Topaz SDKs - ASP.NET Core middleware - Options
Configuration
The following configuration settings are required for Aserto.AspNetCore middleware. You can add them to your appsettings.json
:
// appsettings.json
"Topaz": {
"PolicyRoot": "YOUR_POLICY_ROOT"
}
The middleware accepts the following optional parameters:
Parameter name | Default value | Description |
---|---|---|
Enabled | true | Enables or disables Aserto Authorization |
ServiceUrl | "https://localhost:8282" | Sets the URL for the authorizer endpoint. |
Decision | "allowed" | The decision that will be used by the middleware when creating an authorizer request. |
AuthorizerApiKey | "" | The authorizer API Key |
TenantID | "" | The Aserto Tenant ID |
Inscure | false | Indicates whether insecure service connections are allowed when using SSL |
PolicyName | "" | The Aserto policy name |
PolicyInstanceLabel | "" | The label of the active policy runtime |
:::info Note
The TenantID
, AuthorizerApiKey
, PolicyName
and PolicyInstanceLabel
are used when using Topaz with Aserto. The values for these settings can be retrieved from the Policy Settings page of your Aserto account.
:::
Identity
To determine the identity of the user, the middleware checks the following Claim types:
Name | Description | URI |
---|---|---|
E-Mail Address | The e-mail address of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Name | The unique name of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Name Identifier | The SAML name identifier of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
These can be overwritten by passing other Claim types to the AsertoDecisionRequirement
:
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
services.AddAuthorization(options =>
{
options.AddPolicy("Aserto", policy =>
policy.Requirements.Add(new AsertoDecisionRequirement(new List<string>
{
"mytype1",
"mytype2"
})));
});
//..
}
URL path to policy mapping
By default, when computing the policy path, the middleware:
- converts all slashes to dots
- converts any character that is not alpha, digit, dot or underscore to underscore
This behavior can be overwritten by providing a custom function to the PolicyPathMapper
AsertoAuthorization option:
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
Configuration.GetSection("Aserto").Bind(options);
options.PolicyPathMapper = (policyRoot, httpRequest) =>
{
return "custom.policy.path";
};
});
//..
}
Resource Mapper
A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware add to the resource context all the route parameters that start with :
.
Resource data can be overwritten by providing a custom function to the ResourceMapper
AsertoAuthorization option
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
options.ResourceMapper = (policyRoot, httpRequest) =>
{
Struct result = new Struct();
result.Fields["asset"] = Value.ForString("megaSeeds");
return result;
};
Configuration.GetSection("Aserto").Bind(options);
});
//..
}