRoute(); } ); } #endregion } } |
▶ Controllers/DocumentController.cs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Threading.Tasks; using TestProject.Handlers; using TestProject.Models; namespace TestProject.Controllers { /// <summary> /// 문서 컨트롤러 /// </summary> public class DocumentController : Controller { //////////////////////////////////////////////////////////////////////////////////////////////////// Field ////////////////////////////////////////////////////////////////////////////////////////// Private #region Field /// <summary> /// 권한 서비스 /// </summary> private IAuthorizationService authorizationService; #endregion //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor ////////////////////////////////////////////////////////////////////////////////////////// Public #region 생성자 - DocumentController(authorizationService) /// <summary> /// 생성자 /// </summary> /// <param name="authorizationService">권한 서비스</param> public DocumentController(IAuthorizationService authorizationService) { this.authorizationService = authorizationService; } #endregion //////////////////////////////////////////////////////////////////////////////////////////////////// Method ////////////////////////////////////////////////////////////////////////////////////////// Public #region 작성 페이지 처리하기 - Write() /// <summary> /// 작성 페이지 처리하기 /// </summary> /// <returns>액션 결과 태스크</returns> public async Task<IActionResult> Write() { // 데이터베이스에서 조회한 정보라고 가정한다. AccountModel account = new AccountModel { UserID = "E0001", UserName = "홍길동", Department = "영업팀" }; var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Write); if(!result.Succeeded) { return Forbid(); } return View(); } #endregion #region 수정 페이지 처리하기 - Update() /// <summary> /// 수정 페이지 처리하기 /// </summary> /// <returns>액션 결과 태스크</returns> public async Task<IActionResult> Update() { // 데이터베이스에서 조회한 정보라고 가정한다. AccountModel account = new AccountModel { UserID = "E0001", UserName = "홍길동", Department = "영업팀" }; var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Update); if(!result.Succeeded) { return Forbid(); } return View(); } #endregion } } |