Esempio n. 1
0
        public bool Evaluate(System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state)
        {
            bool retValue = false;

            var identitiesList = evaluationContext.Properties["Identities"] as List <System.Security.Principal.IIdentity>;

            if (identitiesList != null && identitiesList.Count > 0)
            {
                System.Security.Principal.IIdentity identity = identitiesList.First();
                string   name  = identity.Name.Split(';').First();
                string[] roles = null;

                if (AuthorizationForUser.ContainsKey(name))
                {
                    roles = AuthorizationForUser[name];
                }

                evaluationContext.Properties["Principal"] =
                    new System.Security.Principal.GenericPrincipal(
                        identity,
                        roles);

                retValue = true;
            }

            return(retValue);
        }
Esempio n. 2
0
        // this method gets called after the authentication stage,
        // Evaluates whether a user meets the requirements for this authorization policy.
        // 把用户可以访问的函数关联到用户,即给用户添加某些权限
        public bool Evaluate(System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state)
        {
            //Return Value
            //Type: System.Boolean

            //false if the Evaluate method for this authorization policy must be called if additional claims are added by other authorization policies to evaluationContext;
            //otherwise, true to state no additional evaluation is required by this authorization policy.

            //如果其他策略把另外的claims加到evaluationContext中时,必须调用此授权策略的Evaluate函数,则返回false;
            //否则,如果要声明此授权策略不需要另外的评估,返回true


            if (null == state)
            {
                state = false;
            }

            bool hasAddedClaims = (bool)state;

            if (hasAddedClaims)
            {
                return(true);
            }

            IList <Claim> claims = new List <Claim>();

            foreach (ClaimSet claimSet in evaluationContext.ClaimSets)
            {
                foreach (Claim claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                {
                    string userName = (string)claim.Resource;

                    if (userName.Contains('\\'))
                    {
                        userName = userName.Split('\\')[1];

                        if (string.Compare("Foo", userName, true) == 0)
                        {
                            claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfAdd, Rights.PossessProperty));

                            claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfSubtract, Rights.PossessProperty));
                        }

                        if (string.Compare("Bar", userName, true) == 0)
                        {
                            claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfMultiply, Rights.PossessProperty));

                            claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfDivide, Rights.PossessProperty));
                        }
                    }
                }
            }

            evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));

            state = true;

            return(true);
        }