Initializing Enforcer
In this part of the tutorial, you will configure the IOC container with the necessary Enforcer based services.
- Add the Rsk.Enforcer.AspNetCore NuGet package to the SecureMVCApp project
- Create a folder called policies in the root of the project
- Navigate to the Startup.cs of the project and configure the services collection to include Enforcer.
- The
AddEnforcerextension method initializes the core framework, including the Policy Decision Point(PDP). This method call identifies the root policy that the PDP will use for making authorization decisions. AddFileSystemPolicyStoreconfigures Enforcer to look for policies in the file system at the location specified.AddPolicyEnforcementPoint, adds PEP support and configures the PEP to treat non-permit/deny results from the PDP as deny. Ensuring that if we don't know, let us deny to be safe.AddClaimsAttributeValueProvider, extends the Policy Information Point to provide the authenticated users identity claims to the PDP.AddDefaultAdviceHandling, required when using[EnforcerAuthorization]attributes, to log any unhandled advice and to return a 403 in the case of a deny outcome.
- The
using Rsk.Enforcer;
using Rsk.Enforcer.AspNetCore;
using Rsk.Enforcer.PEP;
. . .
services
.AddEnforcer("AcmeCorp.Global", options => {
options.Licensee = licensee;
options.LicenseKey = licenseKey;
})
.AddFileSystemPolicyStore("policies")
.AddPolicyEnforcementPoint(o => o.Bias = PepBias.Deny)
.AddClaimsAttributeValueProvider(o => { })
.AddDefaultAdviceHandling();
- Re-run the project; the web site will launch. Note we haven't added any authorization yet.