jonpsmith / permissionaccesscontrol Goto Github PK

View Code? Open in Web Editor NEW

221.0 24.0 104.0 706 KB

Example code for Authorization articles

Home Page: https://www.thereformedprogrammer.net/a-better-way-to-handle-authorization-in-asp-net-core/

License: MIT License

HTML 23.47% C# 75.19% CSS 1.06% JavaScript 0.28%

permissionaccesscontrol's Introduction

PermissionAccessControl

This is a GitHub repo containing example code that goes with two articles

It contains a ASP.NET Core applications with extra code to implement feature or data authorization. All the ASP.NET Core applications use in-memory databases which are seeded on startup so it should run anywhere.

MIT licence.

Here is a example of the first application, TestWebApp, that covers feature authorization.

Feature authorization

The TestWebApp is the application you can run to try out the feature authorization code in the article A better way to handle authorization in ASP.NET Core.

Select the TestWebApp as your startup application. When you run it you will see a list of users that you can log in as. Here are some comments on these:

[email protected]:
- This user can read the data in the Color controller, but can't change it (you get a "Access denied" error)
- This user has "bought" access to Feature1, so a "Feature1" link is added to the nav block when they log in.
[email protected]:
- This user can read and write the data in the Color controller.
- This user hasn't "bought" access to Feature1, so no "Feature1" link appears for them (and they get an "Access denied" error if you try to access it).

Data authorization

The DataAuthWebApp is the application you can run to try out the data authorization code in the article Handling data authorization ASP.NET Core and Entity Framework Core.

Select the DataAuthWebApp as your startup application. When you run it you will see a list of users that you can log in as. Here are some comments on these:

Any user:
- If you log in you can create some personal data via the "Personal Data" link in the nav block. That data is protected so only the user that created it can see it.
  Remember - its a in-memory database so it loses anything you put in when you stop the application.
Users [email protected], [email protected], [email protected], and [email protected]
- These users can each access to the shops Dress4U, Shirt4U, Tie4U and DressPower respectively. You can list the shop's stock via the "Shop Stock" link in the nav bar.
[email protected]:
- This user is a district manager for the three ...4U shops (but not the DressPower shop) When that user list the stock via the "Shop Stock" link they get the stock of all three shops that they are a manager of. This shows how hierarchical access can be implemented.

permissionaccesscontrol's People

Contributors

Stargazers

Watchers

Forkers

juliopk bcoe-is kovbasiuk-mykhailo cloud9-xx plunix buibup live-asif razvangoga niubilities satishfied chenzuo chrisgate jstott suntosh70 haipk babula38 accountsware alexsandrocruz azkurban unclebuddhabelly strusarj ngocketit nkusibo markchipman kamapcrazy raghavendar jotaoro khan007 krisbednarski tuongntk mehdi-bizolm speedy32129 sagarkrgupta mattijsing placetobejohan umar-qureshi2 sha3feb suntosh dnxit dienlengoc omer-jan bharatdubey ielcoro moh-ari-novan hxw8187 mo-mann jcoleman1979 rhyanvargas huythongmai wedge76 syedbilalali jamesblackap murattdogan abakam ramy-ahmed samuelkoroh lucashbrito kvkaushal1989 minhhieuit m0rt1nhr1st leolelover93 b4ndar alvarigno eskye bioyeneye melihtuna jitendriyag2 tplooker gilianmoa obwill thongbkv rcpacheco aldiyarualiev axelgao ag-csharp sohlinkeong yogeshkad bobetti donhuvy stoffel gluino hesama110 mahmoudkandeel dotnetnutty rlasker-b2w ricardojcasemiro waqas4400 phuongle175 a4medsoft cntsoft nilekshdhimer91 bugraocalan michaelswells mosanogo jamatx38 sudarsan amrnouh joshsmithxrm senthil-curated-ref areisler

permissionaccesscontrol's Issues

_options.AddPolicy is not thread-safe

Because AddPolicy method of AuthorizationOptions is not thread-safe, adding created policies to _options at run-time maybe cause error.
As a workaround, we can use LazyConcurrentDictionary that I use it in DNTFrameworkCore

public class AuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider
{
    private readonly LazyConcurrentDictionary<string, AuthorizationPolicy> _policies =
        new LazyConcurrentDictionary<string, AuthorizationPolicy>(StringComparer.OrdinalIgnoreCase);

    public AuthorizationPolicyProvider(IOptions<AuthorizationOptions> options)
        : base(options)
    {
    }

    public override async Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
    {
        if (!policyName.StartsWith(PermissionConstant.PolicyPrefix, StringComparison.OrdinalIgnoreCase))
        {
            return await base.GetPolicyAsync(policyName);
        }

        var policy = _policies.GetOrAdd(policyName, name =>
        {
            var permissions = policyName.ExtractPermissionsFromPolicyName();

            return new AuthorizationPolicyBuilder()
                .AddRequirements(new PermissionAuthorizationRequirement(permissions))
                .Build();
        });

        return policy;
    }
}

A second operation started on this context

Hi Jon,

I transferred the discussion to GitHub as per your request. Thank you for the quick response.

So, run down of what I've done up to now:

Created and ASP.NET Core application (NetCoreApp 2.2 Framework) without authorization
Scaffolded Identity into the project
Transferred the database from in memory to Azure Hosted SQL
Customized the IdentityUser and added additional roles in a separate class library which is used for setting up the database
Migrated and updated the database
Updated the StartupExtensions code to reference to the User Class Library (this enables me to change the IdentityUser to the CustomUser - without this the StartupExtensions through an error as no instance of IdentityUser is used in the main startup)
Test the coding without seeding the database, it all runs smoothly and I can register new users and sign in.
Changed the Program Main to Async and added the StartupExtention there (as per your updated TestWebApp)
When running the code the following error occurs:

Pop-up in code (In Main App Program.cs at "await webHost.Services.AddUsersAndExtraAuthAsync()":
System.InvalidOperationException: 'A second operation started on this context before a previous operation completed. This is usually caused by different threads using the same instance of DbContext, however instance members are not guaranteed to be thread safe. This could also be caused by a nested query being evaluated on the client, if this is the case rewrite the query avoiding nested invocations.'

On Prompt:
fail: Microsoft.EntityFrameworkCore.Update[10000]
An exception occurred in the database while saving changes for context type 'User.Models.IdentityContext'. (DbContext of Asp Identity)
System.InvalidOperationException: A second operation started on this context before a previous operation completed. This is usually caused by different threads using the same instance of DbContext, however instance members are not guaranteed to be thread safe. This could also be caused by a nested query being evaluated on the client, if this is the case rewrite the query avoiding nested invocations.
at Microsoft.EntityFrameworkCore.Internal.ConcurrencyDetector.EnterCriticalSection()
at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(IReadOnlyList1 entriesToSave, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken) at Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken) System.InvalidOperationException: A second operation started on this context before a previous operation completed. This is usually caused by different threads using the same instance of DbContext, however instance members are not guaranteed to be thread safe. This could also be caused by a nested query being evaluated on the client, if this is the case rewrite the query avoiding nested invocations. at Microsoft.EntityFrameworkCore.Internal.ConcurrencyDetector.EnterCriticalSection() at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(IReadOnlyList1 entriesToSave, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken)
at Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync(Boolean acceptAllChangesOnSuccess, CancellationToken cancellationToken)

jonpsmith / permissionaccesscontrol Goto Github PK

permissionaccesscontrol's Introduction

PermissionAccessControl

Feature authorization

Data authorization

permissionaccesscontrol's People

Contributors

Stargazers

Watchers

Forkers

permissionaccesscontrol's Issues

_options.AddPolicy is not thread-safe

A second operation started on this context

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent