<AuthorizeView Roles="...."> using my own roles instead of Active Directory groups?

Question

I know the following razor code works for AD groups.

<AuthorizeView  Roles="AD_Group1, AD_Group2">

</AuthorizeView>

However, I will need to grant the permission from a json file. In the json file, it defines,

{
  "WindowsUserName1" : [ "My own group 1", "My own group 2" ],
  "WindowsUserName2" : [ "My own group 2", "My own group 3" ],
  ....
}

How to let <AuthorizeView> work with the custom defined grouping?

Answer 1

You can define custom policy to create authorization rules for user groups :

Building custom requirement :

public class UserGroupsRequirement : IAuthorizationRequirement
{
    public string[] Groups { get; }

    public UserGroupsRequirement(string[] groups)
    {
        Groups = groups;
    }
}

Create a handler for requirement. This needs to inherit from AuthorizationHandler<T> where Tis the requirement to be handled :

public class UserGroupsHandler : AuthorizationHandler<UserGroupsRequirement>
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserGroupsRequirement requirement)
    {

        var username = context.User.Claims.FirstOrDefault(c=>c.Type==ClaimTypes.Name).Value;

        var groups = requirement.Groups;

        //read json file and find user's groups and check whether groups inlcude in required groups.

        if (true)
        {
             context.Succeed(requirement);
        }

        return Task.CompletedTask;
    }
}

Register the policy :

services.AddAuthorization(config =>
{
    config.AddPolicy("UserInGroupsAdmin", policy =>
        policy.Requirements.Add(new UserGroupsRequirement(new string[] { "group1"})));
});

services.AddSingleton<IAuthorizationHandler, UserGroupsHandler>();

And you can update the AuthorizeView component to use policy :

<AuthorizeView  Policy="UserInGroupsAdmin">
    <p>You can only see this if you're an admin or superuser.</p>
</AuthorizeView>

Answer 2

You did not mention whether you're using a Blazor WebAssembly or Blazor Server. This distinction is important, especially when Authentication is involved. However, I guess that you're using Blazor Server as it seems to me that you're using WindowsAuthentication, right?

The following are the steps to do it:

1. Create a class that derives from the the AuthenticationStateProvider, and override its GetAuthenticationStateAsyn method. In this method, you should read the content of your JSON file, do whatever verification you need to do, and then return Task<AuthenticationState>. The AuthenticationState constructor gets a ClaimsPrincipal object that should contains all the claims you may create for selected users.

2. The GetAuthenticationStateAsyn method is called by both the CascadingAuthenticationState component, and by the AutherizeRouteView, and both cascade the AutheticationState to child components. The AutherizeView has this property:

   [CascadingParameter] private Task AuthenticationState { get; set; }

Which is defined in AutherizeViewCore, so you must wrap your UI with CascadingAuthenticationState component if you wish to get the AuthenticationState object. It is advisable to wrap the App Router Component with the CascadingAuthenticationState component, so that the AuthenticationState is entirely available through your app, like this:

<CascadingAuthenticationState>
    <Router AppAssembly="typeof(Program).Assembly" Context="routeData">

    </Router>
</CascadingAuthenticationState>

Are you going to use AutherizeView to enable a bar-like UI with Log in Log out user buttons a user name label and an icon ? If not, you should not use the AutherizeView component...

Hope this helps...