-
Notifications
You must be signed in to change notification settings - Fork 43
Profiles
As of v.2.0 we have greatly improved support for using FluentSecurity in MVC applications using areas. You no longer need to reference areas from your main application in order to the secure controllers. You can now do this using profiles.
Profiles are simply a way for you to split your configuration in to multiple configurations and have them merged at runtime.
This is the class you inherit from when creating a security profile. It requires you to implement a single method called Configure. In the Configure method you secure controllers and controller actions just like you're used to doing in the nested closure of SecurityConfigurator.Configure.
Below is an example of a profile for securing an Admin area:
public class AdminAreaSecurityProfile : SecurityProfile
{
public override void Configure()
{
For<UserAdminController>().RequireRole(UserRole.Administrator)
For<BlogAdminController>().RequireRole(UserRole.Editor)
}
}In essence, SecurityProfile provides you with the same methods as in the nested closure of SecurityConfigurator.Configure with only one difference. When inheriting from SecurityProfile, ForAllControllers refers to all the controllers located in the assembly where the profile is implemented.
The easies way to apply a profile is to call ApplyProfile from your main configuration. In the example below we apply 2 profiles. One that handles securing the Admin area and one that handles securing the Blog area.
SecurityConfigurator.Configure(configuration =>
{
configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
configuration.ApplyProfile<AdminAreaProfile>();
configuration.ApplyProfile<BlogAreaProfile>();
});While this works well for areas hosted in the same application, it will not work for areas hosted in assemblies not reference by the main application. This is what the Scan method is for.
In order to avoid referencing areas from the main application you need to use the Scan method to locate the profiles in your areas.
SecurityConfigurator.Configure(configuration =>
{
configuration.GetAuthenticationStatusFrom(() => HttpContext.Current.User.Identity.IsAuthenticated);
configuration.Scan(scan =>
{
scan.AssembliesFromApplicationBaseDirectory();
scan.LookForProfiles();
});
});In the example above we scan all the assemblies in the application base directory (including bin). Calling LookForProfiles tells FluentSecurity to search for profiles in the located assemblies. FluentSecurity will then apply those profiles in the order that they are found.