Beispiel #1
0
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (this.claims == null && (ClaimTypes.Sid == claimType || ClaimTypes.DenyOnlySid == claimType))
            {
                if (ClaimTypes.Sid == claimType)
                {
                    if (right == null || Rights.Identity == right)
                    {
                        yield return(new Claim(ClaimTypes.Sid, this.windowsIdentity.User, Rights.Identity));
                    }
                }

                if (right == null || Rights.PossessProperty == right)
                {
                    Claim sid;
                    if (TryCreateWindowsSidClaim(this.windowsIdentity, out sid))
                    {
                        if (claimType == sid.ClaimType)
                        {
                            yield return(sid);
                        }
                    }
                }

                if (this.includeWindowsGroups && (right == null || Rights.PossessProperty == right))
                {
                    for (int i = 0; i < this.Groups.Count; ++i)
                    {
                        Claim sid = this.Groups[i];
                        if (claimType == sid.ClaimType)
                        {
                            yield return(sid);
                        }
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < this.claims.Count; ++i)
                {
                    Claim claim = this.claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType == claim.ClaimType) &&
                        (anyRight || right == claim.Right))
                    {
                        yield return(claim);
                    }
                }
            }
        }
 /// <summary>
 /// Create an object to manage the resources based on a set of claims.
 /// </summary>
 /// <param name="isAuthenticated">Indicates whether the Principal needs to be authenticated.</param>
 /// <param name="requiredClaims">A Set of Claims the Principal must have to use a resource.</param>
 public ClaimsPrincipalPermission(bool isAuthenticated, ClaimSet requiredClaims)
 {
     // Initialize the object
     this.isUnrestricted  = false;
     this.isAuthenticated = isAuthenticated;
     this.requiredClaims  = requiredClaims;
 }
Beispiel #3
0
 protected void Initialize(ClaimSet issuer, IList <Claim> claims)
 {
     this.issuer = issuer;
     foreach (Claim c in claims)
     {
         list.Add(c);
     }
 }
Beispiel #4
0
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (_claims == null && (ClaimTypes.Sid == claimType || ClaimTypes.DenyOnlySid == claimType))
            {
                if (ClaimTypes.Sid == claimType)
                {
                    if (right == null || Rights.Identity == right)
                    {
                        yield return(new Claim(ClaimTypes.Sid, _windowsIdentity.User, Rights.Identity));
                    }
                }

                if (right == null || Rights.PossessProperty == right)
                {
                    Claim sid;
                    if (TryCreateWindowsSidClaim(_windowsIdentity, out sid))
                    {
                        if (claimType == sid.ClaimType)
                        {
                            yield return(sid);
                        }
                    }
                }

                if (_includeWindowsGroups && (right == null || Rights.PossessProperty == right))
                {
                    // Not sure yet if GroupSidClaimCollections are necessary in .NET Core, but default
                    // _includeWindowsGroups is true; don't throw here or we bust the default case on UWP/.NET Core
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < _claims.Count; ++i)
                {
                    Claim claim = _claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType == claim.ClaimType) &&
                        (anyRight || right == claim.Right))
                    {
                        yield return(claim);
                    }
                }
            }
        }
Beispiel #5
0
 protected void Initialize(ClaimSet issuer, IList <Claim> claims)
 {
     if (issuer == null)
     {
         throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
     }
     if (claims == null)
     {
         throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claims");
     }
     this.issuer = issuer;
     this.claims = claims;
 }
Beispiel #6
0
        protected void Initialize(ClaimSet issuer, IList <Claim> claims)
        {
            if (issuer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer");
            }
            if (claims == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claims");
            }

            _issuer = issuer;
            _claims = claims;
        }
Beispiel #7
0
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
            {
                if (right == null || Rights.Identity.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
                }
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
                }
            }
            else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
            {
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    // #321 - Desktop implmentation > 4.6 replaces this with a SAN check
                    string value = _certificate.GetNameInfo(X509NameType.DnsName, false);
                    if (!string.IsNullOrEmpty(value))
                    {
                        yield return(Claim.CreateDnsClaim(value));
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < _claims.Count; ++i)
                {
                    Claim claim = _claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType.Equals(claim.ClaimType)) &&
                        (anyRight || right.Equals(claim.Right)))
                    {
                        yield return(claim);
                    }
                }
            }
        }
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
            {
                if (right == null || Rights.Identity.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
                }
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
                }
            }
            else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
            {
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    // new behavior since this is the default long term behavior
                    string[] entries = GetDnsFromExtensions(_certificate);
                    for (int i = 0; i < entries.Length; ++i)
                    {
                        yield return(Claim.CreateDnsClaim(entries[i]));
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < _claims.Count; ++i)
                {
                    Claim claim = _claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType.Equals(claim.ClaimType)) &&
                        (anyRight || right.Equals(claim.Right)))
                    {
                        yield return(claim);
                    }
                }
            }
        }
        /// <summary>
        /// Create an object to manage the resources based on a set of claims.
        /// </summary>
        /// <param name="state">The allowed permission state (only 'Unrestricted' is allowed).</param>
        public ClaimsPrincipalPermission(PermissionState state)
        {
            // This prevents sloppy programmers from creating an unstable state.  While it may seem superfluous to allow any
            // parameter at all when only the PermissionState.Unrestricted is allowed, it makes the declaration of the permission
            // easier to read.
            if (state != PermissionState.Unrestricted)
            {
                throw new ArgumentException("Only PermissionState.Unrestricted is legal for this constructor");
            }

            // Initialize the object
            this.isUnrestricted  = true;
            this.isAuthenticated = false;
            this.requiredClaims  = new DefaultClaimSet();
        }
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
            {
                if (right == null || Rights.Identity.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
                }
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
                }
            }
            else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
            {
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    foreach (var claim in GetDnsClaims(certificate))
                    {
                        yield return(claim);
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < this.claims.Count; ++i)
                {
                    Claim claim = this.claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType.Equals(claim.ClaimType)) &&
                        (anyRight || right.Equals(claim.Right)))
                    {
                        yield return(claim);
                    }
                }
            }
        }
Beispiel #11
0
 public override IEnumerable <Claim> FindClaims(string claimType, string right)
 {
     this.ThrowIfDisposed();
     if (SupportedClaimType(claimType) && ClaimSet.SupportedRight(right))
     {
         if ((this.claims != null) || !ClaimTypes.Thumbprint.Equals(claimType))
         {
             if ((this.claims == null) && ClaimTypes.Dns.Equals(claimType))
             {
                 if ((right == null) || Rights.PossessProperty.Equals(right))
                 {
                     string nameInfo = this.certificate.GetNameInfo(X509NameType.DnsName, false);
                     if (!string.IsNullOrEmpty(nameInfo))
                     {
                         yield return(Claim.CreateDnsClaim(nameInfo));
                     }
                 }
             }
             else
             {
                 this.EnsureClaims();
                 bool iteratorVariable1 = claimType == null;
                 bool iteratorVariable2 = right == null;
                 for (int i = 0; i < this.claims.Count; i++)
                 {
                     Claim iteratorVariable4 = this.claims[i];
                     if (((iteratorVariable4 != null) && (iteratorVariable1 || claimType.Equals(iteratorVariable4.ClaimType))) && (iteratorVariable2 || right.Equals(iteratorVariable4.Right)))
                     {
                         yield return(iteratorVariable4);
                     }
                 }
             }
         }
         else
         {
             if ((right == null) || Rights.Identity.Equals(right))
             {
                 yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
             }
             if ((right == null) || Rights.PossessProperty.Equals(right))
             {
                 yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
             }
         }
     }
 }
 public override IEnumerable <Claim> FindClaims(string claimType, string right)
 {
     this.ThrowIfDisposed();
     if (SupportedClaimType(claimType) && ClaimSet.SupportedRight(right))
     {
         if ((this.claims != null) || (!(ClaimTypes.Sid == claimType) && !(ClaimTypes.DenyOnlySid == claimType)))
         {
             this.EnsureClaims();
             bool iteratorVariable3 = claimType == null;
             bool iteratorVariable4 = right == null;
             for (int i = 0; i < this.claims.Count; i++)
             {
                 Claim iteratorVariable6 = this.claims[i];
                 if (((iteratorVariable6 != null) && (iteratorVariable3 || (claimType == iteratorVariable6.ClaimType))) && (iteratorVariable4 || (right == iteratorVariable6.Right)))
                 {
                     yield return(iteratorVariable6);
                 }
             }
         }
         else
         {
             Claim iteratorVariable0;
             if ((ClaimTypes.Sid == claimType) && ((right == null) || (Rights.Identity == right)))
             {
                 yield return(new Claim(ClaimTypes.Sid, this.windowsIdentity.User, Rights.Identity));
             }
             if (((right == null) || (Rights.PossessProperty == right)) && (TryCreateWindowsSidClaim(this.windowsIdentity, out iteratorVariable0) && (claimType == iteratorVariable0.ClaimType)))
             {
                 yield return(iteratorVariable0);
             }
             if (this.includeWindowsGroups && ((right == null) || (Rights.PossessProperty == right)))
             {
                 for (int j = 0; j < this.Groups.Count; j++)
                 {
                     Claim iteratorVariable2 = this.Groups[j];
                     if (claimType == iteratorVariable2.ClaimType)
                     {
                         yield return(iteratorVariable2);
                     }
                 }
             }
         }
     }
 }
Beispiel #13
0
 protected void Initialize(ClaimSet issuer, IList <Claim> claims)
 {
     _issuer = issuer ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(issuer));
     _claims = claims ?? throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(claims));
 }
Beispiel #14
0
 public DefaultClaimSet(ClaimSet issuer, IList <Claim> claims)
 {
     Initialize(issuer, claims);
 }
Beispiel #15
0
 public DefaultClaimSet(ClaimSet issuer, params Claim[] claims)
 {
     Initialize(issuer, claims);
 }
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (this.claims == null && ClaimTypes.Thumbprint.Equals(claimType))
            {
                if (right == null || Rights.Identity.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.Identity));
                }
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, this.certificate.GetCertHash(), Rights.PossessProperty));
                }
            }
            else if (this.claims == null && ClaimTypes.Dns.Equals(claimType))
            {
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    // App context switch for disabling support for multiple dns entries in a SAN certificate
                    if (LocalAppContextSwitches.DisableMultipleDNSEntriesInSANCertificate)
                    {
                        // old behavior, default for <= 4.6
                        string value = this.certificate.GetNameInfo(X509NameType.DnsName, false);
                        if (!string.IsNullOrEmpty(value))
                        {
                            yield return(Claim.CreateDnsClaim(value));
                        }
                    }
                    else
                    {
                        // new behavior since this is the default long term behavior
                        string[] entries = GetDnsFromExtensions(certificate);
                        for (int i = 0; i < entries.Length; ++i)
                        {
                            yield return(Claim.CreateDnsClaim(entries[i]));
                        }
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < this.claims.Count; ++i)
                {
                    Claim claim = this.claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType.Equals(claim.ClaimType)) &&
                        (anyRight || right.Equals(claim.Right)))
                    {
                        yield return(claim);
                    }
                }
            }
        }
Beispiel #17
0
        // Note: null string represents any.
        public override IEnumerable <Claim> FindClaims(string claimType, string right)
        {
            ThrowIfDisposed();
            if (!SupportedClaimType(claimType) || !ClaimSet.SupportedRight(right))
            {
                yield break;
            }
            else if (_claims == null && ClaimTypes.Thumbprint.Equals(claimType))
            {
                if (right == null || Rights.Identity.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.Identity));
                }
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    yield return(new Claim(ClaimTypes.Thumbprint, _certificate.GetCertHash(), Rights.PossessProperty));
                }
            }
            else if (_claims == null && ClaimTypes.Dns.Equals(claimType))
            {
                if (right == null || Rights.PossessProperty.Equals(right))
                {
                    // A SAN field can have multiple DNS names
                    string[] dnsEntries = GetDnsFromExtensions(_certificate);
                    if (dnsEntries.Length > 0)
                    {
                        for (int i = 0; i < dnsEntries.Length; ++i)
                        {
                            yield return(Claim.CreateDnsClaim(dnsEntries[i]));
                        }
                    }
                    else
                    {
                        // If no SANs found in certificate, fall back to looking at the CN
                        string value = _certificate.GetNameInfo(X509NameType.DnsName, false);
                        if (!string.IsNullOrEmpty(value))
                        {
                            yield return(Claim.CreateDnsClaim(value));
                        }
                    }
                }
            }
            else
            {
                EnsureClaims();

                bool anyClaimType = (claimType == null);
                bool anyRight     = (right == null);

                for (int i = 0; i < _claims.Count; ++i)
                {
                    Claim claim = _claims[i];
                    if ((claim != null) &&
                        (anyClaimType || claimType.Equals(claim.ClaimType)) &&
                        (anyRight || right.Equals(claim.Right)))
                    {
                        yield return(claim);
                    }
                }
            }
        }
Beispiel #18
0
 static Issuer()
 {
     // This ClaimSet represents the issuer of this policy and will qualify any set of claims.
     Issuer.claimSet = new DefaultClaimSet(Claim.CreateUriClaim(new Uri(Issuer.IssuerUri)),
                                           Claim.CreateNameClaim(Issuer.IssuerName));
 }
Beispiel #19
0
 public DefaultClaimSet(ClaimSet issuer, params Claim[] claims)
 {
     this.issuer = issuer;
     list.AddRange(claims);
 }
Beispiel #20
0
 public DefaultClaimSet(ClaimSet issuer, IList <Claim> claims)
 {
     this.issuer = issuer;
     list.AddRange(claims);
 }