[C#/ASP.NET MVC/.NETCORE] AuthorizationHandler 클래스 : 리소스 기반 작업 권한 부여하기

■ AuthorizationHandler<TRequirement, TResource> 클래스를 사용해 리소스 기반 작업 권한을 부여하는 방법을 보여준다.

▶ Models/AccountModel.ca


namespace TestProject.Models
{
    /// <summary>
    /// 계정 모델
    /// </summary>
    public class AccountModel
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 사용자 ID - UserID

        /// <summary>
        /// 사용자 ID
        /// </summary>
        public string UserID { get; set; }

        #endregion
        #region 사용자명 - UserName

        /// <summary>
        /// 사용자명
        /// </summary>
        public string UserName { get; set; }

        #endregion
        #region 부서 - Department

        /// <summary>
        /// 부서
        /// </summary>
        public string Department { get; set; }

        #endregion
    }
}

namespace TestProject.Models

{

/// <summary>

/// 계정 모델

/// </summary>

public class AccountModel

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Property

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 사용자 ID - UserID

/// <summary>

/// 사용자 ID

/// </summary>

public string UserID { get; set; }

#endregion

#region 사용자명 - UserName

/// <summary>

/// 사용자명

/// </summary>

public string UserName { get; set; }

#endregion

#region 부서 - Department

/// <summary>

/// 부서

/// </summary>

public string Department { get; set; }

#endregion

}

▶ Handlers/DocumentMethod.cs


namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 메소드
    /// </summary>
    public static class DocumentMethod
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region Field

        /// <summary>
        /// 작성
        /// </summary>
        public static readonly string Write = "Write";

        /// <summary>
        /// 수정
        /// </summary>
        public static readonly string Update = "Update";

        #endregion
    }
}

namespace TestProject.Handlers

{

/// <summary>

/// 문서 메소드

/// </summary>

public static class DocumentMethod

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Property

////////////////////////////////////////////////////////////////////////////////////////// Public

#region Field

/// <summary>

/// 작성

/// </summary>

public static readonly string Write = "Write";

/// <summary>

/// 수정

/// </summary>

public static readonly string Update = "Update";

#endregion

}

▶ Handlers/DocumentAuthorizationRequirement.cs


using Microsoft.AspNetCore.Authorization.Infrastructure;

namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 권한 요청
    /// </summary>
    public static class DocumentAuthorizationRequirement
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 작성 요청 - Write

        /// <summary>
        /// 작성 요청
        /// </summary>
        public static OperationAuthorizationRequirement Write => new OperationAuthorizationRequirement
        {
            Name = DocumentMethod.Write
        };

        #endregion
        #region 수정 요청 - Update

        /// <summary>
        /// 수정 요청
        /// </summary>
        public static OperationAuthorizationRequirement Update => new OperationAuthorizationRequirement
        {
            Name = DocumentMethod.Update
        };

        #endregion
    }
}

using Microsoft.AspNetCore.Authorization.Infrastructure;

namespace TestProject.Handlers

{

/// <summary>

/// 문서 권한 요청

/// </summary>

public static class DocumentAuthorizationRequirement

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Property

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 작성 요청 - Write

/// <summary>

/// 작성 요청

/// </summary>

public static OperationAuthorizationRequirement Write => new OperationAuthorizationRequirement

{

Name = DocumentMethod.Write

};

#endregion

#region 수정 요청 - Update

/// <summary>

/// 수정 요청

/// </summary>

public static OperationAuthorizationRequirement Update => new OperationAuthorizationRequirement

{

Name = DocumentMethod.Update

};

#endregion

}

▶ Handlers/DocumentAuthorizationHandler.cs


using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Infrastructure;
using System.Threading.Tasks;

using TestProject.Models;

namespace TestProject.Handlers
{
    /// <summary>
    /// 문서 권한 핸들러
    /// </summary>
    public class DocumentAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, AccountModel>
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Protected

        #region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement, account)

        /// <summary>
        /// 요청 처리하기 (비동기)
        /// </summary>
        /// <param name="context">권한 핸들러 컨텍스트</param>
        /// <param name="requirement">운영 권한 요청</param>
        /// <param name="account">계정</param>
        /// <returns>태스크</returns>
        protected override Task HandleRequirementAsync
        (
            AuthorizationHandlerContext       context,
            OperationAuthorizationRequirement requirement,
            AccountModel                      account
        )
        {
            if(requirement.Name == DocumentMethod.Write)
            {
                if(context.User.Identity.IsAuthenticated)
                {
                    if(account.Department == "영업팀")
                    {
                        if(context.User.HasClaim("SalesLevel", "A"))
                        {
                            context.Succeed(requirement);
                        }
                        else
                        {
                            context.Fail();
                        }
                    }
                    else
                    {
                        context.Fail();
                    }
                }
            }
            else if(requirement.Name == DocumentMethod.Update)
            {
                if(context.User.Identity.IsAuthenticated)
                {
                    if(account.Department == "기획팀")
                    {
                        context.Succeed(requirement);
                    }
                    else
                    {
                        context.Fail();
                    }
                }
            }

            return Task.CompletedTask;
        }

        #endregion
    }
}

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Authorization.Infrastructure;

using System.Threading.Tasks;

using TestProject.Models;

namespace TestProject.Handlers

{

/// <summary>

/// 문서 권한 핸들러

/// </summary>

public class DocumentAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, AccountModel>

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Protected

#region 요청 처리하기 (비동기) - HandleRequirementAsync(context, requirement, account)

/// <summary>

/// 요청 처리하기 (비동기)

/// </summary>

/// <param name="context">권한 핸들러 컨텍스트</param>

/// <param name="requirement">운영 권한 요청</param>

/// <param name="account">계정</param>

/// <returns>태스크</returns>

protected override Task HandleRequirementAsync

(

AuthorizationHandlerContext context,

OperationAuthorizationRequirement requirement,

AccountModel account

)

{

if(requirement.Name == DocumentMethod.Write)

{

if(context.User.Identity.IsAuthenticated)

{

if(account.Department == "영업팀")

{

if(context.User.HasClaim("SalesLevel", "A"))

{

context.Succeed(requirement);

}

else

{

context.Fail();

}

else

{

context.Fail();

}

else if(requirement.Name == DocumentMethod.Update)

{

if(context.User.Identity.IsAuthenticated)

{

if(account.Department == "기획팀")

{

context.Succeed(requirement);

}

else

{

context.Fail();

}

return Task.CompletedTask;

}

#endregion

}

▶ Startup.cs


using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

using TestProject.Handlers;

namespace TestProject
{
    /// <summary>
    /// 시작
    /// </summary>
    public class Startup
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 서비스 컬렉션 구성하기 - ConfigureServices(services)

        /// <summary>
        /// 서비스 컬렉션 구성하기
        /// </summary>
        /// <param name="services">서비스 컬렉션</param>
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication("CookieAuthentication")
                .AddCookie
                (
                    "CookieAuthentication",
                    options =>
                    {
                        options.Cookie.Name      = "TestProject.Cookie";
                        options.LoginPath        = "/Home/Login";
                        options.AccessDeniedPath = "/Home/NoAuthorized";
                    }
                );

            services.AddScoped<IAuthorizationHandler, DocumentAuthorizationHandler>();

            services.AddControllersWithViews();
        }

        #endregion
        #region 구성하기 - Configure(app, environment)

        /// <summary>
        /// 구성하기
        /// </summary>
        /// <param name="app">애플리케이션 빌더</param>
        /// <param name="environment">웹 호스트 환경</param>
        public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)
        {
            if(environment.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints
            (
                endpoints =>
                {
                    endpoints.MapDefaultControllerRoute();
                }
            );
        }

        #endregion
    }
}

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Hosting;

using TestProject.Handlers;

namespace TestProject

{

/// <summary>

/// 시작

/// </summary>

public class Startup

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 서비스 컬렉션 구성하기 - ConfigureServices(services)

/// <summary>

/// 서비스 컬렉션 구성하기

/// </summary>

/// <param name="services">서비스 컬렉션</param>

public void ConfigureServices(IServiceCollection services)

{

services.AddAuthentication("CookieAuthentication")

.AddCookie

(

"CookieAuthentication",

options =>

{

options.Cookie.Name = "TestProject.Cookie";

options.LoginPath = "/Home/Login";

options.AccessDeniedPath = "/Home/NoAuthorized";

}

);

services.AddScoped<IAuthorizationHandler, DocumentAuthorizationHandler>();

services.AddControllersWithViews();

}

#endregion

#region 구성하기 - Configure(app, environment)

/// <summary>

/// 구성하기

/// </summary>

/// <param name="app">애플리케이션 빌더</param>

/// <param name="environment">웹 호스트 환경</param>

public void Configure(IApplicationBuilder app, IWebHostEnvironment environment)

{

if(environment.IsDevelopment())

{

app.UseDeveloperExceptionPage();

}

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.UseEndpoints

(

endpoints =>

{

endpoints.MapDefaultControllerRoute();

}

);

}

#endregion

}

▶ Controllers/DocumentController.cs


using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;

using TestProject.Handlers;
using TestProject.Models;

namespace TestProject.Controllers
{
    /// <summary>
    /// 문서 컨트롤러
    /// </summary>
    public class DocumentController : Controller
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Field
        ////////////////////////////////////////////////////////////////////////////////////////// Private

        #region Field

        /// <summary>
        /// 권한 서비스
        /// </summary>
        private IAuthorizationService authorizationService;

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - DocumentController(authorizationService)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="authorizationService">권한 서비스</param>
        public DocumentController(IAuthorizationService authorizationService)
        {
            this.authorizationService = authorizationService;
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 작성 페이지 처리하기 - Write()

        /// <summary>
        /// 작성 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과 태스크</returns>
        public async Task<IActionResult> Write()
        {
            // 데이터베이스에서 조회한 정보라고 가정한다.
            AccountModel account = new AccountModel
            {
                UserID     = "E0001",
                UserName   = "홍길동",
                Department = "영업팀"
            };

            var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Write);

            if(!result.Succeeded)
            {
                return Forbid();
            }

            return View();
        }

        #endregion
        #region 수정 페이지 처리하기 - Update()

        /// <summary>
        /// 수정 페이지 처리하기
        /// </summary>
        /// <returns>액션 결과 태스크</returns>
        public async Task<IActionResult> Update()
        {
            // 데이터베이스에서 조회한 정보라고 가정한다.
            AccountModel account = new AccountModel
            {
                UserID     = "E0001",
                UserName   = "홍길동",
                Department = "영업팀"
            };

            var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Update);

            if(!result.Succeeded)
            {
                return Forbid();
            }

            return View();
        }

        #endregion
    }
}

100

101

102

103

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

using System.Threading.Tasks;

using TestProject.Handlers;

using TestProject.Models;

namespace TestProject.Controllers

{

/// <summary>

/// 문서 컨트롤러

/// </summary>

public class DocumentController : Controller

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Field

////////////////////////////////////////////////////////////////////////////////////////// Private

#region Field

/// <summary>

/// 권한 서비스

/// </summary>

private IAuthorizationService authorizationService;

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 생성자 - DocumentController(authorizationService)

/// <summary>

/// 생성자

/// </summary>

/// <param name="authorizationService">권한 서비스</param>

public DocumentController(IAuthorizationService authorizationService)

{

this.authorizationService = authorizationService;

}

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 작성 페이지 처리하기 - Write()

/// <summary>

/// 작성 페이지 처리하기

/// </summary>

/// <returns>액션 결과 태스크</returns>

public async Task<IActionResult> Write()

{

// 데이터베이스에서 조회한 정보라고 가정한다.

AccountModel account = new AccountModel

{

UserID = "E0001",

UserName = "홍길동",

Department = "영업팀"

};

var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Write);

if(!result.Succeeded)

{

return Forbid();

}

return View();

}

#endregion

#region 수정 페이지 처리하기 - Update()

/// <summary>

/// 수정 페이지 처리하기

/// </summary>

/// <returns>액션 결과 태스크</returns>

public async Task<IActionResult> Update()

{

// 데이터베이스에서 조회한 정보라고 가정한다.

AccountModel account = new AccountModel

{

UserID = "E0001",

UserName = "홍길동",

Department = "영업팀"

};

var result = await this.authorizationService.AuthorizeAsync(User, account, DocumentAuthorizationRequirement.Update);

if(!result.Succeeded)

{

return Forbid();

}

return View();

}

#endregion

}

TestProject.zip

icodebroker

[C#/ASP.NET MVC/.NETCORE] AuthorizationHandler 클래스 : 리소스 기반 작업 권한 부여하기

분류

가장 많이 읽힌 글

보관함