protected override bool AuthorizeTokenIssuance(Collection <Claim> resource, IClaimsIdentity id)
{
if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership)
{
var authResult = id.IsAuthenticated;
if (!authResult)
{
Tracing.Error("Authorization for token issuance failed because the user is anonymous");
}
return(authResult);
}
var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection;
var roleResult = false;
foreach (UserGroupConfigElement group in section.UserGroups)
{
roleResult = id.ClaimExists(ClaimTypes.Role, group.UserGroupName);
if (roleResult)
{
break;
}
}
return(roleResult);
}
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this IClaimsIdentity identity, string claimType)
{
Contract.Requires(identity != null);
Contract.Requires(identity.Claims != null);
Contract.Requires(!String.IsNullOrEmpty(claimType));
return(identity.ClaimExists(c =>
c.ClaimType.Equals(claimType, StringComparison.OrdinalIgnoreCase)));
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="identity">The principal.</param>
/// <param name="predicate">The search predicate.</param>
public static void DemandClaim(this IClaimsIdentity identity, Predicate <Claim> predicate)
{
Contract.Requires(identity != null);
Contract.Requires(identity.Claims != null);
Contract.Requires(predicate != null);
if (!identity.ClaimExists(predicate))
{
throw new SecurityException("Demand for Claim failed");
}
}
protected virtual bool AuthorizeAdministration(Collection <Claim> resource, IClaimsIdentity id)
{
var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators);
if (!roleResult)
{
if (resource[0].Value != Constants.Resources.UI)
{
Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerAdministrators));
}
}
return(roleResult);
}
protected override bool AuthorizeAdministration(Collection <Claim> resource, IClaimsIdentity id)
{
var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection;
var roleResult = id.ClaimExists(ClaimTypes.Role, section.AdministrationGroup.AdministrationGroupName);
if (!roleResult)
{
if (resource[0].Value != Constants.Resources.UI)
{
Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, section.AdministrationGroup.AdministrationGroupName));
}
}
return(roleResult);
}
protected override bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id)
{
var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection;
var roleResult = id.ClaimExists(ClaimTypes.Role, section.AdministrationGroup.AdministrationGroupName);
if (!roleResult)
{
if (resource[0].Value != Constants.Resources.UI)
{
Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, section.AdministrationGroup.AdministrationGroupName));
}
}
return roleResult;
}
protected virtual bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id)
{
if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership)
{
var authResult = id.IsAuthenticated;
if (!authResult)
{
Tracing.Error("Authorization for token issuance failed because the user is anonymous");
}
return authResult;
}
var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers);
if (!roleResult)
{
Tracing.Error(string.Format("Authorization for token issuance failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerUsers));
}
return roleResult;
}
protected virtual bool AuthorizeTokenIssuance(Collection <Claim> resource, IClaimsIdentity id)
{
if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership)
{
var authResult = id.IsAuthenticated;
if (!authResult)
{
Tracing.Error("Authorization for token issuance failed because the user is anonymous");
}
return(authResult);
}
var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers);
if (!roleResult)
{
Tracing.Error(string.Format("Authorization for token issuance failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerUsers));
}
return(roleResult);
}
protected override bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id)
{
if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership)
{
var authResult = id.IsAuthenticated;
if (!authResult)
{
Tracing.Error("Authorization for token issuance failed because the user is anonymous");
}
return authResult;
}
var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection;
var roleResult = false;
foreach (UserGroupConfigElement group in section.UserGroups)
{
roleResult = id.ClaimExists(ClaimTypes.Role, group.UserGroupName);
if (roleResult)
break;
}
return roleResult;
}
protected virtual bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id)
{
var configurationRepository = ConfigurationRepositoryFactoryMethod();
if (!configurationRepository.Configuration.EnforceUsersGroupMembership)
{
return id.IsAuthenticated;
}
return (id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers));
}
protected virtual bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id)
{
return (id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators));
}
protected virtual bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id)
{
var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators);
if (!roleResult)
{
if (resource[0].Value != Constants.Resources.UI)
{
Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerAdministrators));
}
}
return roleResult;
}
public static bool HasPermission(this IClaimsIdentity identity, string permission)
{
return(identity.ClaimExists(FractusClaimTypes.Permission, permission));
}
