private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity)
{
List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
if (identities.Count == 0)
throw new SecurityException("Authorization failed, identity missing from evaluation context.");
identity = new CustomIdentity(identities[0].Name);
// TODO: check identity against credential store and
// determine the appropriate claims to allocate
// NOTE: in this sample, only partner certificates are provided,
// and at this point have passed authorization, so we will grant
// all custom claims
List<Claim> listClaims = new List<Claim>();
listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty));
return new DefaultClaimSet(this.m_issuer, listClaims);
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get claims from authorized issuer
ClaimSet issuedClaims = null;
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
// If the issuer of the ClaimSet is this STS...
if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey")))
{
issuedClaims = cs;
}
}
if (issuedClaims == null)
{
throw new SecurityException("Unable to authenticate caller. Invalid claimset provided.");
}
CustomIdentity identity = new CustomIdentity("Claims");
CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims);
evaluationContext.Properties["Principal"] = newPrincipal;
return true;
}
