Authentication Granularity

Question

Authentication Granularity

JacobErnst98 opened this issue 6 years ago · 2 comments

JacobErnst98 commented 6 years ago

Polaris Feature Request

Is your feature request related to a problem? Please describe

Authentication is on start-Polaris not on new-PolarisRoute, this does not provide any granularity to authentication.

Describe the solution you'd like

Move where authentication is set.

Describe alternatives you've considered

Allow custom authentication methods in PowerShell.

Answer 1 · 2018-12-24T13:14:33.000Z

Hi @JacobErnst98,

This is a spot we are unfortunately lacking in documentation, so hopefully just some clarification will be needed. The current setup would expect authentication to be at the app level as you have described but the authorization to be done on a per route or middleware layer.

Something like:

Start-Polaris -Auth IntegratedWindowsAuthentication

New-PolarisGetRoute -Path "/my-user-route" -Scriptblock { 
   if( -not $Request.User.IsInRole("MyUserSecurityGroup") ) {
      $Response.Status = 401
      $Response.Send("Unauthorized")
   } else {
      $Response.Send("Welcome user!")
   }
}

New-PolarisGetRoute -Path "/my-admin-route" -Scriptblock { 
   if( -not $Request.User.IsInRole("MyAdminSecurityGroup") ) {
      $Response.Status = 401
      $Response.Send("Unauthorized")
   } else {
      $Response.Send("Welcome admin!")
   }
}

Is that what you are looking for? If not, and you're looking to switching authentication methods (i.e. ActiveDirectory to Basic) depending on the route could you walk us through a bit more of the scenario you are working with?

Answer 2 · 2018-12-29T20:47:43.000Z

This is exactly the documentation I needed!