Added aindows claims Guard into angular application.

alexs0ff · Jul 25, 2019 · 2820f59 · 2820f59
1 parent 3324526
commit 2820f59
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/src/ClientApp/src/app/api-authorization/authorize-windows-group-guard.guard.ts b/src/ClientApp/src/app/api-authorization/authorize-windows-group-guard.guard.ts
@@ -0,0 +1,26 @@
+import { Injectable } from '@angular/core';
+import { Observable } from 'rxjs';
+import { map, tap } from 'rxjs/operators';
+import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router, UrlTree } from '@angular/router';
+import { AuthorizeService } from "./authorize.service";
+import { ApplicationPaths, QueryParameterNames } from './api-authorization.constants';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class AuthorizeWindowsGroupGuardGuard implements CanActivate {
+  constructor(private authorize: AuthorizeService, private router: Router) { }
+
+  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> |
+                                                                          Promise<boolean | UrlTree> |
+                                                                          boolean |
+                                                                          UrlTree {
+    return this.authorize.getUser().pipe(map((u: any) => !!u && !!u.hasUsersGroup)).pipe(tap((isAuthorized: boolean) => this.handleAuthorization(isAuthorized, state)));;
+  }
+
+  private handleAuthorization(isAuthenticated: boolean, state: RouterStateSnapshot) {
+    if (!isAuthenticated) {
+      window.location.href = "/Identity/Account/Login?" + QueryParameterNames.ReturnUrl + "=/";
+    }
+  }
+}
diff --git a/src/ClientApp/src/app/app-routing.module.ts b/src/ClientApp/src/app/app-routing.module.ts
@@ -4,12 +4,13 @@ import { HomeComponent } from "./home/home.component";
 import { DataComponent } from "./data/data.component";
 import { AuthorizeGuard } from "./api-authorization/authorize.guard";
 import { InternalDataComponent } from "./internal-data/internal-data.component";
+import { AuthorizeWindowsGroupGuardGuard } from "./api-authorization/authorize-windows-group-guard.guard";
 
 
 const routes: Routes = [
   { path: '', component: HomeComponent, pathMatch: 'full' },
   { path: 'data', component: DataComponent, canActivate: [AuthorizeGuard] },
-  { path: 'internaldata', component: InternalDataComponent, canActivate: [AuthorizeGuard] }
+  { path: 'internaldata', component: InternalDataComponent, canActivate: [AuthorizeWindowsGroupGuardGuard] }
 ];
 
 

diff --git a/src/Startup.cs b/src/Startup.cs
@@ -2,8 +2,10 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using IdentityServer4.Models;
 using IdentityServer4WebApp.Data;
 using IdentityServer4WebApp.Models;
+using Microsoft.AspNetCore.ApiAuthorization.IdentityServer;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -39,6 +41,15 @@ public void ConfigureServices(IServiceCollection services)
                     {
                         var apiResource = options.ApiResources.First();
                         apiResource.UserClaims = new[] { "hasUsersGroup" };
+
+                        var identityResource = new IdentityResource
+                        {
+                            Name = "customprofile",
+                            DisplayName = "Custom profile",
+                            UserClaims = new[] { "hasUsersGroup" },
+                        };
+                        identityResource.Properties.Add(ApplicationProfilesPropertyNames.Clients, "*");
+                        options.IdentityResources.Add(identityResource);
                     }
                 );