/// <summary> /// Convert an <see cref="ActivityAuthorizationSection"/> into a <see cref="AuthorizationScope"/> /// </summary> /// <param name="authorizationSection"></param> /// <returns></returns> public static AuthorizationScope ToAuthorizationScope(this ActivityAuthorizationSection authorizationSection) { var scope = new AuthorizationScope(); if (authorizationSection == null) { return(scope); } var activities = new List <Activity>(); for (var i = 0; i < authorizationSection.Activities.Count; i++) { var element = authorizationSection.Activities[i]; activities.Add(element.ToActivity()); } scope.Name = authorizationSection.Name; scope.DefaultAuthorization = authorizationSection.Default; scope.DefaultActivity = authorizationSection.DefaultActivity; scope.AllowUnauthenticated = authorizationSection.DefaultAllowUnauthenticated; scope.Activities = activities; return(scope); }
/// <copydoc cref="IAuthorizationScopeProvider.AuthorizationScopeAsync" /> /// <remarks>Can potentially return duplicate <see cref="Activity"> if multiple providers supply the same activity</see></remarks> public async Task <AuthorizationScope> AuthorizationScopeAsync(CancellationToken cancellationToken = default(CancellationToken)) { var scope = new AuthorizationScope { Name = name }; // Kick them all off var tasks = providers.Select(provider => provider.AuthorizationScopeAsync(cancellationToken)).ToList(); // Wait to finish var results = await Task.WhenAll(tasks).ConfigureAwait(false); // Now aggregate them var activities = new List <Activity>(); foreach (var result in results) { if (result == null) { // Ignore if we don't get anything continue; } // Last one wins on the global properties if (!string.IsNullOrEmpty(result.DefaultActivity)) { scope.DefaultActivity = result.DefaultActivity; } if (result.DefaultAuthorization.HasValue) { scope.DefaultAuthorization = result.DefaultAuthorization; } if (result.AllowUnauthenticated.HasValue) { scope.AllowUnauthenticated = result.AllowUnauthenticated; } activities.AddRange(result.Activities); } scope.Activities = activities; return(scope); }
/// <copydoc cref="IActivityAuthorizer.IsAuthorizedAsync" /> public async Task <AuthorizationReason> IsAuthorizedAsync(string resource, string action, IPrincipal principal, IDictionary <string, object> values = null, CancellationToken cancellationToken = default(CancellationToken)) { var scope = await scopeProvider.AuthorizationScopeAsync(cancellationToken).ConfigureAwait(false); if (scope == null) { Logger.Warn("No data returned from scope provider"); scope = new AuthorizationScope { Name = "Default" }; } var activities = scope.Activities.ToDictionary(); // Get the state for this request var defaultAuthorization = scope.DefaultAuthorization ?? DefaultAuthorization; var defaultActivity = scope.DefaultActivity ?? DefaultActivity; var defaultAllowUnauthenticated = scope.AllowUnauthenticated ?? DefaultAllowUnauthenticated; // Set up the reason var reason = new AuthorizationReason { Resource = resource, Action = action, Principal = principal, // We will always make a decision at this level NoDecision = false, IsAuthorized = defaultAuthorization }; // Do a short-circuit check for the unauthenticated state, will be overridden if there is a matching activity if (!defaultAllowUnauthenticated && !principal.Identity.IsAuthenticated) { reason.IsAuthorized = false; reason.Reason = "IsAuthenticated: false"; } // Check the activities foreach (var activity in activities.FindActivities(resource, action, defaultActivity)) { var rs = principal.IsAuthorized(activity, defaultAuthorization); if (rs.NoDecision) { // Try the next one continue; } // Ok, we have a decision reason.IsAuthorized = rs.IsAuthorized; reason.Identity = rs.Identity; if (reason.Resource != rs.Resource || reason.Action != rs.Action) { // Decided based on some other activity, so say what that was reason.PrincipalReason = rs; } else { // Preserve the reason information reason.Reason = rs.Reason; } // We are done as we have a decision break; } if (!reason.IsAuthorized) { Logger.InfoFormat("Failed authorization: User '{0}', Resource: '{1}', Action: '{2}'", principal == null ? "<Unknown>" : principal.Identity.Name, resource, action); } return(reason); }
public StaticAuthorizationScopeProvider(AuthorizationScope scope) { this.scope = scope; }
public static string ToJson(this AuthorizationScope entity) { return(JsonConvert.SerializeObject(entity, AuthorizationsSettings())); }
/// <summary> /// Creates a new instance of the <see cref="ConfigurationAuthorizationScopeProvider"/> class. /// </summary> /// <param name="sectionName"></param> public ConfigurationAuthorizationScopeProvider(string sectionName = "activityAuthorization") { section = ActivitySection(sectionName); scope = section.ToAuthorizationScope(); }