Skip to content

Commit 8c34023

Browse files
derisenderisen
committed
fix indentation
1 parent 88a916c commit 8c34023

File tree

1 file changed

+33
-33
lines changed

1 file changed

+33
-33
lines changed

5-AccessControl/1-call-api-roles/README.md

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -395,52 +395,52 @@ However, it is important to be aware of that no content on a browser application
395395
As mentioned before, in order to **truly** implement **RBAC** and secure data, this sample allows only authorized calls to our web API. We do this by defining access policies and decorating our HTTP methods with them. To do so, we first add `roles` claim as a validation parameter in [Startup.cs](./API/TodoListAPI/Startup.cs), and then we create authorization policies that depends on this claim:
396396

397397
```csharp
398-
// See https://docs.microsoft.com/aspnet/core/security/authorization/roles for more info.
399-
services.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
400-
{
401-
// The claim in the Jwt token where App roles are available.
402-
options.TokenValidationParameters.RoleClaimType = "roles";
403-
});
404-
405-
// Adding authorization policies that enforce authorization using Azure AD roles.
406-
services.AddAuthorization(options =>
407-
{
408-
options.AddPolicy(AuthorizationPolicies.AssignmentToTaskUserRoleRequired, policy => policy.RequireRole(Configuration["AzureAd:Roles:TaskUser"], Configuration["AzureAd:Roles:TaskAdmin"]));
409-
410-
options.AddPolicy(AuthorizationPolicies.AssignmentToTaskAdminRoleRequired, policy => policy.RequireRole(Configuration["AzureAd:Roles:TaskAdmin"]));
411-
});
398+
// See https://docs.microsoft.com/aspnet/core/security/authorization/roles for more info.
399+
services.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
400+
{
401+
// The claim in the Jwt token where App roles are available.
402+
options.TokenValidationParameters.RoleClaimType = "roles";
403+
});
404+
405+
// Adding authorization policies that enforce authorization using Azure AD roles.
406+
services.AddAuthorization(options =>
407+
{
408+
options.AddPolicy(AuthorizationPolicies.AssignmentToTaskUserRoleRequired, policy => policy.RequireRole(Configuration["AzureAd:Roles:TaskUser"], Configuration["AzureAd:Roles:TaskAdmin"]));
409+
410+
options.AddPolicy(AuthorizationPolicies.AssignmentToTaskAdminRoleRequired, policy => policy.RequireRole(Configuration["AzureAd:Roles:TaskAdmin"]));
411+
});
412412
```
413413

414414
We defined these roles in [appsettings.json](./API/TodoListAPI/appsettings.json) as follows:
415415

416416
```json
417-
"Roles": {
417+
"Roles": {
418418
"TaskAdmin": "TaskAdmin",
419419
"TaskUser": "TaskUser"
420-
}
420+
}
421421
```
422422

423423
Finally, in [TodoListController.cs](./API/TodoListAPI/Controllers/TodoListController.cs), we decorate our routes with the appropriate policy:
424424

425425
```csharp
426-
// GET: api/todolist/getAll
427-
[HttpGet]
428-
[Route("getAll")]
429-
[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]
430-
[Authorize(Policy = AuthorizationPolicies.AssignmentToTaskAdminRoleRequired)]
431-
public async Task<ActionResult<IEnumerable<TodoItem>>> GetAll()
432-
{
433-
return await _context.TodoItems.ToListAsync();
434-
}
426+
// GET: api/todolist/getAll
427+
[HttpGet]
428+
[Route("getAll")]
429+
[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]
430+
[Authorize(Policy = AuthorizationPolicies.AssignmentToTaskAdminRoleRequired)]
431+
public async Task<ActionResult<IEnumerable<TodoItem>>> GetAll()
432+
{
433+
return await _context.TodoItems.ToListAsync();
434+
}
435435

436-
// GET: api/TodoItems
437-
[HttpGet]
438-
[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]
439-
[Authorize(Policy = AuthorizationPolicies.AssignmentToTaskUserRoleRequired)]
440-
public async Task<ActionResult<IEnumerable<TodoItem>>> GetTodoItems()
441-
{
442-
return await _context.TodoItems.Where(x => x.Owner == HttpContext.User.GetObjectId()).ToListAsync();
443-
}
436+
// GET: api/TodoItems
437+
[HttpGet]
438+
[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]
439+
[Authorize(Policy = AuthorizationPolicies.AssignmentToTaskUserRoleRequired)]
440+
public async Task<ActionResult<IEnumerable<TodoItem>>> GetTodoItems()
441+
{
442+
return await _context.TodoItems.Where(x => x.Owner == HttpContext.User.GetObjectId()).ToListAsync();
443+
}
444444
```
445445

446446
## Next Steps

0 commit comments

Comments
 (0)