private bool IsExpandedClaimFulfilled(IClaimsHolder issuedClaims, Claim demandedClaim) { Guard.NotNull(nameof(issuedClaims), issuedClaims); // This is a foreach loop, not LINQ, because it is called so many times. We do not want Lambda overhead, deferred // execution etc. foreach (var claim in issuedClaims.GetClaimsByValueType(demandedClaim.ValueType)) { if (claim.Type != demandedClaim.Type) { continue; } if (demandedClaim.Value == "*") { this._logger.LogTrace("Wildcard claim given, ValueType and Type match found, returning true."); return(true); } if (demandedClaim.Value.Contains(claim.Value)) { this._logger.LogTrace("Expanded claim was fulfilled, returning ClaimInspectionResult.Success."); return(true); } } if (this._logger.IsEnabled(LogLevel.Trace)) { this._logger.LogTrace("Expanded claim '[{0}, {1}, {2}]' was not fulfilled.", demandedClaim.Type, demandedClaim.Value, demandedClaim.ValueType); } return(false); }
/// <summary> /// Checks to see whether any claims the given <see cref="ClaimsPrincipal" /> has would satisfy the /// given demanded claim. /// </summary> /// <param name="userClaims">The claims the user wishes to access a resource has.</param> /// <param name="demandedClaim">The claim that has been demanded and should be checked for.</param> /// <param name="claimExpansionState">The state of expansion, which can be used to indicate expansion has /// already happened and should not happen again.</param> /// <returns>Whether the demanded claim can be fulfilled by the list of claims of the user.</returns> public bool IsDemandedClaimFulfilled(IClaimsHolder userClaims, Claim demandedClaim, ClaimExpansionState claimExpansionState) { if (demandedClaim == null) { this._logger.LogTrace("No claim demanded, returning ClaimInspectionResult.Success"); return(true); } if (claimExpansionState == ClaimExpansionState.AlreadyExpanded) { return(this.IsExpandedClaimFulfilled(userClaims, demandedClaim)); } var expandedClaim = demandedClaim; if (demandedClaim.Value == "*") { this._logger.LogTrace("Wildcard claim given, no expansion necessary."); } else if (!this._resourceKeyExpanders.Any()) { this._logger.LogTrace("No resource key expanders"); } else { expandedClaim = this.ExpandClaim(demandedClaim); } return(this.IsExpandedClaimFulfilled(userClaims, expandedClaim)); }