private static void ImperativeUsingPermission()
{
ClaimPermission.CheckAccess(
"ImperativeAction",
"ImperativeResource",
new Claim("http://additionalClaim", "AdditionalResource"));
}
public void OnAuthorization(AuthorizationContext filterContext)
{
ValidateRequestHeader(filterContext.HttpContext.Request);
var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var getFromFilterContext = string.IsNullOrWhiteSpace(ActionName) || string.IsNullOrWhiteSpace(ClaimType);
var action = getFromFilterContext ? filterContext.ActionDescriptor.ActionName : ActionName;
var claimType = getFromFilterContext ? ClaimTypes.ControllerAction : ClaimType;
filterContext.HttpContext.Items["_currentControllerAction"] = controller;
var accessible = ClaimPermission.CheckAccess(claimType, controller, action);
if (accessible)
{
return;
}
if (LogEnabled)
{
IdentityHelper.LogAction(
filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
filterContext.ActionDescriptor.ActionName,
false,
"Unauthorized");
}
filterContext.Result = PrepareUnauthorizedResult(filterContext);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
_stopwatch = new Stopwatch();
_stopwatch.Start();
var service = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var method = actionContext.ActionDescriptor.ActionName;
var isAuthenticated = actionContext.RequestContext.Principal.Identity.IsAuthenticated;
var identityName = isAuthenticated ? actionContext.RequestContext.Principal.Identity.Name : null;
var identityNameExists = !string.IsNullOrWhiteSpace(identityName);
if (isAuthenticated && identityNameExists)
{
if (!ClaimPermission.CheckAccess(ClaimTypes.ExposedService, service, method, identityName))
{
this.HandleUnauthorizedRequest(actionContext);
}
}
else
{
// Log this weird case
if (isAuthenticated && !identityNameExists)
{
log4net.LogManager.GetLogger(nameof(CustomWebApiAuthorizeAttribute)).Warn($"Authenticated user without Identity.Name! Handling as unauthenticated... ({service}/{method})");
}
if (!ClaimPermission.CheckAccess(ClaimTypes.ExposedService, service, method))
{
this.HandleUnauthenticatedRequest(actionContext);
}
}
}
private bool ShouldRun()
{
if (!ClaimPermission.CheckAccess(ClaimTypes.IDEF0Activity, "WorkflowSock", "ReconnectSockets"))
{
IdentityHelper.LogAction("WorkflowSock", "ReconnectSockets", false, "Unauthorized");
throw new UnauthorizedAccessException("You do not have permissions to execute step 'ReconnectSockets' of 'WorkflowSock' Workflow");
}
return(true);
}
