public override void ExecuteCmdlet() { var options = new FilterDenyAssignmentsOptions() { DenyAssignmentId = Id, DenyAssignmentName = DenyAssignmentName, Scope = Scope, ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ServicePrincipalName, Id = ObjectId?.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString() }, ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent, ExcludeAssignmentsForDeletedPrincipals = false }; AuthorizationClient.ValidateScope(options.Scope, true); List <PSDenyAssignment> denyAssignments = PoliciesClient.FilterDenyAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()); WriteObject(denyAssignments, enumerateCollection: true); }
public ReservationManager() { _reservationServices = new ReservationServices(); _sessionServices = new SessionService(); _authorizationClient = new AuthorizationClient(); _loggerService = new LoggerService(); }
public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ServicePrincipalName, Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(), }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString() }, ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent, IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent, ExcludeAssignmentsForDeletedPrincipals = true }; AuthorizationClient.ValidateScope(options.Scope, true); List <PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString()); WriteObject(ra, enumerateCollection: true); }
private static void AddPermissionToRole(string permission, string role) { var permissionItem = ParseAuthorizationItem(permission); var roleItem = ParseAuthorizationItem(role); dynamic roleFromApi; dynamic permissionFromApi; using (var authClient = new AuthorizationClient(HttpClientFactory)) { authClient.SetAccessToken(GetToken("fabric/authorization.read")); roleFromApi = authClient.GetRole(roleItem.Grain, roleItem.SecurableItem, roleItem.Name).Result; System.Console.WriteLine(JsonConvert.SerializeObject(roleFromApi, Formatting.Indented)); permissionFromApi = authClient .GetPermission(permissionItem.Grain, permissionItem.SecurableItem, permissionItem.Name).Result; System.Console.WriteLine(JsonConvert.SerializeObject(permissionFromApi, Formatting.Indented)); } using (var authClient = new AuthorizationClient(HttpClientFactory)) { authClient.SetAccessToken(GetToken("fabric/authorization.write")); var result = authClient.AddPermissionToRole(permissionFromApi[0], roleFromApi[0]).Result; System.Console.WriteLine(result ? "success!" : "Failure"); } }
public override void ExecuteCmdlet() { PSRoleDefinition role = null; if (!string.IsNullOrEmpty(InputFile)) { string fileName = this.TryResolvePath(InputFile); if (!(new FileInfo(fileName)).Exists) { throw new PSArgumentException(string.Format("File {0} does not exist", fileName)); } try { role = JsonConvert.DeserializeObject <PSRoleDefinition>(File.ReadAllText(fileName)); } catch (JsonException) { WriteVerbose("Deserializing the input role definition failed."); throw; } } else { role = Role; } foreach (var scope in role.AssignableScopes) { AuthorizationClient.ValidateScope(scope, false); } WriteObject(PoliciesClient.CreateRoleDefinition(role, RoleDefinitionId)); }
public override void ExecuteCmdlet() { FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions { CustomOnly = Custom.IsPresent ? true : false, Scope = Scope, ResourceIdentifier = new ResourceIdentifier { Subscription = DefaultProfile.DefaultContext.Subscription.Id?.ToString() }, RoleDefinitionId = Id, RoleDefinitionName = Name, }; if (options.Scope == null && options.ResourceIdentifier.Subscription == null) { WriteTerminatingError("No subscription was found in the default profile and no scope was specified. Either specify a scope or use a tenant with a subscription to run the command."); } AuthorizationClient.ValidateScope(options.Scope, true); IEnumerable <PSRoleDefinition> filteredRoleDefinitions = PoliciesClient.FilterRoleDefinitions(options); if (filteredRoleDefinitions?.Count() == 0) { WriteWarning("No role definitions were found with those conditions."); WriteWarning("If the role was created recently keep in mind there's a slight delay between creation and public view."); WriteWarning("Please try again later."); } else { WriteObject(filteredRoleDefinitions, enumerateCollection: true); } }
private async Task <VimeoClient> CreateUnauthenticatedClient() { var authorizationClient = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret); var unauthenticatedToken = await authorizationClient.GetUnauthenticatedTokenAsync(); return(new VimeoClient(unauthenticatedToken.access_token)); }
public override void ExecuteCmdlet() { FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }
protected async Task <VimeoClient> CreateUnauthenticatedClient() { var authorizationClient = new AuthorizationClient(VimeoSettings.ClientId, VimeoSettings.ClientSecret); var unauthenticatedToken = await authorizationClient.GetUnauthenticatedTokenAsync(); return(new VimeoClient(unauthenticatedToken.AccessToken)); }
public UserManagementManager() { _userManagementService = new UserManagementService(); _sessionService = new SessionService(); _claimService = new ClaimService(); _authorizationClient = new AuthorizationClient(); _loggerService = new LoggerService(); }
public RegistryWnd() { InitializeComponent(); client = new AuthorizationClient(); this.btnReg.Click += btnReg_Click; }
/// <summary> /// <para> /// Show <c>GetEntityRights</c> function usage. /// </para> /// </summary> /// <param name="client"> /// <see cref="HermesAuthorizationServiceClient"/> instance. /// </param> private static void GetEntityRights( AuthorizationClient client) { Rights rights = client.GetEntityRights("1", "101", "SomeEntity1"); Assert.AreEqual( rights, Rights.Read | Rights.Insert, "entiry3 should have Execute rights."); }
public RegistryWnd() { InitializeComponent(); client = new AuthorizationClient(); this.btnReg.Click += btnReg_Click; }
public ResponseDTO <Boolean> AddLot(HttpRequest httprequest) { //ResponseDTO<ParkingMasterFrontendDTO> response = loginManager.SessionChecker(httpRequest["token"]); try { var token = httprequest["token"]; ResponseDTO <Session> SessionDTO = _sessionServices.GetSession(new Guid(token)); if (SessionDTO.Data != null) { AuthorizationClient authorizationClient = new AuthorizationClient(); List <ClaimDTO> functionClaims = new List <ClaimDTO>() { new ClaimDTO(new Claim("Action", "AddParkingLot")) }; var username = httprequest["username"]; ResponseDTO <Boolean> authCheck = authorizationClient.Authorize(username, functionClaims); if (authCheck.Data == true) { //String[] arr = httprequest.Form.AllKeys; var ownerid = SessionDTO.Data.UserAccount.Id; var lotname = httprequest["lotname"]; var address = httprequest["address"]; var cost = Double.Parse(httprequest["cost"]); var useraccount = SessionDTO.Data.UserAccount; var spotfile = httprequest.Files["file"]; var mapfile = httprequest.Files["map"]; ResponseDTO <Boolean> response = _lotManagementService.AddLot(ownerid, lotname, address, cost, useraccount, spotfile, mapfile); _loggerService.LogAction(LogConstants.ACTION_REGISTER_LOT, SessionDTO.Data.Id.ToString(), SessionDTO.Data.SessionId.ToString()); return(response); } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.UNAUTHORIZED_ACTION }); } } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.SESSION_NOT_FOUND }); } } catch (Exception e) { return(new ResponseDTO <Boolean>() { Data = false, Error = httprequest.Form + e.ToString() }); } }
/// <summary> /// <para> /// Show <c>CheckRole</c> function usage. /// </para> /// </summary> /// <param name="client"> /// <see cref="HermesAuthorizationServiceClient"/> instance. /// </param> private static void CheckRole(AuthorizationClient client) { Assert.IsTrue( client.CheckRole("1", "101", "Admin"), "Admin Role should been granted"); Assert.IsFalse( client.CheckRole("1", "101", "Employee"), "None Role should not been granted"); }
public MainWindow() { InitializeComponent(); client = new AuthorizationClient(); this.btnLog.Click += btnLog_Click; this.btnInfo.Click += btnInfo_Click; }
public MainWindow() { InitializeComponent(); client = new AuthorizationClient(); this.btnLog.Click += btnLog_Click; this.btnInfo.Click += btnInfo_Click; }
public async Task ShouldCorrectlyGetUnauthenticatedToken() { var client = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret); var token = await client.GetUnauthenticatedTokenAsync(); token.access_token.ShouldNotBeNull(); token.user.ShouldBeNull(); }
private void Form1_Load(object sender, EventArgs e) { client = new AuthorizationClient(); Thread ServerStatus = new Thread(CheckServerStatus); ServerStatus.IsBackground = true; ServerStatus.Start(); }
protected BaseTest(FunctionalTestFixture fixture) { this.fixture = fixture; this._client = new HttpClient { BaseAddress = fixture.BaseUrl }; this._authorizationClient = new AuthorizationClient(this._client); }
public override void ExecuteCmdlet() { PSRoleDefinition roleDefinition = null; string confirmMessage = null; if (this.IsParameterBound(c => c.InputObject)) { var tempId = Guid.Empty; if (!string.IsNullOrEmpty(InputObject.Id) && Guid.TryParse(InputObject.Id, out tempId)) { Id = tempId; } else { Name = InputObject.Name; } } if (Id != Guid.Empty) { confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id); } else { confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name); } FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions { RoleDefinitionId = Id, RoleDefinitionName = Name, Scope = Scope, ResourceIdentifier = new ResourceIdentifier { Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString() } }; AuthorizationClient.ValidateScope(options.Scope, true); ConfirmAction( Force.IsPresent, confirmMessage, ProjectResources.RemoveRoleDefinition, Id.ToString(), () => { roleDefinition = PoliciesClient.RemoveRoleDefinition(options); if (PassThru) { WriteObject(roleDefinition); } }); }
public void testDemo() { AuthorizationClient client = new AuthorizationClient( new BasicHttpBinding(), new EndpointAddress( "http://localhost:11111/demo")); CheckEntity(client); CheckRole(client); CheckFunction(client); GetEntityRights(client); }
public async Task <ActionResult> Secure() { var user = User as ClaimsPrincipal; var authClient = new AuthorizationClient(ConfigurationManager.AppSettings["AuthorizationEndpoint"], user); var securityService = new IdentitySecurityService(authClient); ViewBag.IsAdmin = await securityService.IsEdwAdmin(); ViewBag.User = IdentitySecurityService.CurrentUserName; return(View()); }
public async Task VerifyAuthenticatedAccess() { var client = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret); var b = await client.VerifyAccessTokenAsync(_vimeoSettings.AccessToken); b.ShouldBeTrue(); b = await client.VerifyAccessTokenAsync("abadaccesstoken"); b.ShouldBeFalse(); }
private void VerifyInvalidScope(string scope, string error) { try { AuthorizationClient.ValidateScope(scope, false); Assert.True(false); } catch (ArgumentException ex) { Assert.Equal(ex.Message, error); } }
public override void ExecuteCmdlet() { MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this); IEnumerable<PSRoleAssignment> roleAssignments = null; if (this.IsParameterBound(c => c.InputObject)) { Scope = InputObject.Scope; ObjectId = InputObject.ObjectId; RoleDefinitionName = InputObject.RoleDefinitionName; } FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, Id = ObjectId, SPN = ServicePrincipalName }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id }, // we should never expand principal groups in the Delete scenario ExpandPrincipalGroups = false, // never include classic administrators in the Delete scenario IncludeClassicAdministrators = false }; AuthorizationClient.ValidateScope(options.Scope, true); ConfirmAction( string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName), ObjectId, () => { roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.DefaultContext.Subscription.Id); if (PassThru) { WriteObject(roleAssignments, enumerateCollection: true); } }); }
public static async Task SetPhoto() { if (token == null || userId == 0) { return; } var url = await AuthorizationClient.GetPhoto(token, userId); Preference.Set(PhotoKey, url.ToString()); photoSource = ImageSource.FromUri(url); }
public static bool AuthorizeFromUrl(Uri url) { var result = AuthorizationClient.SetUserFromUrl(url); if (result.HasValue) { Token = result.Value.Token; UserId = result.Value.UserId; } return(result.HasValue); }
/// <summary> /// <para> /// Show <c>CheckEntity</c> function usage. /// </para> /// </summary> /// <param name="client"> /// <see cref="HermesAuthorizationServiceClient"/> instance. /// </param> private static void CheckEntity( AuthorizationClient client) { Assert.IsTrue( client.CheckEntity("1", "101", "SomeEntity1", Rights.Read), "entity1 should have read rights."); Assert.IsFalse(client.CheckEntity( "1", "101", "SomeEntity2", Rights.Read), "entity2 should not have read rights."); Assert.IsTrue( client.CheckEntity("1", "101", "SomeEntity2", Rights.Update), "entity2 should have update rights."); }
public override void ExecuteCmdlet() { if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion)) { if (!string.IsNullOrEmpty(Condition)) { ConditionVersion = "2.0"; WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'"); } else { WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty.")); return; } } double _conditionVersion = double.Parse((ConditionVersion ?? "2.0")); if (_conditionVersion < 2.0) { WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0")); return; } FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions() { Scope = Scope, RoleDefinitionName = RoleDefinitionName, RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(), ADObjectFilter = new ADObjectFilterOptions { UPN = SignInName, SPN = ApplicationId, Id = ObjectId, }, ResourceIdentifier = new ResourceIdentifier() { ParentResource = ParentResource, ResourceGroupName = ResourceGroupName, ResourceName = ResourceName, ResourceType = ResourceType, Subscription = DefaultProfile.DefaultContext.Subscription.Id, }, CanDelegate = AllowDelegation.IsPresent ? true : false, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion, }; AuthorizationClient.ValidateScope(parameters.Scope, false); WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId)); }
public void Constructor_HttpClientBase_DoesNotAppendsForwardSlash() { // Arrange var url = "http://example.com/authorization2/"; var newHttpClient = new HttpClient(); newHttpClient.BaseAddress = new Uri(url); // Act var newSubject = new AuthorizationClient(newHttpClient); // Assert Assert.Equal(url, newHttpClient.BaseAddress.OriginalString); }
private AuthorizationClient AuthorizationClient() { var webClient = new CookieWebClient(); var basePath = new ApplicationBasePath( protocolPrefix: "https://", site: options.AlbaHost, applicationPath: "/alba"); var client = new AuthorizationClient( webClient: webClient, basePath: basePath); return(client); }