Merge pull request #6 from FBoucher/security

adding security
2026-06-22 03:00:59 +03:00 · 2021-06-17 10:33:14 -04:00
parent 171ed2ff88 480a326613
commit db1723e6da
10 changed files with 132 additions and 17 deletions
@@ -0,0 +1,45 @@
+using System;
+using System.IO;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs;
+using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using System.Security.Claims;
+
+namespace demo.Function
+{
+    public static class HelloYou
+    {
+        [FunctionName("HelloYou")]
+        public static async Task<IActionResult> Run(
+            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = "secured/HelloYou")] HttpRequest req,
+            ILogger log,
+            ClaimsPrincipal principal)
+        {
+            log.LogInformation("C# HTTP trigger function processed a request.");
+
+            bool isClaimValid = true;
+
+            if (principal == null && !principal.Identity.IsAuthenticated)
+            {
+                log.LogWarning("Request was not authenticated.");
+                isClaimValid = false;
+            }
+
+            string name = req.Query["name"];
+
+            string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
+            dynamic data = JsonConvert.DeserializeObject(requestBody);
+            name = name ?? data?.name;
+
+            string responseMessage = string.IsNullOrEmpty(name)
+                ? "This SECURED HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
+                : $"Bonjour Hi, {name}. This SECURED HTTP triggered function executed successfully.";
+
+            return new OkObjectResult(responseMessage);
+        }
+    }
+}
@@ -7,6 +7,7 @@ using Microsoft.Azure.WebJobs.Extensions.Http;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using System.Security.Claims;

 namespace demo.Function
 {
@@ -14,11 +15,12 @@ namespace demo.Function
    {
        [FunctionName("JustHello")]
        public static async Task<IActionResult> Run(
-            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
-            ILogger log)
+            [HttpTrigger(AuthorizationLevel.Function, "get", "post")] HttpRequest req,
+            ILogger log,
+            ClaimsPrincipal principal)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");
-
+      
            string name = req.Query["name"];

            string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
@@ -26,10 +28,10 @@ namespace demo.Function
            name = name ?? data?.name;

            string responseMessage = string.IsNullOrEmpty(name)
-                ? "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
-                : $"Bonjour Hi, {name}. This HTTP triggered function executed successfully.";
+                ? "This SECURED HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
+                : $"Bonjour Hi, {name}. This SECURED HTTP triggered function executed successfully.";

            return new OkObjectResult(responseMessage);
        }
    }
-}
+}
@@ -1,10 +1,14 @@
-<Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
-    <Found Context="routeData">
-        <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
-    </Found>
-    <NotFound>
-        <LayoutView Layout="@typeof(MainLayout)">
-            <p>Sorry, there's nothing at this address.</p>
-        </LayoutView>
-    </NotFound>
-</Router>
+@using Microsoft.AspNetCore.Components.Authorization
+
+<CascadingAuthenticationState>
+    <Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
+        <Found Context="routeData">
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
+        </Found>
+        <NotFound>
+            <LayoutView Layout="@typeof(MainLayout)">
+                <p>Sorry, there's nothing at this address.</p>
+            </LayoutView>
+        </NotFound>
+    </Router>
+</CascadingAuthenticationState>
@@ -1,5 +1,7 @@
@page "/fetchdata"
@inject HttpClient Http
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize]

 <h1>Weather forecast</h1>

@@ -0,0 +1,26 @@
+@page "/login-providers"
+
+@{
+
+    var providers = new Dictionary<string, string[]>
+    {
+        { "github", new string[3]{ "github", "github", "GitHub"}}, 
+        { "twitter", new string[3]{ "twitter","twitter", "Twitter" }},
+        { "microsoft", new string[3]{ "windows", "aad", "Azure AD" }}
+    };
+}
+
+<h1>Login</h1>
+
+<div class="container">
+    @foreach(var provider in providers)
+    {
+        <div class="row">
+            <div class="col-sm-12 col-md-9 col-lg-6">
+                <a class="btn btn-block btn-lg btn-social btn-@provider.Key" href="/.auth/login/@provider.Value[1]">
+                    <span class="fa fa-@provider.Value[0]"></span> Sign in with @provider.Value[2]
+                </a>
+            </div>
+        </div>
+    }
+</div>
@@ -0,0 +1,19 @@
+@page "/secured"
+@using Microsoft.AspNetCore.Authorization
+@inject HttpClient Http
+@attribute [Authorize(Roles = "admin")]
+
+<h1>Azure Function Test</h1>
+
+<h2>@result</h2>
+
+@code {
+    private string result = "temp value";
+
+    protected override async Task OnInitializedAsync()
+    {
+        var response = await Http.GetStringAsync("/api/secured/HelloYou?name=cloudies");
+        result = response.ToString();
+    }
+
+}
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
+using Microsoft.Azure.Functions.Authentication.WebAssembly;

 namespace SimpleDemo
 {
@@ -18,6 +19,7 @@ namespace SimpleDemo
            builder.RootComponents.Add<App>("#app");

            builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
+            builder.Services.AddStaticWebAppsAuthentication();

            await builder.Build().RunAsync();
        }
@@ -1,4 +1,5 @@
@inherits LayoutComponentBase
+@using Microsoft.AspNetCore.Components.Authorization

 <div class="page">
    <div class="sidebar">
@@ -7,7 +8,15 @@

    <div class="main">
        <div class="top-row px-4">
-            <a href="http://blazor.net" target="_blank" class="ml-md-auto">About</a>
+            <AuthorizeView>
+                <Authorized>
+                    Hello, @context.User.Identity.Name!
+                    <a href="/.auth/logout?post_logout_redirect_uri=/">Log out</a>
+                </Authorized>
+                <NotAuthorized>
+                    <a href="/login-providers">Log in</a>
+                </NotAuthorized>
+            </AuthorizeView>
        </div>

        <div class="content px-4">
@@ -22,6 +22,11 @@
                <span class="oi oi-list-rich" aria-hidden="true"></span> Fetch data
            </NavLink>
        </li>
+        <li class="nav-item px-3">
+            <NavLink class="nav-link" href="secured">
+                <span class="oi oi-list-rich" aria-hidden="true"></span> Secured
+            </NavLink>
+        </li>
    </ul>
 </div>

@@ -7,6 +7,7 @@
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="5.0.6" />
    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="5.0.6" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.Azure.Functions.Authentication.WebAssembly" Version="1.0.1-preview" />
    <PackageReference Include="System.Net.Http.Json" Version="5.0.0" />
  </ItemGroup>