Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify authentication in the web application #1259

Closed
tidyui opened this issue Jun 28, 2020 · 1 comment
Closed

Simplify authentication in the web application #1259

tidyui opened this issue Jun 28, 2020 · 1 comment
Assignees
@tidyui
Labels
core enhancement
Milestone
Version 8.4

Comments

@tidyui
Copy link
Member

tidyui commented Jun 28, 2020
edited
Loading

Add middleware as described in the following documentation article to the core framework:

https://piranhacms.org/docs/tutorials/securing-pages
@tidyui tidyui added this to the Version 8.4 milestone Jun 28, 2020
@tidyui
Copy link
Member Author

tidyui commented Jun 29, 2020
edited
Loading

Current solution

The manual way (as described in the article referenced above) includes

  1. Adding Policies & Claims to ASP.NET in ConfigureServices
  2. Adding the claims to the Permission Manager in Configure so they will show up in Piranha
  3. Adding a custom middleware component in Configure for handling redirects.

This gives the following code:

ConfigureServices

public void ConfigureServices(IServiceCollection services)
{
    ...

    // Add custom policies
    services.AddAuthorization(o =>
    {
        // Read secured posts
        o.AddPolicy("ReadSecuredPosts", policy =>
        {
            policy.RequireClaim("ReadSecuredPosts", "ReadSecuredPosts");
        });
    });
}

Configure

public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IApi api)
{
    ...

    // Custom permissions
    App.Permissions["App"].Add(new Piranha.Security.PermissionItem
    {
        Title = "Read secured posts",
        Name = "ReadSecuredPosts"
    });

    // Custom middleware that checks for status 401
    app.Use(async (ctx, next) =>
    {
        await next();

        if (ctx.Response.StatusCode == 401)
        {
            ctx.Response.Redirect("/login");
        }
    });

   ...
}

Proposed solution

Adding a new helper method to the PiranhaServiceBuilder that simplifies the setup for all basic scenarios. The manual code above would be replaced by the following:

ConfigureServices

public void ConfigureServices(IServiceCollection services)
{
    services.AddPiranha(options =>
    {
        ...
        
        options.UseSecurity(o =>
        {
            o.UsePermission("ReadSecuredPosts");
        });
    });
}

Simplifications

The method UsePermission will perform the following:

  1. Add a new Policy to ASP.NET with the given name
  2. Require a single claim with the same name as the Policy
  3. Add a new item into Piranha.App.Permissions with the same name (and optional title)

This means that it won't be supported adding composite policies this way that require several different claims. But as the whole purpose of these methods are to simplify we think this is ok.

@tidyui tidyui changed the title Add middleware component to handle unauthorized page access Add tools to simplify authentication in the web application Jun 29, 2020
@tidyui tidyui changed the title Add tools to simplify authentication in the web application Simplify authentication in the web application Jun 29, 2020
@tidyui tidyui mentioned this issue Jun 29, 2020
Closed
@tidyui tidyui closed this as completed in 05f4141 Jun 30, 2020
tidyui added a commit that referenced this issue Jun 30, 2020
@tidyui
Merge pull request #1261 from PiranhaCMS/features/simplify-authentica…
bf859f3 
…tion

Added core support for authentication. Fixes #1259
@tidyui tidyui self-assigned this Jul 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tidyui tidyui

Labels
core enhancement
Projects
None yet
Milestone
Version 8.4
Development

No branches or pull requests
1 participant
@tidyui