AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor authentication schemes for sender and receiver

Browse Source 
Updated `AuthScheme` to introduce a distinct `Sender` scheme
and renamed the `Receiver` scheme for clarity. Updated
`Program.cs` to use the new `Sender` scheme in JWT
authentication and explicitly associate authentication
schemes with `Sender` and `Receiver` policies. Removed the
deprecated `AuthPolicy.ReceiverTFA` policy. These changes
improve the separation and maintainability of authentication
and authorization logic.
This commit is contained in:
tekh
2026-06-10 22:25:02 +02:00
parent a6e174e7c1
commit d828a5bfe2
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
EnvelopeGenerator.API/AuthScheme.cs
View File

@@ -8,5 +8,10 @@ public static class AuthScheme
/// <summary> /// <summary>
/// Scheme name used for per-envelope receiver JWT authentication. /// Scheme name used for per-envelope receiver JWT authentication.
/// </summary> /// </summary>
public const string Receiver = "EnvelopeGenerator.API.EnvelopeReceiverJwt"; public const string Receiver = "EnvelopeGenerator.API.ReceiverJWT";
/// <summary>
/// Scheme name used for per-envelope sender JWT authentication.
/// </summary>
public const string Sender = "EnvelopeGenerator.API.SenderJWT";
} }

8
EnvelopeGenerator.API/Program.cs
View File

@@ -136,7 +136,7 @@ try
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}) })
.AddJwtBearer(opt => .AddJwtBearer(AuthScheme.Sender, opt =>
{ {
opt.TokenValidationParameters = new TokenValidationParameters opt.TokenValidationParameters = new TokenValidationParameters
{ {
@@ -240,13 +240,13 @@ try
builder.Services.AddAuthorizationBuilder() builder.Services.AddAuthorizationBuilder()
.AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full)) .AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full))
.AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender)) .AddPolicy(AuthPolicy.Sender, policy => policy
.RequireRole(Role.Sender)
.AddAuthenticationSchemes(AuthScheme.Sender))
.AddPolicy(AuthPolicy.Receiver, policy => policy .AddPolicy(AuthPolicy.Receiver, policy => policy
.AddAuthenticationSchemes(AuthScheme.Receiver) .AddAuthenticationSchemes(AuthScheme.Receiver)
.RequireAuthenticatedUser() .RequireAuthenticatedUser()
.RequireRole(Role.Receiver.Full, "receiver")) .RequireRole(Role.Receiver.Full, "receiver"))
.AddPolicy(AuthPolicy.ReceiverTFA, policy => policy.RequireRole(Role.Receiver.TFA)); .AddPolicy(AuthPolicy.ReceiverTFA, policy => policy.RequireRole(Role.Receiver.TFA));
// User manager // User manager