Skip to main content

Topaz SDKs - ASP.NET Core middleware - Options

Configuration

The following configuration settings are required for Aserto.AspNetCore middleware. You can add them to your appsettings.json:

// appsettings.json

"Topaz": {
"PolicyRoot": "YOUR_POLICY_ROOT"
}

The middleware accepts the following optional parameters:

Parameter nameDefault valueDescription
EnabledtrueEnables or disables Aserto Authorization
ServiceUrl"https://localhost:8282"Sets the URL for the authorizer endpoint.
Decision"allowed"The decision that will be used by the middleware when creating an authorizer request.
AuthorizerApiKey""The authorizer API Key
TenantID""The Aserto Tenant ID
InscurefalseIndicates whether insecure service connections are allowed when using SSL
PolicyName""The Aserto policy name
PolicyInstanceLabel""The label of the active policy runtime

:::info Note The TenantID, AuthorizerApiKey, PolicyName and PolicyInstanceLabel are used when using Topaz with Aserto. The values for these settings can be retrieved from the Policy Settings page of your Aserto account. :::

Identity

To determine the identity of the user, the middleware checks the following Claim types:

NameDescriptionURI
E-Mail AddressThe e-mail address of the userhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
NameThe unique name of the userhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Name IdentifierThe SAML name identifier of the userhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

These can be overwritten by passing other Claim types to the AsertoDecisionRequirement:

// Startup.cs

public void ConfigureServices(IServiceCollection services)
{
//..

services.AddAuthorization(options =>
{
options.AddPolicy("Aserto", policy =>
policy.Requirements.Add(new AsertoDecisionRequirement(new List<string>
{
"mytype1",
"mytype2"
})));
});

//..
}

URL path to policy mapping

By default, when computing the policy path, the middleware:

  • converts all slashes to dots
  • converts any character that is not alpha, digit, dot or underscore to underscore

This behavior can be overwritten by providing a custom function to the PolicyPathMapper AsertoAuthorization option:

// Startup.cs

public void ConfigureServices(IServiceCollection services)
{
//..

// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
Configuration.GetSection("Aserto").Bind(options);
options.PolicyPathMapper = (policyRoot, httpRequest) =>
{
return "custom.policy.path";
};
});

//..
}

Resource Mapper

A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware add to the resource context all the route parameters that start with :.

Resource data can be overwritten by providing a custom function to the ResourceMapper AsertoAuthorization option

// Startup.cs

public void ConfigureServices(IServiceCollection services)
{
//..

// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
options.ResourceMapper = (policyRoot, httpRequest) =>
{
Struct result = new Struct();
result.Fields["asset"] = Value.ForString("megaSeeds");

return result;
};
Configuration.GetSection("Aserto").Bind(options);
});
//..
}