コード例 #1
0
        public void Authorize(ref MessageRpc rpc)
        {
            if (TD.DispatchMessageBeforeAuthorizationIsEnabled())
            {
                TD.DispatchMessageBeforeAuthorization(rpc.EventTraceActivity);
            }

            SecurityMessageProperty security = SecurityMessageProperty.GetOrCreate(rpc.Request);

            security.ExternalAuthorizationPolicies = this.externalAuthorizationPolicies;

            ServiceAuthorizationManager serviceAuthorizationManager = this.serviceAuthorizationManager ?? DefaultServiceAuthorizationManager;
            bool      outputTiming = DS.AuthorizationIsEnabled();
            Stopwatch sw           = null;

            if (outputTiming)
            {
                sw = Stopwatch.StartNew();
            }

            try
            {
                if (!serviceAuthorizationManager.CheckAccess(rpc.OperationContext, ref rpc.Request))
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(CreateAccessDeniedFaultException());
                }

                if (outputTiming)
                {
                    DS.Authorization(this.serviceAuthorizationManager.GetType(), true, sw.Elapsed);
                }
            }
            catch (Exception ex)
            {
                if (Fx.IsFatal(ex))
                {
                    throw;
                }

                if (outputTiming)
                {
                    DS.Authorization(this.serviceAuthorizationManager.GetType(), false, sw.Elapsed);
                }

                if (PerformanceCounters.PerformanceCountersEnabled)
                {
                    PerformanceCounters.AuthorizationFailed(rpc.Operation.Name);
                }

                if (AuditLevel.Failure == (this.serviceAuthorizationAuditLevel & AuditLevel.Failure))
                {
                    try
                    {
                        string primaryIdentity;
                        string authContextId             = null;
                        AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
                        if (authContext != null)
                        {
                            primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
                            authContextId   = authContext.Id;
                        }
                        else
                        {
                            primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
                            authContextId   = "<null>";
                        }

                        SecurityAuditHelper.WriteServiceAuthorizationFailureEvent(this.auditLogLocation,
                                                                                  this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
                                                                                  primaryIdentity, authContextId,
                                                                                  serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name,
                                                                                  ex);
                    }
#pragma warning suppress 56500
                    catch (Exception auditException)
                    {
                        if (Fx.IsFatal(auditException))
                        {
                            throw;
                        }

                        DiagnosticUtility.TraceHandledException(auditException, TraceEventType.Error);
                    }
                }
                throw;
            }

            if (AuditLevel.Success == (this.serviceAuthorizationAuditLevel & AuditLevel.Success))
            {
                string primaryIdentity;
                string authContextId;
                AuthorizationContext authContext = security.ServiceSecurityContext.AuthorizationContext;
                if (authContext != null)
                {
                    primaryIdentity = SecurityUtils.GetIdentityNamesFromContext(authContext);
                    authContextId   = authContext.Id;
                }
                else
                {
                    primaryIdentity = SecurityUtils.AnonymousIdentity.Name;
                    authContextId   = "<null>";
                }

                SecurityAuditHelper.WriteServiceAuthorizationSuccessEvent(this.auditLogLocation,
                                                                          this.suppressAuditFailure, rpc.Request, rpc.Request.Headers.To, rpc.Request.Headers.Action,
                                                                          primaryIdentity, authContextId,
                                                                          serviceAuthorizationManager == DefaultServiceAuthorizationManager ? "<default>" : serviceAuthorizationManager.GetType().Name);
            }
        }