Creating a Custom Requirement

The following steps can be used to create a custom security requirement if the provided steps do not meet your needs.

  1. Decide on the name for the requirement type and what metadata you will need in the JSON file to configure the requirement. The name of your requirement type will be incorporated into the classes we create to execute the requirement. In this example, we will name our requirement type Sample.
  2. Create a class that implements EndpointSecurityInterfaces.ISecurityRequirement. Add members to your implementation that will store the configuration of the rule. Name your class {ruleType}Requirement. Following the example our class would be named SampleRequirement.
  3. Create a class that inherits EndpointSecurity.Metadata.SecurityRequirements.JsonSecurityRequirementFactory. The purpose of this class is to take the JSON metadata in the GetRequirement method and return a configured instance of your ISecurityRequirement from step 2 that encapsulates it. Following the example, this class should be named SampleJsonSecurityRequirementFactory.
  4. Create a class that inherits EndpointSecurity.SecurityRequirementHandler. The purpose of this class is to evaluate the requirement and determine if it passes or fails. This parent class is a parameterized type. The type argument should be your class from step 2. Following the example, the class declaration would look like this

    public class SampleSecurityRequirementHandler : SecurityRequirementHandler<SampleSecurityRequirement>

    Implement the abstract Handle method and in its body determine if the requirement is met or not. If it is met, call Succeed on the SecurityHandlerContext object. If it is not met you do not need to do anything, as there may be other handlers capable of processing this requirement that could pass it later.

  5. Register the types created in step 2, 3 and 4 with the DI container. Following the example this would be:

    container.RegisterType<ISecurityRequirement, SampleRequirement>(typeof(SampleRequirement).FullName);
    container.RegisterType<JsonSecurityRequirementFactory, SampleJsonSecurityRequirementFactory>(typeof(SampleJsonSecurityRequirementFactory).FullName);
    container.RegisterType<ISecurityRequirementHandler, SampleSecurityRequirementHandler>(typeof(SampleSecurityRequirementHandler).FullName);


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.