public bool Evaluate(System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state) { bool retValue = false; var identitiesList = evaluationContext.Properties["Identities"] as List <System.Security.Principal.IIdentity>; if (identitiesList != null && identitiesList.Count > 0) { System.Security.Principal.IIdentity identity = identitiesList.First(); string name = identity.Name.Split(';').First(); string[] roles = null; if (AuthorizationForUser.ContainsKey(name)) { roles = AuthorizationForUser[name]; } evaluationContext.Properties["Principal"] = new System.Security.Principal.GenericPrincipal( identity, roles); retValue = true; } return(retValue); }
// this method gets called after the authentication stage, // Evaluates whether a user meets the requirements for this authorization policy. // 把用户可以访问的函数关联到用户,即给用户添加某些权限 public bool Evaluate(System.IdentityModel.Policy.EvaluationContext evaluationContext, ref object state) { //Return Value //Type: System.Boolean //false if the Evaluate method for this authorization policy must be called if additional claims are added by other authorization policies to evaluationContext; //otherwise, true to state no additional evaluation is required by this authorization policy. //如果其他策略把另外的claims加到evaluationContext中时,必须调用此授权策略的Evaluate函数,则返回false; //否则,如果要声明此授权策略不需要另外的评估,返回true if (null == state) { state = false; } bool hasAddedClaims = (bool)state; if (hasAddedClaims) { return(true); } IList <Claim> claims = new List <Claim>(); foreach (ClaimSet claimSet in evaluationContext.ClaimSets) { foreach (Claim claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty)) { string userName = (string)claim.Resource; if (userName.Contains('\\')) { userName = userName.Split('\\')[1]; if (string.Compare("Foo", userName, true) == 0) { claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfAdd, Rights.PossessProperty)); claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfSubtract, Rights.PossessProperty)); } if (string.Compare("Bar", userName, true) == 0) { claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfMultiply, Rights.PossessProperty)); claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfDivide, Rights.PossessProperty)); } } } } evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims)); state = true; return(true); }