[C#/ASP.NET MVC/.NET5] TypeFilterAttribute 클래스 : 복수 역할 권한 확인 어트리뷰트 사용하기

■ TypeFilterAttribute 클래스를 사용해 복수 역할 권한 확인 어트리뷰트를 사용하는 방법을 보여준다.

▶ MultipleRoleAuthorizeAttribute.cs


using Microsoft.AspNetCore.Mvc;

namespace TestServer.Tools
{
    /// <summary>
    /// 복수 역할 권한 확인 어트리브튜
    /// </summary>
    public class MultipleRoleAuthorizeAttribute : TypeFilterAttribute
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - MultipleRoleAuthorizeAttribute(policyList, applyAnd)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="policyList">정책 리스트</param>
        /// <param name="applyAnd">AND 적용 여부</param>
        public MultipleRoleAuthorizeAttribute(string policyList, bool applyAnd = false) : base(typeof(MultipleRoleAuthorizeFilter))
        {
            Arguments = new object[] { policyList, applyAnd };
        }

        #endregion
    }
}

using Microsoft.AspNetCore.Mvc;

namespace TestServer.Tools

{

/// <summary>

/// 복수 역할 권한 확인 어트리브튜

/// </summary>

public class MultipleRoleAuthorizeAttribute : TypeFilterAttribute

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 생성자 - MultipleRoleAuthorizeAttribute(policyList, applyAnd)

/// <summary>

/// 생성자

/// </summary>

/// <param name="policyList">정책 리스트</param>

/// <param name="applyAnd">AND 적용 여부</param>

public MultipleRoleAuthorizeAttribute(string policyList, bool applyAnd = false) : base(typeof(MultipleRoleAuthorizeFilter))

{

Arguments = new object[] { policyList, applyAnd };

}

#endregion

}

▶ MultipleRoleAuthorizeFilter.cs


using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;

namespace TestServer.Tools
{
    /// <summary>
    /// 복수 역할 권한 확인 필터
    /// </summary>
    public class MultipleRoleAuthorizeFilter : IAsyncAuthorizationFilter
    {
        //////////////////////////////////////////////////////////////////////////////////////////////////// Field
        ////////////////////////////////////////////////////////////////////////////////////////// Private

        #region Field

        /// <summary>
        /// 권한 서비스
        /// </summary>
        private readonly IAuthorizationService authorizationService;

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Property
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 정책 리스트 - PolicyList

        /// <summary>
        /// 정책 리스트
        /// </summary>
        public string PolicyList { get; private set; }

        #endregion
        #region AND 적용 여부 - ApplyAnd

        /// <summary>
        /// AND 적용 여부
        /// </summary>
        public bool ApplyAnd { get; private set; }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Constructor
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 생성자 - MultipleRoleAuthorizeFilter(policyList, applyAnd, authorizationService)

        /// <summary>
        /// 생성자
        /// </summary>
        /// <param name="policyList">정책 리스트</param>
        /// <param name="applyAnd">AND 적용 여부</param>
        /// <param name="authorizationService">권한 서비스</param>
        public MultipleRoleAuthorizeFilter(string policyList, bool applyAnd, IAuthorizationService authorizationService)
        {
           this.authorizationService = authorizationService;

           PolicyList = policyList;
           ApplyAnd   = applyAnd;
        }

        #endregion

        //////////////////////////////////////////////////////////////////////////////////////////////////// Method
        ////////////////////////////////////////////////////////////////////////////////////////// Public

        #region 권한 확인시 처리하기 (비동기) - OnAuthorizationAsync(context)

        /// <summary>
        /// 권한 확인시 처리하기 (비동기)
        /// </summary>
        /// <param name="context">컨텍스트</param>
        /// <returns>태스크</returns>
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            List<string> list = PolicyList.Split(";").ToList();

            if(ApplyAnd)
            {
                foreach(string policy in list)
                {
                    AuthorizationResult result = await authorizationService.AuthorizeAsync(context.HttpContext.User, policy);

                    if(!result.Succeeded)
                    {
                        context.Result = new UnauthorizedResult(); // new ForbidResult();

                        return;
                    }

                }
             }
             else
             {
                foreach(string policy in list)
                {
                     AuthorizationResult result = await authorizationService.AuthorizeAsync(context.HttpContext.User, policy);

                     if(result.Succeeded)
                     {
                         return;
                     }

                }

                context.Result = new UnauthorizedResult(); // new ForbidResult();

                return;
            }
        }

        #endregion
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.Mvc.Filters;

namespace TestServer.Tools

{

/// <summary>

/// 복수 역할 권한 확인 필터

/// </summary>

public class MultipleRoleAuthorizeFilter : IAsyncAuthorizationFilter

{

//////////////////////////////////////////////////////////////////////////////////////////////////// Field

////////////////////////////////////////////////////////////////////////////////////////// Private

#region Field

/// <summary>

/// 권한 서비스

/// </summary>

private readonly IAuthorizationService authorizationService;

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Property

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 정책 리스트 - PolicyList

/// <summary>

/// 정책 리스트

/// </summary>

public string PolicyList { get; private set; }

#endregion

#region AND 적용 여부 - ApplyAnd

/// <summary>

/// AND 적용 여부

/// </summary>

public bool ApplyAnd { get; private set; }

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Constructor

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 생성자 - MultipleRoleAuthorizeFilter(policyList, applyAnd, authorizationService)

/// <summary>

/// 생성자

/// </summary>

/// <param name="policyList">정책 리스트</param>

/// <param name="applyAnd">AND 적용 여부</param>

/// <param name="authorizationService">권한 서비스</param>

public MultipleRoleAuthorizeFilter(string policyList, bool applyAnd, IAuthorizationService authorizationService)

{

this.authorizationService = authorizationService;

PolicyList = policyList;

ApplyAnd = applyAnd;

}

#endregion

//////////////////////////////////////////////////////////////////////////////////////////////////// Method

////////////////////////////////////////////////////////////////////////////////////////// Public

#region 권한 확인시 처리하기 (비동기) - OnAuthorizationAsync(context)

/// <summary>

/// 권한 확인시 처리하기 (비동기)

/// </summary>

/// <param name="context">컨텍스트</param>

/// <returns>태스크</returns>

public async Task OnAuthorizationAsync(AuthorizationFilterContext context)

{

List<string> list = PolicyList.Split(";").ToList();

if(ApplyAnd)

{

foreach(string policy in list)

{

AuthorizationResult result = await authorizationService.AuthorizeAsync(context.HttpContext.User, policy);

if(!result.Succeeded)

{

context.Result = new UnauthorizedResult(); // new ForbidResult();

return;

}

else

{

foreach(string policy in list)

{

AuthorizationResult result = await authorizationService.AuthorizeAsync(context.HttpContext.User, policy);

if(result.Succeeded)

{

return;

}

context.Result = new UnauthorizedResult(); // new ForbidResult();

return;

}

#endregion

}

icodebroker

[C#/ASP.NET MVC/.NET5] TypeFilterAttribute 클래스 : 복수 역할 권한 확인 어트리뷰트 사용하기