public void PlaceOrder(OrderMessage message)
{
Console.WriteLine("Order:");
Console.WriteLine("Product name: {0}", message.Order.ProductName);
Console.WriteLine("Quantity: {0}", message.Order.Quantity);
Console.WriteLine("Comments: {0}", message.Order.Comments);
int requiredPoints;
if (!requiredPointsMap.TryGetValue(message.Order.ProductName, out requiredPoints))
{
ReportSenderFault("An unknown product was ordered", "UnknownProduct");
}
try
{
ClaimsPrincipalPermission.CheckAccess(requiredPoints.ToString(), "BuyAnimal");
}
catch (SecurityException)
{
ReportSenderFault(string.Format("Required points: {0}.", requiredPoints),
"InsufficientExperiencePoints");
}
Console.WriteLine("Order accepted.");
}
static void Main(string[] args)
{
// <Snippet2>
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
// </Snippet2>
// <Snippet3>
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
// </Snippet3>
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
/// <summary>
/// Demo method with direct authorization call
/// </summary>
public void AdminsCanDoThis2()
{
ClaimsPrincipalPermission.CheckAccess("AdminArea", "Read");
Console.WriteLine(Environment.NewLine);
Console.WriteLine("Only the person with 'admin' role can invoke this method (2).");
Console.WriteLine(Environment.NewLine);
}
private static void UsePrincipal()
{
ShowCastle();
//imperative check
ClaimsPrincipalPermission.CheckAccess("Castle", "Show");
var authz = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
AuthorizationContext context = new AuthorizationContext(ClaimsPrincipal.Current, "Castle", "Show");
bool isAuthz = authz.CheckAccess(context);
}
public ActionResult About()
{
var ca = new ClaimsAuthorizationManager();
ClaimsPrincipalPermission.CheckAccess("home/about", "view");
ViewBag.Message = "Your application description page.";
return(View());
}
private void Application_AuthorizeRequest(Object source, EventArgs e)
{
//Create HttpContext object to access request and response properties.
var context = ((HttpApplication)source).Context;
var identity = Thread.CurrentPrincipal.Identity;
if (identity.IsAuthenticated &&
identity.AuthenticationType == AuthenticationTypes.Federation)
{
ClaimsPrincipalPermission.CheckAccess(context.Request.Url.OriginalString, context.Request.HttpMethod);
}
}
protected void Page_Load(object sender, EventArgs e)
{
ClaimsPrincipalPermission p = new ClaimsPrincipalPermission("Contacts", "Show");
p.Demand();
ClaimsPrincipalPermission.CheckAccess("Contacts", "Show");
ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;
if (null != principal)
{
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
if (null != identity)
{
foreach (Claim claim in identity.Claims)
{
Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");
}
}
}
}
static void Main(string[] args)
{
//
// Configure .NET Framework to use Windows Claims Principals
// Emulates the authentication phase supported by the Windows Identity Foundation.
//
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
Thread.CurrentPrincipal = ClaimsPrincipal.CreateFromPrincipal(Thread.CurrentPrincipal);
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((IClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
public SecuredClass()
{
ClaimsPrincipalPermission.CheckAccess("SecuredClass", "GeneralAccess");
}
public static void MyMethod()
{
//Here is where we would check access to perform operations in this method.
ClaimsPrincipalPermission.CheckAccess(AppResources.Foo.ToString(), Operations.Read.ToString());
//If we made it this far we were authorized and we would perform the actual operations here.
}