public void Authorize(ref MessageRpc rpc)
{
if (TD.DispatchMessageBeforeAuthorizationIsEnabled())
{
TD.DispatchMessageBeforeAuthorization(rpc.EventTraceActivity);
}
SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(rpc.Request);
security.ExternalAuthorizationPolicies = this.externalAuthorizationPolicies;
ServiceAuthorizationManager serviceAuthorizationManager = this.serviceAuthorizationManager ?? DefaultServiceAuthorizationManager;
bool outputTiming = DS.AuthorizationIsEnabled();
Stopwatch sw = null;
if (outputTiming)
{
sw = Stopwatch.StartNew();
}
try
{
if (!serviceAuthorizationManager.CheckAccess(rpc.OperationContext, ref rpc.Request))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException());
}
if (outputTiming)
{
DS.Authorization(this.serviceAuthorizationManager.GetType(), true, sw.Elapsed);
}
}
catch (Exception ex)
{
if (Fx.IsFatal(ex))
{
throw;
}
if (outputTiming)
{
DS.Authorization(this.serviceAuthorizationManager.GetType(), false, sw.Elapsed);
}
if (PerformanceCounters.PerformanceCountersEnabled)
{
PerformanceCounters.AuthorizationFailed(rpc.Operation.Name);
}
if (AuditLevel.Failure == (this.serviceAuthorizationAuditLevel & AuditLevel.Failure))
{
try
{
string primaryIdentity;
string authContextId = null;
AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
if (authContext != null)
{
primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
authContextId = authContext.Id;
}
else
{
primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
authContextId = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationFailureEvent(this.auditLogLocation,
this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
primaryIdentity, authContextId,
serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name,
ex);
}
#pragma warning suppress 56500
catch (Exception auditException)
{
if (Fx.IsFatal(auditException))
{
throw;
}
DiagnosticUtility.TraceHandledException(auditException, TraceEventType.Error);
}
}
throw;
}
if (AuditLevel.Success == (this.serviceAuthorizationAuditLevel & AuditLevel.Success))
{
string primaryIdentity;
string authContextId;
AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
if (authContext != null)
{
primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
authContextId = authContext.Id;
}
else
{
primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
authContextId = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationSuccessEvent(this.auditLogLocation,
this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
primaryIdentity, authContextId,
serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name);
}
}
