public void Authorize(ref MessageRpc rpc)
{
if (TD.DispatchMessageBeforeAuthorizationIsEnabled())
{
TD.DispatchMessageBeforeAuthorization(rpc.EventTraceActivity);
}
SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(rpc.Request);
security.ExternalAuthorizationPolicies = this.externalAuthorizationPolicies;
ServiceAuthorizationManager serviceAuthorizationManager = this.serviceAuthorizationManager ?? DefaultServiceAuthorizationManager;
try
{
if (!serviceAuthorizationManager.CheckAccess(rpc.OperationContext, ref rpc.Request))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException());
}
}
catch (Exception ex)
{
if (Fx.IsFatal(ex))
{
throw;
}
if (PerformanceCounters.PerformanceCountersEnabled)
{
PerformanceCounters.AuthorizationFailed(rpc.Operation.Name);
}
if (AuditLevel.Failure == (this.serviceAuthorizationAuditLevel & AuditLevel.Failure))
{
try
{
string primaryIdentity;
string authContextId = null;
AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
if (authContext != null)
{
primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
authContextId = authContext.Id;
}
else
{
primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
authContextId = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationFailureEvent(this.auditLogLocation,
this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
primaryIdentity, authContextId,
serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name,
ex);
}
#pragma warning suppress 56500
catch (Exception auditException)
{
if (Fx.IsFatal(auditException))
{
throw;
}
DiagnosticUtility.TraceHandledException(auditException, TraceEventType.Error);
}
}
throw;
}
if (AuditLevel.Success == (this.serviceAuthorizationAuditLevel & AuditLevel.Success))
{
string primaryIdentity;
string authContextId;
AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
if (authContext != null)
{
primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
authContextId = authContext.Id;
}
else
{
primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
authContextId = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationSuccessEvent(this.auditLogLocation,
this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
primaryIdentity, authContextId,
serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name);
}
}
public void Authorize(ref MessageRpc rpc)
{
SecurityMessageProperty orCreate = SecurityMessageProperty.GetOrCreate(rpc.Request);
orCreate.ExternalAuthorizationPolicies = this.externalAuthorizationPolicies;
ServiceAuthorizationManager manager = this.serviceAuthorizationManager ?? DefaultServiceAuthorizationManager;
try
{
if (!manager.CheckAccess(rpc.OperationContext, ref rpc.Request))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException());
}
}
catch (Exception exception)
{
if (Fx.IsFatal(exception))
{
throw;
}
if (PerformanceCounters.PerformanceCountersEnabled)
{
PerformanceCounters.AuthorizationFailed(rpc.Operation.Name);
}
if (AuditLevel.Failure == (this.serviceAuthorizationAuditLevel & AuditLevel.Failure))
{
try
{
string identityNamesFromContext;
string authContextId = null;
AuthorizationContext authorizationContext = orCreate.ServiceSecurityContext.AuthorizationContext;
if (authorizationContext != null)
{
identityNamesFromContext = System.ServiceModel.Security.SecurityUtils.GetIdentityNamesFromContext(authorizationContext);
authContextId = authorizationContext.Id;
}
else
{
identityNamesFromContext = System.ServiceModel.Security.SecurityUtils.AnonymousIdentity.Name;
authContextId = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationFailureEvent(this.auditLogLocation, this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action, identityNamesFromContext, authContextId, (manager == DefaultServiceAuthorizationManager) ? "<default>" : manager.GetType().Name, exception);
}
catch (Exception exception2)
{
if (Fx.IsFatal(exception2))
{
throw;
}
DiagnosticUtility.ExceptionUtility.TraceHandledException(exception2, TraceEventType.Error);
}
}
throw;
}
if (AuditLevel.Success == (this.serviceAuthorizationAuditLevel & AuditLevel.Success))
{
string name;
string id;
AuthorizationContext authContext = orCreate.ServiceSecurityContext.AuthorizationContext;
if (authContext != null)
{
name = System.ServiceModel.Security.SecurityUtils.GetIdentityNamesFromContext(authContext);
id = authContext.Id;
}
else
{
name = System.ServiceModel.Security.SecurityUtils.AnonymousIdentity.Name;
id = "<null>";
}
SecurityAuditHelper.WriteServiceAuthorizationSuccessEvent(this.auditLogLocation, this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action, name, id, (manager == DefaultServiceAuthorizationManager) ? "<default>" : manager.GetType().Name);
}
}
