/// <summary>
        /// Convert an <see cref="ActivityAuthorizationSection"/> into a <see cref="AuthorizationScope"/>
        /// </summary>
        /// <param name="authorizationSection"></param>
        /// <returns></returns>
        public static AuthorizationScope ToAuthorizationScope(this ActivityAuthorizationSection authorizationSection)
        {
            var scope = new AuthorizationScope();

            if (authorizationSection == null)
            {
                return(scope);
            }

            var activities = new List <Activity>();

            for (var i = 0; i < authorizationSection.Activities.Count; i++)
            {
                var element = authorizationSection.Activities[i];
                activities.Add(element.ToActivity());
            }

            scope.Name = authorizationSection.Name;
            scope.DefaultAuthorization = authorizationSection.Default;
            scope.DefaultActivity      = authorizationSection.DefaultActivity;
            scope.AllowUnauthenticated = authorizationSection.DefaultAllowUnauthenticated;
            scope.Activities           = activities;

            return(scope);
        }
Beispiel #2
0
        /// <copydoc cref="IAuthorizationScopeProvider.AuthorizationScopeAsync" />
        /// <remarks>Can potentially return duplicate <see cref="Activity"> if multiple providers supply the same activity</see></remarks>
        public async Task <AuthorizationScope> AuthorizationScopeAsync(CancellationToken cancellationToken = default(CancellationToken))
        {
            var scope = new AuthorizationScope
            {
                Name = name
            };

            // Kick them all off
            var tasks = providers.Select(provider => provider.AuthorizationScopeAsync(cancellationToken)).ToList();

            // Wait to finish
            var results = await Task.WhenAll(tasks).ConfigureAwait(false);

            // Now aggregate them
            var activities = new List <Activity>();

            foreach (var result in results)
            {
                if (result == null)
                {
                    // Ignore if we don't get anything
                    continue;
                }

                // Last one wins on the global properties
                if (!string.IsNullOrEmpty(result.DefaultActivity))
                {
                    scope.DefaultActivity = result.DefaultActivity;
                }

                if (result.DefaultAuthorization.HasValue)
                {
                    scope.DefaultAuthorization = result.DefaultAuthorization;
                }

                if (result.AllowUnauthenticated.HasValue)
                {
                    scope.AllowUnauthenticated = result.AllowUnauthenticated;
                }

                activities.AddRange(result.Activities);
            }

            scope.Activities = activities;

            return(scope);
        }
Beispiel #3
0
        /// <copydoc cref="IActivityAuthorizer.IsAuthorizedAsync" />
        public async Task <AuthorizationReason> IsAuthorizedAsync(string resource, string action, IPrincipal principal, IDictionary <string, object> values = null, CancellationToken cancellationToken = default(CancellationToken))
        {
            var scope = await scopeProvider.AuthorizationScopeAsync(cancellationToken).ConfigureAwait(false);

            if (scope == null)
            {
                Logger.Warn("No data returned from scope provider");
                scope = new AuthorizationScope {
                    Name = "Default"
                };
            }

            var activities = scope.Activities.ToDictionary();

            // Get the state for this request
            var defaultAuthorization        = scope.DefaultAuthorization ?? DefaultAuthorization;
            var defaultActivity             = scope.DefaultActivity ?? DefaultActivity;
            var defaultAllowUnauthenticated = scope.AllowUnauthenticated ?? DefaultAllowUnauthenticated;

            // Set up the reason
            var reason = new AuthorizationReason
            {
                Resource  = resource,
                Action    = action,
                Principal = principal,
                // We will always make a decision at this level
                NoDecision   = false,
                IsAuthorized = defaultAuthorization
            };

            // Do a short-circuit check for the unauthenticated state, will be overridden if there is a matching activity
            if (!defaultAllowUnauthenticated && !principal.Identity.IsAuthenticated)
            {
                reason.IsAuthorized = false;
                reason.Reason       = "IsAuthenticated: false";
            }

            // Check the activities
            foreach (var activity in activities.FindActivities(resource, action, defaultActivity))
            {
                var rs = principal.IsAuthorized(activity, defaultAuthorization);
                if (rs.NoDecision)
                {
                    // Try the next one
                    continue;
                }

                // Ok, we have a decision
                reason.IsAuthorized = rs.IsAuthorized;
                reason.Identity     = rs.Identity;

                if (reason.Resource != rs.Resource || reason.Action != rs.Action)
                {
                    // Decided based on some other activity, so say what that was
                    reason.PrincipalReason = rs;
                }
                else
                {
                    // Preserve the reason information
                    reason.Reason = rs.Reason;
                }

                // We are done as we have a decision
                break;
            }

            if (!reason.IsAuthorized)
            {
                Logger.InfoFormat("Failed authorization: User '{0}', Resource: '{1}', Action: '{2}'", principal == null ? "<Unknown>" : principal.Identity.Name, resource, action);
            }

            return(reason);
        }
 public StaticAuthorizationScopeProvider(AuthorizationScope scope)
 {
     this.scope = scope;
 }
Beispiel #5
0
 public static string ToJson(this AuthorizationScope entity)
 {
     return(JsonConvert.SerializeObject(entity, AuthorizationsSettings()));
 }
Beispiel #6
0
 /// <summary>
 /// Creates a new instance of the <see cref="ConfigurationAuthorizationScopeProvider"/> class.
 /// </summary>
 /// <param name="sectionName"></param>
 public ConfigurationAuthorizationScopeProvider(string sectionName = "activityAuthorization")
 {
     section = ActivitySection(sectionName);
     scope   = section.ToAuthorizationScope();
 }