feat: initial example

.gitignore

@@ -0,0 +1,28 @@
+build/
+dist/
+tools/
+reports/
+[Bb]in/
+[Oo]bj/
+TestResults/
+PrecompiledWeb/
+build/CommonAssemblyInfo.cs
+src/packages/
+artifacts
+lib
+*.gpState
+*.suo
+*.user
+*[Rr]e[Ss]harper*
+*.cache
+UpgradeLog.XML
+_UpgradeReport_Files/
+*.bak
+*.log
+*.log.*
+TestResult.xml
+node_modules
+yarn-error.log
+.yarnclean
+.vs
+*.orig

src/Examples.Authorization.sln

@@ -0,0 +1,37 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26124.0
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Examples.Authorization", "Examples.Authorization\Examples.Authorization.csproj", "{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|x64.Build.0 = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Debug|x86.Build.0 = Debug|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|Any CPU.Build.0 = Release|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|x64.ActiveCfg = Release|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|x64.Build.0 = Release|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|x86.ActiveCfg = Release|Any CPU
+		{78BA915F-2AF5-4DF6-8BA1-1CACF522B330}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {166EDC00-27D2-4463-A21D-272CF3EA022A}
+	EndGlobalSection
+EndGlobal

src/Examples.Authorization/Controllers/HomeController.cs

@@ -0,0 +1,43 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Examples.Authorization.Models;
+
+namespace Examples.Authorization.Controllers
+{
+    public class HomeController : Controller
+    {
+        public IActionResult Index()
+        {
+            return View();
+        }
+
+        public IActionResult About()
+        {
+            ViewData["Message"] = "Your application description page.";
+
+            return View();
+        }
+
+        public IActionResult Contact()
+        {
+            ViewData["Message"] = "Your contact page.";
+
+            return View();
+        }
+
+        public IActionResult Privacy()
+        {
+            return View();
+        }
+
+        [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
+        public IActionResult Error()
+        {
+            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
+        }
+    }
+}

src/Examples.Authorization/Controllers/MyController.cs

@@ -0,0 +1,51 @@
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace Examples.Authorization.Controllers
+{
+    public class MyClaimTypes
+    {
+        public const string Permission = "namespace.permissions";
+    }
+
+    public class ClaimRequirementAttribute : TypeFilterAttribute
+    {
+        public ClaimRequirementAttribute(string claimType, string claimValue) : base(typeof(ClaimRequirementFilter))
+        {
+            Arguments = new object[] { new Claim(claimType, claimValue) };
+        }
+    }
+
+    public class ClaimRequirementFilter : IAuthorizationFilter
+    {
+        readonly Claim _claim;
+
+        public ClaimRequirementFilter(Claim claim)
+        {
+            _claim = claim;
+        }
+
+        public void OnAuthorization(AuthorizationFilterContext context)
+        {
+            var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
+            if (!hasClaim)
+            {
+                context.Result = new ForbidResult();
+            }
+        }
+    }
+
+
+    [Route("api/resource")]
+    public class MyController : Controller
+    {
+        [ClaimRequirement(MyClaimTypes.Permission, "CanReadResource")]
+        [HttpGet]
+        public IActionResult GetResource()
+        {
+            return Ok();
+        }
+    }
+}

src/Examples.Authorization/Examples.Authorization.csproj

@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+</Project>

src/Examples.Authorization/Models/ErrorViewModel.cs

@@ -0,0 +1,11 @@
+using System;
+
+namespace Examples.Authorization.Models
+{
+    public class ErrorViewModel
+    {
+        public string RequestId { get; set; }
+
+        public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
+    }
+}

src/Examples.Authorization/Program.cs

@@ -0,0 +1,24 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+
+namespace Examples.Authorization
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            CreateWebHostBuilder(args).Build().Run();
+        }
+
+        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
+            WebHost.CreateDefaultBuilder(args)
+                .UseStartup<Startup>();
+    }
+}

src/Examples.Authorization/Properties/launchSettings.json

@@ -0,0 +1,27 @@
+{
+  "iisSettings": {
+    "windowsAuthentication": false, 
+    "anonymousAuthentication": true, 
+    "iisExpress": {
+      "applicationUrl": "http://localhost:40659",
+      "sslPort": 44300
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "Examples.Authorization": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:5001;http://localhost:5000",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/Examples.Authorization/Startup.cs

@@ -0,0 +1,63 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpsPolicy;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Examples.Authorization
+{
+    public class Startup
+    {
+        public Startup(IConfiguration configuration)
+        {
+            Configuration = configuration;
+        }
+
+        public IConfiguration Configuration { get; }
+
+        // This method gets called by the runtime. Use this method to add services to the container.
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.Configure<CookiePolicyOptions>(options =>
+            {
+                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
+                options.CheckConsentNeeded = context => true;
+                options.MinimumSameSitePolicy = SameSiteMode.None;
+            });
+
+
+            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
+        }
+
+        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
+        {
+            if (env.IsDevelopment())
+            {
+                app.UseDeveloperExceptionPage();
+            }
+            else
+            {
+                app.UseExceptionHandler("/Home/Error");
+                app.UseHsts();
+            }
+
+            app.UseHttpsRedirection();
+            app.UseStaticFiles();
+            app.UseCookiePolicy();
+
+            app.UseMvc(routes =>
+            {
+                routes.MapRoute(
+                    name: "default",
+                    template: "{controller=Home}/{action=Index}/{id?}");
+            });
+        }
+    }
+}

src/Examples.Authorization/Views/Home/About.cshtml

@@ -0,0 +1,7 @@
+@{
+    ViewData["Title"] = "About";
+}
+<h2>@ViewData["Title"]</h2>
+<h3>@ViewData["Message"]</h3>
+
+<p>Use this area to provide additional information.</p>

src/Examples.Authorization/Views/Home/Contact.cshtml

@@ -0,0 +1,17 @@
+@{
+    ViewData["Title"] = "Contact";
+}
+<h2>@ViewData["Title"]</h2>
+<h3>@ViewData["Message"]</h3>
+
+<address>
+    One Microsoft Way<br />
+    Redmond, WA 98052-6399<br />
+    <abbr title="Phone">P:</abbr>
+    425.555.0100
+</address>
+
+<address>
+    <strong>Support:</strong> <a href="mailto:[email protected]">Support@example.com</a><br />
+    <strong>Marketing:</strong> <a href="mailto:[email protected]">Marketing@example.com</a>
+</address>