/// <summary>
/// Very basic authorization filter.
/// Uses hard-coded role list.
/// Only checks authorization on find, identify and export, all other operations are forbidden.
/// </summary>
/// <param name="operationName">REST operation name</param>
/// <returns>Returns true if access is allowed</returns>
private bool CheckAuthorization(string operationName)
{
if (string.IsNullOrEmpty(operationName))
{
return(true); //allow resource access
}
/*
* By default, block access for all users.
*/
/*
* List of roles that have access.
*
* Here we have defined a single list to control access for all
* operations but depending on the use case we can create per operation
* level lists or even read this information from an external file.
*/
var authorizedRoles = new HashSet <String>
{
"gold123",
"platinum123"
};
/*
* List of operations we need to authorize,
*/
var operationsToCheckForAuthorization = new HashSet <String>
{
"find",
"identify",
"export"
};
/*
* Check if the user if authorized to perform the operation.
*
* Note: Here we are checking for all valid Map Service operations. If
* you need to use this SOI for a published Image Service you need to
* extend this to cover all Image Service operations.
*/
if (operationsToCheckForAuthorization.Contains(operationName.ToLower()))
{
/*
* Get all roles the user belongs to.
*/
var userRoleSet = ServerUtilities.GetGroupInfo(ServerUtilities.GetServerEnvironment());
if (null == userRoleSet)
{
return(false);
}
//Check if user role set intersection with the authorized role set contains any elements.
//In other words, if one of user's roles is authorized.
return(userRoleSet.Intersect(authorizedRoles).Any());
}
/*
* We support only operations find, identify, export
* for all other operations we do not allow access.
*/
return(false);
}
