/// <summary> /// Very basic authorization filter. /// Uses hard-coded role list. /// Only checks authorization on find, identify and export, all other operations are forbidden. /// </summary> /// <param name="operationName">REST operation name</param> /// <returns>Returns true if access is allowed</returns> private bool CheckAuthorization(string operationName) { if (string.IsNullOrEmpty(operationName)) { return(true); //allow resource access } /* * By default, block access for all users. */ /* * List of roles that have access. * * Here we have defined a single list to control access for all * operations but depending on the use case we can create per operation * level lists or even read this information from an external file. */ var authorizedRoles = new HashSet <String> { "gold123", "platinum123" }; /* * List of operations we need to authorize, */ var operationsToCheckForAuthorization = new HashSet <String> { "find", "identify", "export" }; /* * Check if the user if authorized to perform the operation. * * Note: Here we are checking for all valid Map Service operations. If * you need to use this SOI for a published Image Service you need to * extend this to cover all Image Service operations. */ if (operationsToCheckForAuthorization.Contains(operationName.ToLower())) { /* * Get all roles the user belongs to. */ var userRoleSet = ServerUtilities.GetGroupInfo(ServerUtilities.GetServerEnvironment()); if (null == userRoleSet) { return(false); } //Check if user role set intersection with the authorized role set contains any elements. //In other words, if one of user's roles is authorized. return(userRoleSet.Intersect(authorizedRoles).Any()); } /* * We support only operations find, identify, export * for all other operations we do not allow access. */ return(false); }