Esempio n. 1
0
        /// <summary>
        /// Very basic authorization filter.
        /// Uses hard-coded role list.
        /// Only checks authorization on find, identify and export, all other operations are forbidden.
        /// </summary>
        /// <param name="operationName">REST operation name</param>
        /// <returns>Returns true if access is allowed</returns>
        private bool CheckAuthorization(string operationName)
        {
            if (string.IsNullOrEmpty(operationName))
            {
                return(true); //allow resource access
            }

            /*
             * By default, block access for all users.
             */

            /*
             * List of roles that have access.
             *
             * Here we have defined a single list to control access for all
             * operations but depending on the use case we can create per operation
             * level lists or even read this information from an external file.
             */
            var authorizedRoles = new HashSet <String>
            {
                "gold123",
                "platinum123"
            };


            /*
             * List of operations we need to authorize,
             */
            var operationsToCheckForAuthorization = new HashSet <String>
            {
                "find",
                "identify",
                "export"
            };

            /*
             * Check if the user if authorized to perform the operation.
             *
             * Note: Here we are checking for all valid Map Service operations. If
             * you need to use this SOI for a published Image Service you need to
             * extend this to cover all Image Service operations.
             */
            if (operationsToCheckForAuthorization.Contains(operationName.ToLower()))
            {
                /*
                 * Get all roles the user belongs to.
                 */
                var userRoleSet = ServerUtilities.GetGroupInfo(ServerUtilities.GetServerEnvironment());
                if (null == userRoleSet)
                {
                    return(false);
                }
                //Check if user role set intersection with the authorized role set contains any elements.
                //In other words, if one of user's roles is authorized.
                return(userRoleSet.Intersect(authorizedRoles).Any());
            }

            /*
             * We support only operations find, identify, export
             * for all other operations we do not allow access.
             */
            return(false);
        }