//
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customstate = null;
// If state is null, then this method has not been called before so
// set up a custom state.
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
{
customstate = (CustomAuthState)state;
}
Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");
// If we've not added claims yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of Claims.
IList <Claim> claims = new List <Claim>();
// Iterate through each of the claimsets in the evaluation context.
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
// Look for Name claims in the current claimset.
foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
{
// Get the list of operations the given username is allowed to call.
foreach (string s in GetAllowedOpList(c.Resource.ToString()))
{
// Add claims to the list.
claims.Add(new Claim("http://example.org/claims/allowedoperation",
s, Rights.PossessProperty));
Console.WriteLine("Claim added {0}", s);
}
}
}
// Add claims to the evaluation context.
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
// Record that claims have been added.
customstate.ClaimsAdded = true;
// Return true, indicating the method need not be called again.
bRet = true;
}
else
{
// Should never get here, but just in case...
bRet = true;
}
return(bRet);
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customstate = null;
// If state is null, then we've not been called before so we need
// to set up our custom state
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
customstate = (CustomAuthState)state;
Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");
// If we've not added claims yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of Claims
IList<Claim> claims = new List<Claim>();
// Iterate through each of the claimsets in the evaluation context
foreach (ClaimSet cs in evaluationContext.ClaimSets)
// Look for Name claims in the current claimset...
foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
// Get the list of operations the given username is allowed to call...
foreach (string s in GetAllowedOpList(c.Resource.ToString()))
{
// Check numbers aren't too large
// Add claims to the list
claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
Console.WriteLine("Claim added {0}", s);
}
// Add claims to the evaluation context
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
// record that we've added claims
customstate.ClaimsAdded = true;
// return true, indicating we do not need to be called again.
bRet = true;
}
else
{
// Should never get here, but just in case...
bRet = true;
}
return bRet;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
CustomAuthState customstate;
// If the state is null, then this has not been called before so
// set up a custom state.
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
{
customstate = (CustomAuthState)state;
}
bool bRet;
// If claims have not been added yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of claims.
IList <Claim> claims = new List <Claim>
{
new Claim("http://tempuri.org/claims/allowedoperation", "http://tempuri.org/IEchoService/EchoString", Rights.PossessProperty),
new Claim("http://tempuri.org/claims/allowedoperation", "http://tempuri.org/IEchoService/ComplexEcho", Rights.PossessProperty)
};
evaluationContext.AddClaimSet(this, new DefaultClaimSet(Issuer, claims));
// Record that claims were added.
customstate.ClaimsAdded = true;
// Return true, indicating that this method does not need to be called again.
bRet = true;
}
else
{
// Should never get here, but just in case, return true.
bRet = true;
}
return(bRet);
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customAuthState = null;
// If state is null, then this method has not been called before, so
// set up a custom state.
if (state == null)
{
customAuthState = new CustomAuthState();
state = customAuthState;
}
else
{
customAuthState = (CustomAuthState)state;
}
// If claims have not been added yet...
if (!customAuthState.ClaimsAdded)
{
// helpful class for processing certificates
X509CertificateClaimSet certClaimSet = null;
// look for the client's certificate
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
certClaimSet = cs as X509CertificateClaimSet;
// As of this writing, calling evaluationContext.AddClaimSets
// directly modifies the ClaimSets collection we are enumerating,
// which will result in an exception, so we break out of this loop
// before adding our new ClaimSet
if (null != certClaimSet)
{
break;
}
}
if (null != certClaimSet)
{
// note how we can get access to the client certificate here,
// so if you already know how to program certs in .NET, you're all set
string clientName = certClaimSet.X509Certificate.Subject;
string x509ThumbPrint = certClaimSet.X509Certificate.Thumbprint;
// map the user's name onto a set of claims that represent WSC's entity attributes
ClaimSet newClaimSet = LookupClaimsForWsc(clientName, x509ThumbPrint);
evaluationContext.AddClaimSet(this, newClaimSet);
// Record that claims have been added.
customAuthState.ClaimsAdded = true;
bRet = true;
}
}
else
{
bRet = true;
}
return bRet;
}
