search

PowerShell / Polaris

A cross-platform, minimalist web framework for PowerShell
https://powershell.github.io/Polaris/
MIT License
512 stars 114 forks source link

Authentication Granularity #172

Closed JacobErnst98 closed 5 years ago

JacobErnst98 commented 5 years ago

Polaris Feature Request

Is your feature request related to a problem? Please describe

Authentication is on start-Polaris not on new-PolarisRoute, this does not provide any granularity to authentication.

Describe the solution you'd like

Move where authentication is set.

Describe alternatives you've considered

Allow custom authentication methods in PowerShell.

Tiberriver256 commented 5 years ago

Hi @JacobErnst98,

This is a spot we are unfortunately lacking in documentation, so hopefully just some clarification will be needed. The current setup would expect authentication to be at the app level as you have described but the authorization to be done on a per route or middleware layer.

Something like:

Start-Polaris -Auth IntegratedWindowsAuthentication

New-PolarisGetRoute -Path "/my-user-route" -Scriptblock { 
   if( -not $Request.User.IsInRole("MyUserSecurityGroup") ) {
      $Response.Status = 401
      $Response.Send("Unauthorized")
   } else {
      $Response.Send("Welcome user!")
   }
}

New-PolarisGetRoute -Path "/my-admin-route" -Scriptblock { 
   if( -not $Request.User.IsInRole("MyAdminSecurityGroup") ) {
      $Response.Status = 401
      $Response.Send("Unauthorized")
   } else {
      $Response.Send("Welcome admin!")
   }
}

Is that what you are looking for? If not, and you're looking to switching authentication methods (i.e. ActiveDirectory to Basic) depending on the route could you walk us through a bit more of the scenario you are working with?

JacobErnst98 commented 5 years ago

This is exactly the documentation I needed!