The following steps can be used to create a custom security requirement if the provided steps do not meet your needs.
Sample
.EndpointSecurityInterfaces.ISecurityRequirement
. Add members to your implementation that will store the configuration of the rule. Name your class {ruleType}Requirement
. Following the example our class would be named SampleRequirement
.EndpointSecurity.Metadata.SecurityRequirements.JsonSecurityRequirementFactory
. The purpose of this class is to take the JSON metadata in the GetRequirement
method and return a configured instance of your ISecurityRequirement
from step 2 that encapsulates it. Following the example, this class should be named SampleJsonSecurityRequirementFactory
.Create a class that inherits EndpointSecurity.SecurityRequirementHandler
. The purpose of this class is to evaluate the requirement and determine if it passes or fails. This parent class is a parameterized type. The type argument should be your class from step 2. Following the example, the class declaration would look like this
public class SampleSecurityRequirementHandler : SecurityRequirementHandler<SampleSecurityRequirement> |
Implement the abstract Handle
method and in its body determine if the requirement is met or not. If it is met, call Succeed
on the SecurityHandlerContext
object. If it is not met you do not need to do anything, as there may be other handlers capable of processing this requirement that could pass it later.
Register the types created in step 2, 3 and 4 with the DI container. Following the example this would be:
container.RegisterType<ISecurityRequirement, SampleRequirement>(typeof(SampleRequirement).FullName); container.RegisterType<JsonSecurityRequirementFactory, SampleJsonSecurityRequirementFactory>(typeof(SampleJsonSecurityRequirementFactory).FullName); container.RegisterType<ISecurityRequirementHandler, SampleSecurityRequirementHandler>(typeof(SampleSecurityRequirementHandler).FullName); |