/// <summary>
        /// Evaluates the specified authority against the specified context.
        /// </summary>
        /// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param>
        /// <param name="ruleName">Must be a string that is the name of the rule to evaluate.</param>
        /// <returns><c>true</c> if the expression evaluates to true,
        /// otherwise <c>false</c>.</returns>
        public bool Authorize(IPrincipal principal, string ruleName)
        {
            if (principal == null)
            {
                throw new ArgumentNullException("principal");
            }
            if (ruleName == null || ruleName.Length == 0)
            {
                throw new ArgumentNullException("ruleName");
            }

            SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, ruleName);

            BooleanExpression booleanExpression = GetParsedExpression(ruleName);

            if (booleanExpression == null)
            {
                throw new AuthorizationRuleNotFoundException(SR.AuthorizationRuleNotFoundMsg(ruleName));
            }

            bool result = booleanExpression.Evaluate(principal);

            if (result == false)
            {
                SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, ruleName);
            }
            return(result);
        }
Beispiel #2
0
        /// <summary>
        /// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O".
        /// </summary>
        /// <param name="principal">Principal object containing a windows identity.</param>
        /// <param name="context">Name of the task or operation to evaluate.</param>
        /// <returns><strong>True</strong> if AzMan evaluates to true,
        /// otherwise <strong>false</strong>.</returns>
        public bool Authorize(IPrincipal principal, string context)
        {
            ArgumentValidation.CheckForNullReference(principal, "principal");
            ArgumentValidation.CheckForNullReference(context, "context");

            SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
            AzManAuthorizationProviderData data = GetConfigurationData();

            string auditIdentifier = data.AuditIdentifierPrefix + principal.Identity.Name + ":" + context;

            bool result    = false;
            bool operation = false;

            if (context.IndexOf(OperationContextPrefix) == 0)
            {
                operation = true;
                context   = context.Substring(OperationContextPrefix.Length);
            }

            if (operation)
            {
                string[] operations = new string[] { context };
                result = CheckAccessOperations(data, auditIdentifier, principal.Identity, operations);
            }
            else
            {
                string[] tasks = new string[] { context };
                result = CheckAccessTasks(data, auditIdentifier, principal.Identity, tasks);
            }

            if (result == false)
            {
                SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
            }
            return(result);
        }
Beispiel #3
0
 private void FireSecurityAuthorizationFailedEvent()
 {
     SecurityAuthorizationFailedEvent.Fire(testMessage, "action");
 }
 private void FireSecurityAuthorizationFailureEvent()
 {
     SecurityAuthorizationFailedEvent.Fire("test", "action");
 }