protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetNoStore();
if (Page.User == null || Page.User.Identity.IsAuthenticated == false)
{
throw new ConfigurationErrorsException("WSFederationAuthenticationModule must be configured.");
}
if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) != AuthenticationMethods.X509)
{
// The user is not authenticated with high assurance.
throw new UnauthorizedAccessException("CustomClaimsAuthorizationManager must be configured.");
}
// For illustrative purposes this sample application simply shows all the parameters of
// claims (i.e. claim types and claim values), which are issued by a security token
// service (STS), to its clients. In production code, security implications of echoing
// the properties of claims to the clients should be carefully considered. For example,
// some of the security considerations are: (i) accepting the only claim types that are
// expected by relying party applications; (ii) sanitizing the claim parameters before
// using them; and (iii) filtering out claims that contain sensitive personal information).
// DO NOT use this sample code 'as is' in production code.
//Show the claims in a table
ShowClaims populateTable = new ShowClaims(ClaimSetTable);
}
protected void Page_Load(object sender, EventArgs e)
{
//
// If the user is authenticated with a high assurance log in,
// allow him to access the high value resource page.
//
// If the user is not authenticated, ask the user to log in through
// the high assurance sign-in page.
//
if (Page.User != null && Page.User.Identity.IsAuthenticated == true)
{
if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) == AuthenticationMethods.X509)
{
// The user is authenticated with high assurance; allow access to
// high value resource page.
Response.Redirect("HighValueResourcePage.aspx");
}
else
{
// The user is authenticated with low assurance. Ask the user to do a high assurance sign-in.
// Enable the account summary page link so that the user opt to
// go back to that page.
HyperLink1.Visible = true;
}
}
else
{
// The user is not authenticated. He needs to sign in with the high assurance authentication method.
// Hide the link back to account summary page because the user is not yet authenticated.
HyperLink1.Visible = false;
}
}
protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetNoStore();
if (Page.User != null && Page.User.Identity.IsAuthenticated == true)
{
if (ClaimsUtil.GetAuthStrengthClaim(Thread.CurrentPrincipal.Identity as IClaimsIdentity) == AuthenticationMethods.X509)
{
// The user is authenticated with high assurance; allow access to
// high value resource page.
Response.Redirect("HighValueResourcePage.aspx");
}
else
{
// The user is authenticated with low assurance; allow access to
// low value resource page.
Response.Redirect("LowValueResourcePage.aspx");
}
}
this.Label1.Text = "Test";
this.Label1.Visible = false;
}
public override bool CheckAccess(AuthorizationContext context)
{
string resource = context.Resource[0].Value;
//
// To access high value resources, the caller must have an AuthenticationMethod claim of X509.
//
if (resource.Equals(HighValueResourceUrl))
{
IClaimsPrincipal principal = context.Principal;
foreach (IClaimsIdentity identity in principal.Identities)
{
string authStrengthClaim = ClaimsUtil.GetAuthStrengthClaim(identity);
if (String.Equals(authStrengthClaim, AuthenticationMethods.X509, StringComparison.Ordinal))
{
//
// Found X509 authentication claim. Return true.
//
return(true);
}
}
//
// No X509 authentication claim. Return false.
//
return(false);
}
else
{
//
// This is not an access to high value resources. Any set of claims is fine.
//
return(true);
}
}
