public override bool CheckAccess(AuthorizationContext context) { string action = context.Action.Single().Value; string resource = context.Resource.Single().Value; return context.Principal.HasClaim(resource, action); }
/// <summary> /// Checks the authorization policy. /// </summary> /// <param name="context">The authorization context.</param> /// <returns>true when authorized, otherwise false</returns> public static bool CheckAccess(AuthorizationContext context) { Contract.Requires(context != null); return AuthorizationManager.CheckAccess(context); }
public override bool CheckAccess(AuthorizationContext context) { var action = context.Action.First(); var id = context.Principal.Identities.First(); Tracing.Verbose("Action Type: " + action.Type.ToString()); Tracing.Verbose("Claims: " + string.Join(",", id.Claims.Select(x => x.Type + ": " + x.Value))); //try{ // Tracing.Verbose("Prinicipal Identity: " + Newtonsoft.Json.JsonConvert.SerializeObject(id)); //} //catch(Exception e) //{ // Tracing.Error(e.Message + " " + e.InnerException); //} // if application authorization request if (action.Type.Equals(ClaimsAuthorization.ActionType)) { Tracing.Information("is application authorization request"); return AuthorizeCore(action, context.Resource, context.Principal.Identity as ClaimsIdentity); } // if ws-trust issue request if (action.Value.Equals(WSTrust13Constants.Actions.Issue)) { Tracing.Information("is ws-trust request"); return AuthorizeTokenIssuance(new Collection<Claim> { new Claim(ClaimsAuthorization.ResourceType, Constants.Resources.WSTrust) }, id); } return base.CheckAccess(context); }
public override bool CheckAccess(AuthorizationContext context) { HttpContext httpContext = HttpContext.Current; if (httpContext != null) { HttpRequest request = httpContext.Request; var queryParams = request.QueryString; foreach (var p in queryParams) { //do something } } string resource = context.Resource.First().Value; string action = context.Action.First().Value; if (action == "Show" && resource == "Code") { bool livesInSweden = context.Principal.HasClaim(ClaimTypes.Country, "Sweden"); bool isAndras = context.Principal.HasClaim(ClaimTypes.GivenName, "Andras"); //return isAndras && livesInSweden; return false; } return false; }
/// <summary> /// When implemented in a derived class, checks authorization for the subject in the specified context to perform the specified action on the specified resource. /// </summary> /// <param name="context">The authorization context that contains the subject, resource, and action for which authorization is to be checked.</param> /// <returns> /// true if the subject is authorized to perform the specified action on the specified resource; otherwise, false. /// </returns> public override bool CheckAccess(AuthorizationContext context) { bool result = false; // 如果沒有Resource和Operation的情況下,表示可以看 if (context.Resource.Count == 0 && context.Action.Count == 0) { return true; } if (context.Principal.Identity.IsAuthenticated) { string resourceStr = context.Resource.First().Value; string operationStr = context.Action.First().Value; ResourceOperationEnum operation = (ResourceOperationEnum) Enum.Parse(typeof(ResourceOperationEnum), operationStr); ResourceOperation resourceOperation = new ResourceOperation() { ResourceName = resourceStr, Operation = operation }; var rolesName = context.Principal.FindAll(x => x.Type == ClaimTypes.Role) .Select(x => x.Value).ToArray(); result = CheckAccess(context, resourceOperation, rolesName); } return result; }
/// <summary> /// Checks if the principal specified in the authorization context is authorized to perform action specified in the authorization context /// on the specified resoure /// </summary> /// <param name="pec">Authorization context</param> /// <returns>true if authorized, false otherwise</returns> public override bool CheckAccess(AuthorizationContext pec) { // // Evaluate the policy against the claims of the // principal to determine access // bool access; try { //create a new resource object from the requested url claim and action claim var ra = new ResourceAction(pec.Resource.First().Value, pec.Action.First().Value); //if the set policies has this resource action run the compiled function to check it //if(_policies.ContainsKey(ra)) if (_policies.Keys.Count(o => ra.Resource.ToLower().Contains(o.Resource.ToLower())&&o.Action==ra.Action) > 0) { //access = _policies[ra](pec.Principal); access = _policies[_policies.Keys.FirstOrDefault(o => ra.Resource.ToLower().Contains(o.Resource.ToLower()) && o.Action == ra.Action)](pec.Principal); } else //assume access is true for everything not set in policies { access = true; } } catch (Exception) { access = false; } return access; }
public override bool CheckAccess(AuthorizationContext context) { "\nAuthorization...".ConsoleYellow(); if (context.Action.First().Type.Equals(ClaimPermission.ActionType)) { Console.WriteLine("Application authorization."); } else { Console.WriteLine("WCF pipeline authorization."); } "\nActions:\n".ConsoleGreen(); foreach (var action in context.Action) { Console.WriteLine("{0}\n {1}", action.Type, action.Value); } "\nResources:\n".ConsoleGreen(); foreach (var resource in context.Resource) { Console.WriteLine("{0}\n {1}", resource.Type, resource.Value); } return true; }
public override void OnAuthorization(HttpActionContext actionContext) { var principal = actionContext.Request.GetRequestContext().Principal; var claimsPrincipal = principal as ClaimsPrincipal; claimsPrincipal = claimsPrincipal ?? new ClaimsPrincipal(principal); var ctx = new System.Security.Claims.AuthorizationContext( claimsPrincipal, new Collection <Claim> { new Claim(AuthzClaimTypes.RequestMethod, actionContext.Request.Method.ToString()) }, new Collection <Claim> { new Claim(AuthzClaimTypes.RequestUri, actionContext.Request.RequestUri.ToString()) }); var manager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager; if (!manager.CheckAccess(ctx)) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } }
private bool AuthorizeAdminArea(AuthorizationContext context) { return context.Principal.HasClaim(c => { return c.Type == ClaimTypes.Role && c.Value == Constants.Roles.Administrators && c.Issuer == Constants.InternalIssuer; }); }
public static bool CheckAccess(this IPrincipal principal, string resource, string action, IList <Claim> resourceClaims) { var context = new System.Security.Claims.AuthorizationContext(principal as ClaimsPrincipal, resource, action); resourceClaims.ToList().ForEach(c => context.Resource.Add(c)); var config = new IdentityConfiguration(); return(config.ClaimsAuthorizationManager.CheckAccess(context)); }
public void ShouldAlwaysReturnTrue() { var context = new AuthorizationContext(new ClaimsPrincipal(), "asdf", "asdf"); AuthorizationManager manager= new AuthorizationManager(); var actual = manager.CheckAccess(context); Assert.IsTrue(actual); }
public override bool CheckAccess(AuthorizationContext context) { // inspect sub, action, resource Debug.WriteLine(context.Principal.FindFirst("sub").Value); Debug.WriteLine(context.Action.First().Value); Debug.WriteLine(context.Resource.First().Value); return true; }
public bool IsVisible(ISession session, INakedObject target, IIdentifier member) { var checkViewType = member.IsField ? CheckType.ViewField : CheckType.Action; var checkEditType = member.IsField ? CheckType.EditField : CheckType.Action; var contextView = new AuthorizationContext((ClaimsPrincipal)session.Principal, member.ToIdentityString(IdentifierDepth.ClassName), ((int)checkViewType).ToString()); var contextEdit = new AuthorizationContext((ClaimsPrincipal)session.Principal, member.ToIdentityString(IdentifierDepth.ClassName), ((int)checkEditType).ToString()); // being editable implies visibility return manager.CheckAccess(contextView) || manager.CheckAccess(contextEdit); }
/// <summary> /// Check if an user has authoritah to access a resource on a given context. /// </summary> /// <param name="context">The context in which the claim authorization decorator was invoked.</param> /// <returns>True, if the user is authorized to access the resource. False, otherwise.</returns> public override bool CheckAccess(AuthorizationContext context) { return // Deny access to anyone who isn't authenticated. context.Principal.Identity.IsAuthenticated && ( // Admins can do whatever the shit they want. context.Principal.HasClaim(ClaimTypes.Role, "admin") || // Or allows the users that have all necessary claims. context.Resource.All(c => context.Principal.HasClaim(c.Type, c.Value))); }
public override bool CheckAccess(AuthorizationContext context) { if (ClaimsPrincipal.Current.Identity.IsAuthenticated) { // NOTE: Add custom logic here return base.CheckAccess(context); } return false; }
public static bool CheckAccess(this IAuthorizationService authorizationService, IPrincipal principal, Operation operation, Resource resource) { var claimsPrincipal = principal.AsClaimsPrincipal(); var resources = new Collection<Claim>(new Claim[] { resource }.ToList()); var operations = new Collection<Claim>(new Claim[] { operation }.ToList()); var authorizationContext = new AuthorizationContext(claimsPrincipal, resources, operations); return authorizationService.CheckAccess(authorizationContext); }
/// <summary> /// Checks the authorization policy. /// </summary> /// <param name="resource">The resource.</param> /// <param name="action">The action.</param> /// <param name="principal">The principal.</param> /// <returns>true when authorized, otherwise false</returns> public static bool CheckAccess(string resource, string action, ClaimsPrincipal principal) { Contract.Requires(!String.IsNullOrEmpty(resource)); Contract.Requires(!String.IsNullOrEmpty(action)); Contract.Requires(principal != null); var context = new AuthorizationContext(principal, resource, action); return AuthorizationManager.CheckAccess(context); }
public override bool CheckAccess(AuthorizationContext context) { var resource = context.Resource.First().Value; var action = context.Action.First().Value; if (resource == "castle" && action == "show") { return context.Principal.HasClaim("http://myclaims/hascastle", "true"); } return false; }
public override bool CheckAccess(AuthorizationContext context) { var action = context.Action.First().Value; switch (action) { case Constants.Actions.Configure: return AuthorizeAdminArea(context); } return false; }
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { if (String.IsNullOrWhiteSpace(Resrouce)) { return(false); } var context = new System.Security.Claims.AuthorizationContext(ClaimsPrincipal.Current, Resrouce, Action); ClaimsAuthorizationManager authorizationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager; return(authorizationManager.CheckAccess(context)); }
public static bool CheckAccess(this IPrincipal principal, string resource, string action) { var p = (ClaimsPrincipal)principal; if (p == null) { throw new ArgumentException("The value is not a ClaimsPrincipal", "principal"); } var authContext = new AuthorizationContext(p, resource, action); return(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager.CheckAccess(authContext)); }
public override bool CheckAccess(AuthorizationContext context) { IIdentifier identifier = IdentifierImpl.FromIdentityString(context.Resource.Single().Value); var checkType = (CheckType) int.Parse(context.Action.Single().Value); if (rules.ContainsKey(identifier)) { if (rules[identifier].ContainsKey(checkType)) { return rules[identifier][checkType].AccessAllowed(context); } } // default to not allowed return false; }
public override bool CheckAccess(AuthorizationContext context) { string resource = context.Resource.First().Value; string action = context.Action.First().Value; if (action == "Show" && resource == "Code") { bool likesJava = context.Principal.HasClaim("http://www.mysite.com/likesjavatoo", "True"); return likesJava; } return false; }
public override bool CheckAccess(AuthorizationContext context) { string action = context.Action.Single().Value; string resource = context.Resource.Single().Value; // could be anything - check e.g. context.Principal.HasClaim() if(action == "Do" && resource == "R6" && context.Principal.IsInRole("Admin")) { return true; } // deny otherwise return false; }
public override bool CheckAccess(AuthorizationContext context) { var resource = context.Resource.First().Value; var action = context.Action.First().Value; if (action == "Show" && resource == "Code") { var livesInEngland = context.Principal.HasClaim(ClaimTypes.Country, "England"); var isDuncan = context.Principal.HasClaim(ClaimTypes.GivenName, "Duncan"); return isDuncan && livesInEngland; } return false; }
public override bool CheckAccess(AuthorizationContext context) { var resource = context.Resource.First().Value; var action = context.Action.First().Value; // hardcoded rules could be replaced by injection or load from xml if (resource == "Customer" && action == "Add") { var hasAccess = context.Principal.HasClaim("http://myclaims/customer", "add"); return hasAccess; } return false; }
public override bool CheckAccess(System.Security.Claims.AuthorizationContext context) { var name = context.Principal.Identity.Name; var claims = context.Principal; //as ClaimsPrincipal; var action = context.Action.First().Value.ToLower(); var rsc = context.Resource.First().Value.ToLower(); if (MallClaim.dict.ContainsKey(action) && claims != null && claims.HasClaim(MallClaim.dict[action], rsc)) { return(true); } return(false); }
public override bool CheckAccess(AuthorizationContext context) { if (!ClaimsPrincipal.Current.Identity.IsAuthenticated) return false; if (!ClaimsPrincipal.Current.HasClaim(ApplicationClaimTypes.Default, ApplicationClaimsValues.Present)) return false; if (context.Action.FirstOrDefault(ac => ac.Value == "Save") != null && context.Resource.FirstOrDefault(rc => rc.Value == "Article") != null && !ClaimsPrincipal.Current.HasClaim(ApplicationClaimTypes.Maintenance, ApplicationClaimsValues.Editor)) { return false; } return true; }
public override bool CheckAccess(AuthorizationContext context) { // inspect context and make authorization descision var resource = context.Resource.First().Value; var acttion = context.Action.First().Value; if (acttion.Equals("Show") && resource.Equals("Tower")) { var hasTower = context.Principal.HasClaim("http://myclaims/tower", true.ToString()); return hasTower; } else { return base.CheckAccess(context); } }
public override bool CheckAccess(AuthorizationContext context) { bool access; try { var ra = new ResourceAction(context.Resource.First().Value, context.Action.First().Value); access = Policies[ra](context.Principal); } catch (Exception) { // exception is ok here, just implies false access = false; } return access; }
public override bool CheckAccess(AuthorizationContext context) { string resource = context.Resource.First().Value; string action = context.Action.First().Value; if (action == "Get" && resource == "Contacts") { ClaimsIdentity id = (context.Principal.Identity as ClaimsIdentity); if (!id.IsAuthenticated) return false; return (id.Claims.Any(c => c.Type == ConfigurationManager.AppSettings["UrlMyContacts-OAuth20-Scope"] && c.Value.Equals("Read.Contacts"))); } return false; }
public override bool CheckAccess(AuthorizationContext context) { var action = context.Action.First().Value; switch (action) { case ResourceActionName.Create: case ResourceActionName.Update: case ResourceActionName.Delete: return context.Principal.IsInRole("admin"); case ResourceActionName.List: case ResourceActionName.Details: return context.Principal.IsInRole("user"); } return false; }
public override bool CheckAccess(AuthorizationContext context) { var subject = context.Principal; var method = context.Action.First(c => c.Type == ClaimsAuthorization.ActionType).Value; var controller = context.Resource.First(c => c.Type == ClaimsAuthorization.ResourceType).Value; if (controller == "ClaimsResource") { if (method.Equals("GET", StringComparison.OrdinalIgnoreCase)) return true; if (method.Equals("DELETE", StringComparison.OrdinalIgnoreCase) && !subject.IsInRole("ProjectManager")) return false; return subject.Identity.IsAuthenticated; } return false; }
public override bool CheckAccess(AuthorizationContext context) { // we know that the principal is authenticated in ServiceAuthenticationManager.Authenticate var action = context.Action.First().Value; var resource = context.Resource.First().Value; var resourceClaim = context.Principal.FindFirst( x => x.Type == Security.Claims.ClaimTypes.Resource && x.Value == resource); if (resourceClaim == null) return false; string temp; if (!resourceClaim.Properties.TryGetValue(action, out temp)) return false; return true; }
public override bool CheckAccess(AuthorizationContext context) { /* * Validationa Sequence check * 1) Check Principal Claims * If principal has zero claims then return false (token expiration most likely) * else get the role claims * if prinipal has admin role then return true * else build a unique list of claims from the role claims * then check to see if principal has a claim otherwise return false */ var principalClaims = context.Principal.Claims; var principalClaimsArrary = principalClaims as Claim[] ?? principalClaims.ToArray(); if (!principalClaimsArrary.Any()) { return false; } //So we have lets get all the role claims var roleClaims = principalClaimsArrary.Where(p => p.Type == ClaimTypes.Role).Select(p => p.Value); var roleClaimsArray = roleClaims as string[] ?? roleClaims.ToArray(); if (!roleClaimsArray.Any()) { return false; } //get the db context var dbContext = new MyQuestionnaireDbContext(); var resource = context.Resource.First().Value; var action = context.Action.First().Value; var applicationClaims = new List<ApplicationClaim>(); var claims = applicationClaims; dbContext.ApplicationRoles.ForEach(role => { if (roleClaimsArray.Contains(role.Name)) { claims.AddRange(role.ApplicationClaims.ToList()); } }); applicationClaims = applicationClaims.Distinct().ToList(); return applicationClaims.Any(c => c.ClaimType == action && c.ClaimValue == resource); }
public AuthorizeAdminAttribute() { Context = ResgridAuthorizationContext.BuildAdminRoleContext(); }
public override bool CheckAccess(AuthorizationContext authorizationContext) { return(authorizationService.CheckAccess(authorizationContext)); }
/// <summary> /// When implemented in a derived class, this method will authorize the subject specified in the /// context to perform the specified action on the specified resource. /// </summary> /// <param name="context"><see cref="AuthorizationContext"/> that encapsulates the subject, resource, and action.</param> /// <returns>true if authorized, false otherwise.</returns> public virtual bool CheckAccess(AuthorizationContext context) { return(true); }