From ff8e04eafff0160143de484449bbdc9217057a61 Mon Sep 17 00:00:00 2001 From: Maxwell Weru Date: Sun, 5 May 2024 09:08:11 +0300 Subject: [PATCH] Allow using remote Azure IP Networks which allows loading when the application starts (#240) --- .../AuthorizationPolicyBuilderExtensions.cs | 36 +++++++++++++++---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/src/Tingle.AspNetCore.Authorization/AuthorizationPolicyBuilderExtensions.cs b/src/Tingle.AspNetCore.Authorization/AuthorizationPolicyBuilderExtensions.cs index 09c07e7e..027fe13e 100644 --- a/src/Tingle.AspNetCore.Authorization/AuthorizationPolicyBuilderExtensions.cs +++ b/src/Tingle.AspNetCore.Authorization/AuthorizationPolicyBuilderExtensions.cs @@ -91,7 +91,7 @@ public static AuthorizationPolicyBuilder RequireApprovedNetworks(this Authorizat } /// - /// Adds an to the current instance, using Known Azure IPs. + /// Adds an to the current instance, using known Azure IPs that are cached locally. /// Ensure the necessary Authorization and framework services are added to the same collection /// using services.AddApprovedNetworksHandler(...). /// Networks used are retrieved using . @@ -110,12 +110,36 @@ public static AuthorizationPolicyBuilder RequireAzureIPNetworks(this Authorizati AzureIPNetworks.AzureCloud cloud = AzureIPNetworks.AzureCloud.Public, string? service = null, string? region = null) + => builder.RequireAzureIPNetworks(AzureIPNetworks.AzureIPsProvider.Local, cloud, service, region); + + /// + /// Adds an to the current instance, using known Azure IPs from an instance of . + /// Ensure the necessary Authorization and framework services are added to the same collection + /// using services.AddApprovedNetworksHandler(...). + /// Networks used are retrieved using . + /// + /// The instance to add to + /// The to use. + /// The Azure Cloud which to allow. + /// + /// (Optional) The name of the service whose IP ranges to allow. + /// When not provided(null), IPs from all services are added. + /// + /// + /// (Optional) The name of the region whose IP ranges to allow. + /// When not provided(null), IPs from all regions are added. + /// + public static AuthorizationPolicyBuilder RequireAzureIPNetworks(this AuthorizationPolicyBuilder builder, + AzureIPNetworks.AzureIPsProvider provider, + AzureIPNetworks.AzureCloud cloud = AzureIPNetworks.AzureCloud.Public, + string? service = null, + string? region = null) { - var networks = AzureIPNetworks.AzureIPsProvider.Local.GetNetworksAsync(cloud, service, region) - .AsTask() - .GetAwaiter() - .GetResult() - .ToArray(); + var networks = provider.GetNetworksAsync(cloud, service, region) + .AsTask() + .GetAwaiter() + .GetResult() + .ToArray(); // create the requirement and add it to the builder return builder.RequireApprovedNetworks(networks);