// public bool Evaluate(EvaluationContext evaluationContext, ref object state) { bool bRet = false; CustomAuthState customstate = null; // If state is null, then this method has not been called before so // set up a custom state. if (state == null) { customstate = new CustomAuthState(); state = customstate; } else { customstate = (CustomAuthState)state; } Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate"); // If we've not added claims yet... if (!customstate.ClaimsAdded) { // Create an empty list of Claims. IList <Claim> claims = new List <Claim>(); // Iterate through each of the claimsets in the evaluation context. foreach (ClaimSet cs in evaluationContext.ClaimSets) { // Look for Name claims in the current claimset. foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)) { // Get the list of operations the given username is allowed to call. foreach (string s in GetAllowedOpList(c.Resource.ToString())) { // Add claims to the list. claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty)); Console.WriteLine("Claim added {0}", s); } } } // Add claims to the evaluation context. evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims)); // Record that claims have been added. customstate.ClaimsAdded = true; // Return true, indicating the method need not be called again. bRet = true; } else { // Should never get here, but just in case... bRet = true; } return(bRet); }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { bool bRet = false; CustomAuthState customstate = null; // If state is null, then we've not been called before so we need // to set up our custom state if (state == null) { customstate = new CustomAuthState(); state = customstate; } else customstate = (CustomAuthState)state; Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate"); // If we've not added claims yet... if (!customstate.ClaimsAdded) { // Create an empty list of Claims IList<Claim> claims = new List<Claim>(); // Iterate through each of the claimsets in the evaluation context foreach (ClaimSet cs in evaluationContext.ClaimSets) // Look for Name claims in the current claimset... foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)) // Get the list of operations the given username is allowed to call... foreach (string s in GetAllowedOpList(c.Resource.ToString())) { // Check numbers aren't too large // Add claims to the list claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty)); Console.WriteLine("Claim added {0}", s); } // Add claims to the evaluation context evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims)); // record that we've added claims customstate.ClaimsAdded = true; // return true, indicating we do not need to be called again. bRet = true; } else { // Should never get here, but just in case... bRet = true; } return bRet; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { CustomAuthState customstate; // If the state is null, then this has not been called before so // set up a custom state. if (state == null) { customstate = new CustomAuthState(); state = customstate; } else { customstate = (CustomAuthState)state; } bool bRet; // If claims have not been added yet... if (!customstate.ClaimsAdded) { // Create an empty list of claims. IList <Claim> claims = new List <Claim> { new Claim("http://tempuri.org/claims/allowedoperation", "http://tempuri.org/IEchoService/EchoString", Rights.PossessProperty), new Claim("http://tempuri.org/claims/allowedoperation", "http://tempuri.org/IEchoService/ComplexEcho", Rights.PossessProperty) }; evaluationContext.AddClaimSet(this, new DefaultClaimSet(Issuer, claims)); // Record that claims were added. customstate.ClaimsAdded = true; // Return true, indicating that this method does not need to be called again. bRet = true; } else { // Should never get here, but just in case, return true. bRet = true; } return(bRet); }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { bool bRet = false; CustomAuthState customAuthState = null; // If state is null, then this method has not been called before, so // set up a custom state. if (state == null) { customAuthState = new CustomAuthState(); state = customAuthState; } else { customAuthState = (CustomAuthState)state; } // If claims have not been added yet... if (!customAuthState.ClaimsAdded) { // helpful class for processing certificates X509CertificateClaimSet certClaimSet = null; // look for the client's certificate foreach (ClaimSet cs in evaluationContext.ClaimSets) { certClaimSet = cs as X509CertificateClaimSet; // As of this writing, calling evaluationContext.AddClaimSets // directly modifies the ClaimSets collection we are enumerating, // which will result in an exception, so we break out of this loop // before adding our new ClaimSet if (null != certClaimSet) { break; } } if (null != certClaimSet) { // note how we can get access to the client certificate here, // so if you already know how to program certs in .NET, you're all set string clientName = certClaimSet.X509Certificate.Subject; string x509ThumbPrint = certClaimSet.X509Certificate.Thumbprint; // map the user's name onto a set of claims that represent WSC's entity attributes ClaimSet newClaimSet = LookupClaimsForWsc(clientName, x509ThumbPrint); evaluationContext.AddClaimSet(this, newClaimSet); // Record that claims have been added. customAuthState.ClaimsAdded = true; bRet = true; } } else { bRet = true; } return bRet; }