protected override bool AuthorizeTokenIssuance(Collection <Claim> resource, IClaimsIdentity id) { if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership) { var authResult = id.IsAuthenticated; if (!authResult) { Tracing.Error("Authorization for token issuance failed because the user is anonymous"); } return(authResult); } var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection; var roleResult = false; foreach (UserGroupConfigElement group in section.UserGroups) { roleResult = id.ClaimExists(ClaimTypes.Role, group.UserGroupName); if (roleResult) { break; } } return(roleResult); }
/// <summary> /// Checks whether a given claim exists /// </summary> /// <param name="identity">The identity.</param> /// <param name="claimType">Type of the claim.</param> /// <returns>true/false</returns> public static bool ClaimExists(this IClaimsIdentity identity, string claimType) { Contract.Requires(identity != null); Contract.Requires(identity.Claims != null); Contract.Requires(!String.IsNullOrEmpty(claimType)); return(identity.ClaimExists(c => c.ClaimType.Equals(claimType, StringComparison.OrdinalIgnoreCase))); }
/// <summary> /// Demands a specific claim. /// </summary> /// <param name="identity">The principal.</param> /// <param name="predicate">The search predicate.</param> public static void DemandClaim(this IClaimsIdentity identity, Predicate <Claim> predicate) { Contract.Requires(identity != null); Contract.Requires(identity.Claims != null); Contract.Requires(predicate != null); if (!identity.ClaimExists(predicate)) { throw new SecurityException("Demand for Claim failed"); } }
protected virtual bool AuthorizeAdministration(Collection <Claim> resource, IClaimsIdentity id) { var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators); if (!roleResult) { if (resource[0].Value != Constants.Resources.UI) { Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerAdministrators)); } } return(roleResult); }
protected override bool AuthorizeAdministration(Collection <Claim> resource, IClaimsIdentity id) { var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection; var roleResult = id.ClaimExists(ClaimTypes.Role, section.AdministrationGroup.AdministrationGroupName); if (!roleResult) { if (resource[0].Value != Constants.Resources.UI) { Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, section.AdministrationGroup.AdministrationGroupName)); } } return(roleResult); }
protected override bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id) { var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection; var roleResult = id.ClaimExists(ClaimTypes.Role, section.AdministrationGroup.AdministrationGroupName); if (!roleResult) { if (resource[0].Value != Constants.Resources.UI) { Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, section.AdministrationGroup.AdministrationGroupName)); } } return roleResult; }
protected virtual bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id) { if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership) { var authResult = id.IsAuthenticated; if (!authResult) { Tracing.Error("Authorization for token issuance failed because the user is anonymous"); } return authResult; } var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers); if (!roleResult) { Tracing.Error(string.Format("Authorization for token issuance failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerUsers)); } return roleResult; }
protected virtual bool AuthorizeTokenIssuance(Collection <Claim> resource, IClaimsIdentity id) { if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership) { var authResult = id.IsAuthenticated; if (!authResult) { Tracing.Error("Authorization for token issuance failed because the user is anonymous"); } return(authResult); } var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers); if (!roleResult) { Tracing.Error(string.Format("Authorization for token issuance failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerUsers)); } return(roleResult); }
protected override bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id) { if (!ConfigurationRepository.Configuration.EnforceUsersGroupMembership) { var authResult = id.IsAuthenticated; if (!authResult) { Tracing.Error("Authorization for token issuance failed because the user is anonymous"); } return authResult; } var section = ConfigurationManager.GetSection(ActiveDirectoryConfigurationSection.SectionName) as ActiveDirectoryConfigurationSection; var roleResult = false; foreach (UserGroupConfigElement group in section.UserGroups) { roleResult = id.ClaimExists(ClaimTypes.Role, group.UserGroupName); if (roleResult) break; } return roleResult; }
protected virtual bool AuthorizeTokenIssuance(Collection<Claim> resource, IClaimsIdentity id) { var configurationRepository = ConfigurationRepositoryFactoryMethod(); if (!configurationRepository.Configuration.EnforceUsersGroupMembership) { return id.IsAuthenticated; } return (id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerUsers)); }
protected virtual bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id) { return (id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators)); }
protected virtual bool AuthorizeAdministration(Collection<Claim> resource, IClaimsIdentity id) { var roleResult = id.ClaimExists(ClaimTypes.Role, Constants.Roles.IdentityServerAdministrators); if (!roleResult) { if (resource[0].Value != Constants.Resources.UI) { Tracing.Error(string.Format("Administration authorization failed because user {0} is not in the {1} role", id.Name, Constants.Roles.IdentityServerAdministrators)); } } return roleResult; }
public static bool HasPermission(this IClaimsIdentity identity, string permission) { return(identity.ClaimExists(FractusClaimTypes.Permission, permission)); }