public override bool CheckAccess(AuthorizationContext context)
{
string action = context.Action.Single().Value;
string resource = context.Resource.Single().Value;
return context.Principal.HasClaim(resource, action);
}
/// <summary>
/// Checks the authorization policy.
/// </summary>
/// <param name="context">The authorization context.</param>
/// <returns>true when authorized, otherwise false</returns>
public static bool CheckAccess(AuthorizationContext context)
{
Contract.Requires(context != null);
return AuthorizationManager.CheckAccess(context);
}
public override bool CheckAccess(AuthorizationContext context)
{
var action = context.Action.First();
var id = context.Principal.Identities.First();
Tracing.Verbose("Action Type: " + action.Type.ToString());
Tracing.Verbose("Claims: " + string.Join(",", id.Claims.Select(x => x.Type + ": " + x.Value)));
//try{
// Tracing.Verbose("Prinicipal Identity: " + Newtonsoft.Json.JsonConvert.SerializeObject(id));
//}
//catch(Exception e)
//{
// Tracing.Error(e.Message + " " + e.InnerException);
//}
// if application authorization request
if (action.Type.Equals(ClaimsAuthorization.ActionType))
{
Tracing.Information("is application authorization request");
return AuthorizeCore(action, context.Resource, context.Principal.Identity as ClaimsIdentity);
}
// if ws-trust issue request
if (action.Value.Equals(WSTrust13Constants.Actions.Issue))
{
Tracing.Information("is ws-trust request");
return AuthorizeTokenIssuance(new Collection<Claim> { new Claim(ClaimsAuthorization.ResourceType, Constants.Resources.WSTrust) }, id);
}
return base.CheckAccess(context);
}
public override bool CheckAccess(AuthorizationContext context)
{
HttpContext httpContext = HttpContext.Current;
if (httpContext != null)
{
HttpRequest request = httpContext.Request;
var queryParams = request.QueryString;
foreach (var p in queryParams)
{
//do something
}
}
string resource = context.Resource.First().Value;
string action = context.Action.First().Value;
if (action == "Show" && resource == "Code")
{
bool livesInSweden = context.Principal.HasClaim(ClaimTypes.Country, "Sweden");
bool isAndras = context.Principal.HasClaim(ClaimTypes.GivenName, "Andras");
//return isAndras && livesInSweden;
return false;
}
return false;
}
/// <summary>
/// When implemented in a derived class, checks authorization for the subject in the specified context to perform the specified action on the specified resource.
/// </summary>
/// <param name="context">The authorization context that contains the subject, resource, and action for which authorization is to be checked.</param>
/// <returns>
/// true if the subject is authorized to perform the specified action on the specified resource; otherwise, false.
/// </returns>
public override bool CheckAccess(AuthorizationContext context)
{
bool result = false;
// 如果沒有Resource和Operation的情況下,表示可以看
if (context.Resource.Count == 0 && context.Action.Count == 0)
{
return true;
}
if (context.Principal.Identity.IsAuthenticated)
{
string resourceStr = context.Resource.First().Value;
string operationStr = context.Action.First().Value;
ResourceOperationEnum operation = (ResourceOperationEnum)
Enum.Parse(typeof(ResourceOperationEnum), operationStr);
ResourceOperation resourceOperation = new ResourceOperation()
{
ResourceName = resourceStr,
Operation = operation
};
var rolesName = context.Principal.FindAll(x => x.Type == ClaimTypes.Role)
.Select(x => x.Value).ToArray();
result = CheckAccess(context, resourceOperation, rolesName);
}
return result;
}
/// <summary>
/// Checks if the principal specified in the authorization context is authorized to perform action specified in the authorization context
/// on the specified resoure
/// </summary>
/// <param name="pec">Authorization context</param>
/// <returns>true if authorized, false otherwise</returns>
public override bool CheckAccess(AuthorizationContext pec)
{
//
// Evaluate the policy against the claims of the
// principal to determine access
//
bool access;
try
{
//create a new resource object from the requested url claim and action claim
var ra = new ResourceAction(pec.Resource.First().Value, pec.Action.First().Value);
//if the set policies has this resource action run the compiled function to check it
//if(_policies.ContainsKey(ra))
if (_policies.Keys.Count(o => ra.Resource.ToLower().Contains(o.Resource.ToLower())&&o.Action==ra.Action) > 0)
{
//access = _policies[ra](pec.Principal);
access = _policies[_policies.Keys.FirstOrDefault(o => ra.Resource.ToLower().Contains(o.Resource.ToLower()) && o.Action == ra.Action)](pec.Principal);
}
else //assume access is true for everything not set in policies
{
access = true;
}
}
catch (Exception)
{
access = false;
}
return access;
}
public override bool CheckAccess(AuthorizationContext context)
{
"\nAuthorization...".ConsoleYellow();
if (context.Action.First().Type.Equals(ClaimPermission.ActionType))
{
Console.WriteLine("Application authorization.");
}
else
{
Console.WriteLine("WCF pipeline authorization.");
}
"\nActions:\n".ConsoleGreen();
foreach (var action in context.Action)
{
Console.WriteLine("{0}\n {1}", action.Type, action.Value);
}
"\nResources:\n".ConsoleGreen();
foreach (var resource in context.Resource)
{
Console.WriteLine("{0}\n {1}", resource.Type, resource.Value);
}
return true;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var principal = actionContext.Request.GetRequestContext().Principal;
var claimsPrincipal = principal as ClaimsPrincipal;
claimsPrincipal = claimsPrincipal ?? new ClaimsPrincipal(principal);
var ctx = new System.Security.Claims.AuthorizationContext(
claimsPrincipal,
new Collection <Claim>
{
new Claim(AuthzClaimTypes.RequestMethod, actionContext.Request.Method.ToString())
},
new Collection <Claim>
{
new Claim(AuthzClaimTypes.RequestUri, actionContext.Request.RequestUri.ToString())
});
var manager =
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
if (!manager.CheckAccess(ctx))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
private bool AuthorizeAdminArea(AuthorizationContext context)
{
return context.Principal.HasClaim(c =>
{
return c.Type == ClaimTypes.Role &&
c.Value == Constants.Roles.Administrators &&
c.Issuer == Constants.InternalIssuer;
});
}
public static bool CheckAccess(this IPrincipal principal, string resource, string action, IList <Claim> resourceClaims)
{
var context = new System.Security.Claims.AuthorizationContext(principal as ClaimsPrincipal, resource, action);
resourceClaims.ToList().ForEach(c => context.Resource.Add(c));
var config = new IdentityConfiguration();
return(config.ClaimsAuthorizationManager.CheckAccess(context));
}
public void ShouldAlwaysReturnTrue()
{
var context = new AuthorizationContext(new ClaimsPrincipal(), "asdf", "asdf");
AuthorizationManager manager= new AuthorizationManager();
var actual = manager.CheckAccess(context);
Assert.IsTrue(actual);
}
public override bool CheckAccess(AuthorizationContext context)
{
// inspect sub, action, resource
Debug.WriteLine(context.Principal.FindFirst("sub").Value);
Debug.WriteLine(context.Action.First().Value);
Debug.WriteLine(context.Resource.First().Value);
return true;
}
public bool IsVisible(ISession session, INakedObject target, IIdentifier member) {
var checkViewType = member.IsField ? CheckType.ViewField : CheckType.Action;
var checkEditType = member.IsField ? CheckType.EditField : CheckType.Action;
var contextView = new AuthorizationContext((ClaimsPrincipal)session.Principal, member.ToIdentityString(IdentifierDepth.ClassName), ((int)checkViewType).ToString());
var contextEdit = new AuthorizationContext((ClaimsPrincipal)session.Principal, member.ToIdentityString(IdentifierDepth.ClassName), ((int)checkEditType).ToString());
// being editable implies visibility
return manager.CheckAccess(contextView) || manager.CheckAccess(contextEdit);
}
/// <summary>
/// Check if an user has authoritah to access a resource on a given context.
/// </summary>
/// <param name="context">The context in which the claim authorization decorator was invoked.</param>
/// <returns>True, if the user is authorized to access the resource. False, otherwise.</returns>
public override bool CheckAccess(AuthorizationContext context)
{
return
// Deny access to anyone who isn't authenticated.
context.Principal.Identity.IsAuthenticated && (
// Admins can do whatever the shit they want.
context.Principal.HasClaim(ClaimTypes.Role, "admin") ||
// Or allows the users that have all necessary claims.
context.Resource.All(c => context.Principal.HasClaim(c.Type, c.Value)));
}
public override bool CheckAccess(AuthorizationContext context)
{
if (ClaimsPrincipal.Current.Identity.IsAuthenticated)
{
// NOTE: Add custom logic here
return base.CheckAccess(context);
}
return false;
}
public static bool CheckAccess(this IAuthorizationService authorizationService, IPrincipal principal, Operation operation, Resource resource)
{
var claimsPrincipal = principal.AsClaimsPrincipal();
var resources = new Collection<Claim>(new Claim[] { resource }.ToList());
var operations = new Collection<Claim>(new Claim[] { operation }.ToList());
var authorizationContext = new AuthorizationContext(claimsPrincipal, resources, operations);
return authorizationService.CheckAccess(authorizationContext);
}
/// <summary>
/// Checks the authorization policy.
/// </summary>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <param name="principal">The principal.</param>
/// <returns>true when authorized, otherwise false</returns>
public static bool CheckAccess(string resource, string action, ClaimsPrincipal principal)
{
Contract.Requires(!String.IsNullOrEmpty(resource));
Contract.Requires(!String.IsNullOrEmpty(action));
Contract.Requires(principal != null);
var context = new AuthorizationContext(principal, resource, action);
return AuthorizationManager.CheckAccess(context);
}
public override bool CheckAccess(AuthorizationContext context)
{
var resource = context.Resource.First().Value;
var action = context.Action.First().Value;
if (resource == "castle" && action == "show")
{
return context.Principal.HasClaim("http://myclaims/hascastle", "true");
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
var action = context.Action.First().Value;
switch (action)
{
case Constants.Actions.Configure:
return AuthorizeAdminArea(context);
}
return false;
}
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
if (String.IsNullOrWhiteSpace(Resrouce))
{
return(false);
}
var context = new System.Security.Claims.AuthorizationContext(ClaimsPrincipal.Current, Resrouce, Action);
ClaimsAuthorizationManager authorizationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
return(authorizationManager.CheckAccess(context));
}
public static bool CheckAccess(this IPrincipal principal, string resource, string action)
{
var p = (ClaimsPrincipal)principal;
if (p == null)
{
throw new ArgumentException("The value is not a ClaimsPrincipal", "principal");
}
var authContext = new AuthorizationContext(p, resource, action);
return(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager.CheckAccess(authContext));
}
public override bool CheckAccess(AuthorizationContext context) {
IIdentifier identifier = IdentifierImpl.FromIdentityString(context.Resource.Single().Value);
var checkType = (CheckType) int.Parse(context.Action.Single().Value);
if (rules.ContainsKey(identifier)) {
if (rules[identifier].ContainsKey(checkType)) {
return rules[identifier][checkType].AccessAllowed(context);
}
}
// default to not allowed
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
string resource = context.Resource.First().Value;
string action = context.Action.First().Value;
if (action == "Show" && resource == "Code")
{
bool likesJava = context.Principal.HasClaim("http://www.mysite.com/likesjavatoo", "True");
return likesJava;
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
string action = context.Action.Single().Value;
string resource = context.Resource.Single().Value;
// could be anything - check e.g. context.Principal.HasClaim()
if(action == "Do" && resource == "R6" && context.Principal.IsInRole("Admin"))
{
return true;
}
// deny otherwise
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
var resource = context.Resource.First().Value;
var action = context.Action.First().Value;
if (action == "Show" && resource == "Code")
{
var livesInEngland = context.Principal.HasClaim(ClaimTypes.Country, "England");
var isDuncan = context.Principal.HasClaim(ClaimTypes.GivenName, "Duncan");
return isDuncan && livesInEngland;
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
var resource = context.Resource.First().Value;
var action = context.Action.First().Value;
// hardcoded rules could be replaced by injection or load from xml
if (resource == "Customer" && action == "Add")
{
var hasAccess = context.Principal.HasClaim("http://myclaims/customer", "add");
return hasAccess;
}
return false;
}
public override bool CheckAccess(System.Security.Claims.AuthorizationContext context)
{
var name = context.Principal.Identity.Name;
var claims = context.Principal; //as ClaimsPrincipal;
var action = context.Action.First().Value.ToLower();
var rsc = context.Resource.First().Value.ToLower();
if (MallClaim.dict.ContainsKey(action) && claims != null && claims.HasClaim(MallClaim.dict[action], rsc))
{
return(true);
}
return(false);
}
public override bool CheckAccess(AuthorizationContext context)
{
if (!ClaimsPrincipal.Current.Identity.IsAuthenticated) return false;
if (!ClaimsPrincipal.Current.HasClaim(ApplicationClaimTypes.Default, ApplicationClaimsValues.Present)) return false;
if (context.Action.FirstOrDefault(ac => ac.Value == "Save") != null &&
context.Resource.FirstOrDefault(rc => rc.Value == "Article") != null &&
!ClaimsPrincipal.Current.HasClaim(ApplicationClaimTypes.Maintenance, ApplicationClaimsValues.Editor))
{
return false;
}
return true;
}
public override bool CheckAccess(AuthorizationContext context)
{
// inspect context and make authorization descision
var resource = context.Resource.First().Value;
var acttion = context.Action.First().Value;
if (acttion.Equals("Show") && resource.Equals("Tower"))
{
var hasTower = context.Principal.HasClaim("http://myclaims/tower", true.ToString());
return hasTower;
}
else
{
return base.CheckAccess(context);
}
}
public override bool CheckAccess(AuthorizationContext context)
{
bool access;
try
{
var ra = new ResourceAction(context.Resource.First().Value, context.Action.First().Value);
access = Policies[ra](context.Principal);
}
catch (Exception)
{
// exception is ok here, just implies false
access = false;
}
return access;
}
public override bool CheckAccess(AuthorizationContext context)
{
string resource = context.Resource.First().Value;
string action = context.Action.First().Value;
if (action == "Get" && resource == "Contacts")
{
ClaimsIdentity id = (context.Principal.Identity as ClaimsIdentity);
if (!id.IsAuthenticated)
return false;
return (id.Claims.Any(c => c.Type == ConfigurationManager.AppSettings["UrlMyContacts-OAuth20-Scope"] && c.Value.Equals("Read.Contacts")));
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
var action = context.Action.First().Value;
switch (action)
{
case ResourceActionName.Create:
case ResourceActionName.Update:
case ResourceActionName.Delete:
return context.Principal.IsInRole("admin");
case ResourceActionName.List:
case ResourceActionName.Details:
return context.Principal.IsInRole("user");
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
var subject = context.Principal;
var method = context.Action.First(c => c.Type == ClaimsAuthorization.ActionType).Value;
var controller = context.Resource.First(c => c.Type == ClaimsAuthorization.ResourceType).Value;
if (controller == "ClaimsResource")
{
if (method.Equals("GET", StringComparison.OrdinalIgnoreCase))
return true;
if (method.Equals("DELETE", StringComparison.OrdinalIgnoreCase) && !subject.IsInRole("ProjectManager"))
return false;
return subject.Identity.IsAuthenticated;
}
return false;
}
public override bool CheckAccess(AuthorizationContext context)
{
// we know that the principal is authenticated in ServiceAuthenticationManager.Authenticate
var action = context.Action.First().Value;
var resource = context.Resource.First().Value;
var resourceClaim = context.Principal.FindFirst(
x => x.Type == Security.Claims.ClaimTypes.Resource && x.Value == resource);
if (resourceClaim == null)
return false;
string temp;
if (!resourceClaim.Properties.TryGetValue(action, out temp))
return false;
return true;
}
public override bool CheckAccess(AuthorizationContext context)
{
/*
* Validationa Sequence check
* 1) Check Principal Claims
* If principal has zero claims then return false (token expiration most likely)
* else get the role claims
* if prinipal has admin role then return true
* else build a unique list of claims from the role claims
* then check to see if principal has a claim otherwise return false
*/
var principalClaims = context.Principal.Claims;
var principalClaimsArrary = principalClaims as Claim[] ?? principalClaims.ToArray();
if (!principalClaimsArrary.Any())
{
return false;
}
//So we have lets get all the role claims
var roleClaims = principalClaimsArrary.Where(p => p.Type == ClaimTypes.Role).Select(p => p.Value);
var roleClaimsArray = roleClaims as string[] ?? roleClaims.ToArray();
if (!roleClaimsArray.Any())
{
return false;
}
//get the db context
var dbContext = new MyQuestionnaireDbContext();
var resource = context.Resource.First().Value;
var action = context.Action.First().Value;
var applicationClaims = new List<ApplicationClaim>();
var claims = applicationClaims;
dbContext.ApplicationRoles.ForEach(role =>
{
if (roleClaimsArray.Contains(role.Name))
{
claims.AddRange(role.ApplicationClaims.ToList());
}
});
applicationClaims = applicationClaims.Distinct().ToList();
return applicationClaims.Any(c => c.ClaimType == action && c.ClaimValue == resource);
}
public AuthorizeAdminAttribute()
{
Context = ResgridAuthorizationContext.BuildAdminRoleContext();
}
public override bool CheckAccess(AuthorizationContext authorizationContext)
{
return(authorizationService.CheckAccess(authorizationContext));
}
/// <summary>
/// When implemented in a derived class, this method will authorize the subject specified in the
/// context to perform the specified action on the specified resource.
/// </summary>
/// <param name="context"><see cref="AuthorizationContext"/> that encapsulates the subject, resource, and action.</param>
/// <returns>true if authorized, false otherwise.</returns>
public virtual bool CheckAccess(AuthorizationContext context)
{
return(true);
}
