/// <summary>
/// Determines whether the current user is authorized or not given the specified context.
/// </summary>
/// <param name="context">The context or rule to be authorized.</param>
/// <returns><see langword="true"/> if the current user is authorized; otherwise <see langword="false"/>.</returns>
public bool IsAuthorized(string context)
{
try
{
return(_authorizationProvider.Authorize(Thread.CurrentPrincipal, context));
}
catch (InvalidOperationException)
{
return(true);
}
}
public async Task <HttpServerResponse> HandleRequest(IHttpServerRequest request)
{
if (request.Method != HttpMethod.GET)
{
return(GetMethodNotAllowedResponse(request.Method));
}
if (_authenticationProvider != null) // if you pass an IAuthenticationProvider, it will be used to check every request in this handler
{
var authResult = _authenticationProvider.Authorize(request);
if (authResult == HttpResponseStatus.Unauthorized)
{
return(GetUnauthorizedResponse(_authenticationProvider.Realm));
}
}
var localFilePath = GetFilePath(request.Uri);
var absoluteFilePath = GetAbsoluteFilePath(localFilePath);
// todo: add validation for invalid path characters / invalid filename characters
IFile item;
try
{
item = await _fileSystem.GetFileFromPathAsync(absoluteFilePath);
}
catch (FileNotFoundException)
{
return(GetFileNotFoundResponse(localFilePath));
}
return(await GetHttpResponse(item));
}
public void FactoryTest()
{
AuthorizationProviderFactory factory = new AuthorizationProviderFactory(ConfigurationSourceFactory.Create());
IAuthorizationProvider ruleProvider = factory.Create("RuleProvider");
Assert.IsTrue(ruleProvider.Authorize(principal, testRuleName));
}
public void FactoryTest()
{
AuthorizationProviderFactory factory = new AuthorizationProviderFactory(context);
IAuthorizationProvider ruleProvider = factory.GetAuthorizationProvider("RuleProvider");
Assert.IsTrue(ruleProvider.Authorize(this.principal, testRuleName));
}
/// <summary>
/// Determines whether the specified user satisfies rules.
/// </summary>
/// <param name="rules">The rules.</param>
/// <param name="user">The user.</param>
/// <returns>
/// <c>true</c> if the specified rules has rules; otherwise, <c>false</c>.
/// </returns>
protected static bool HasRules(string[] rules, IPrincipal user)
{
bool returnValue = true;
//check some rules have been passed
if (rules != null)
{
foreach (string rule in rules)
{
//check the user against each rule
try
{
if (!GetRuleProvider.Authorize(user, rule))
{
//if the user does not satisfy one of the rules then return a false
returnValue = false;
break;
}
}
catch
{
returnValue = false;
break;
}
}
}
return(returnValue);
}
public void AuthorizedTaskWithoutData()
{
IAuthorizationProvider azManProvider = AuthorizationFactory.GetAuthorizationProvider();
bool res = azManProvider.Authorize(cryptographyProviderCollection, authorizedTask);
Assert.IsTrue(res);
}
public bool IsAuthorized(string securityContext)
{
IAuthorizationProvider ruleProvider = AuthorizationFactory.GetAuthorizationProvider("MyAuthorizationProvider");
//bool ret = ruleProvider.Authorize(LocalUserManager.GetThreadPrinciple(), securityContext);
bool ret = ruleProvider.Authorize(LocalUserManager.GetCurrentPrinciple(), securityContext);
return(ret);
}
public static bool IsCurrentUserAuthorized()
{
IAuthorizationProvider authorizeProvider =
AuthorizationFactory.GetAuthorizationProvider("RuleProvider");
bool authorized = authorizeProvider.Authorize(System.Threading.Thread.CurrentPrincipal, "ConfigSystem");
return(authorized);
}
public bool userAuthorized(string rule)
{
bool authorized = false;
IAuthorizationProvider authorProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider");
authorized = authorProvider.Authorize(Thread.CurrentPrincipal, rule);
return(authorized);
}
public void CanCreateAuthorizationRuleProvider()
{
IAuthorizationProvider createdObject = EnterpriseLibraryContainer.Current.GetInstance <IAuthorizationProvider>("RuleProvider");
Assert.IsNotNull(createdObject);
Assert.IsInstanceOfType(createdObject, typeof(AuthorizationRuleProvider));
Assert.IsTrue(
createdObject.Authorize(
new GenericPrincipal(new GenericIdentity("TestUser"), new string[] { "Admin" }),
"rule1"));
}
protected void Authorize(string taskName)
{
// _authorizationProvider = AuthorizationFactory.GetAuthorizationProvider(Constants.Authorization_Provider);
if (!_authorizationProvider.Authorize(Thread.CurrentPrincipal, taskName))
{
ExceptionFactory.BusinessEntityException
.Wrap <SecurityException>()
.Add.Message(taskName + "User not Authorized for the Task : {0}")
.Add.Arguments(this)
.Raise();
}
}
public bool CanExecute(string action, WorkItem context, object caller, object target)
{
try
{
return(_authzProvider.Authorize(Thread.CurrentPrincipal, action));
}
catch (InvalidOperationException)
{
// rule (action) not found
return(true);
}
}
/// <summary>
/// Performs the operation of the handler.
/// </summary>
/// <param name="input">Input to the method call.</param>
/// <param name="getNext">Delegate used to get the next delegate in the call handler pipeline.</param>
/// <returns>Returns value from the target method, or an <see cref="UnauthorizedAccessException"/>
/// if the call fails the authorization check.</returns>
public IMethodReturn Invoke(IMethodInvocation input, GetNextHandlerDelegate getNext)
{
IAuthorizationProvider authProvider = GetAuthorizationProvider();
ReplacementFormatter formatter = new MethodInvocationFormatter(input);
if (!authProvider.Authorize(Thread.CurrentPrincipal, formatter.Format(operationName)))
{
UnauthorizedAccessException unauthorizedExeption = new UnauthorizedAccessException(Resources.AuthorizationFailed);
return(input.CreateExceptionMethodReturn(unauthorizedExeption));
}
return(getNext().Invoke(input, getNext));
}
public static bool Authorized(string rule)
{
bool authorized = false;
// TODO: Check rule-base authorization
// No parameter passed to GetInstance method as
// we'll set the Default Authorization Instance in App.config.
IAuthorizationProvider ruleProvider = EnterpriseLibraryContainer.Current.GetInstance <IAuthorizationProvider>();
authorized = ruleProvider.Authorize(Thread.CurrentPrincipal, rule);
return(authorized);
}
public bool IsAuthorized(string Username, string rule)
{
try
{
string[] roles = Roles.GetRolesForUser(Username);
IPrincipal principal = new GenericPrincipal(new GenericIdentity(Username), roles);
IAuthorizationProvider ruleProvider = AuthorizationFactory.GetAuthorizationProvider("RuleProvider");
return(ruleProvider.Authorize(principal, rule));
}
catch (Exception err)
{
MMDBLogFile.Log(err);
return(false);
}
}
/// <summary>
/// Demand method is called at runtime when a caller is trying to access
/// resource that is marked with SAFSecurityAttribute.
/// </summary>
public void Demand()
{
//obtain the information about the denied and allowed roles
//information from configuraiton file
ConfigurationManager cm = (ConfigurationManager)ConfigurationSettings.GetConfig("Framework");
AuthorizationConfiguration ac = cm.AuthorizationConfig;
string[] allowedRoles = ac.AllowedRoles(Name);
string[] deniedRoles = ac.DeniedRoles(Name);
//create the IAuthorizationProvider object which is responsible
//for verify if the call is permitted or denied based on the
//allowed role and denied role information.
IAuthorizationProvider ap = (IAuthorizationProvider)ac.GetAuthorizationProvider(Name);
ap.Authorize(allowedRoles, deniedRoles);
}
public static void LogIn(NetworkCredential credential)
{
SecurityPrincipal principal = authenticationProvider.Authenticate(credential);
if (principal == null || (!(principal.SecurityIdentity.IsAuthenticated)))
{
throw new SecurityException("User, " + credential.UserName + ", could not be authenticated.");
}
if (setThreadPrincipal)
{
System.Threading.Thread.CurrentPrincipal = principal;
}
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
principal.Profile = authorizationProvider.Authorize(principal);
contextStoreProvider.SetPrincipal(principal);
}
internal async Task <IRestResponse> HandleRequestAsync(RestServerRequest req, IAuthorizationProvider authorizationProvider)
{
if (!req.HttpServerRequest.IsComplete ||
req.HttpServerRequest.Method == HttpMethod.Unsupported)
{
return(_responseFactory.CreateBadRequest());
}
ParsedUri parsedUri;
var incomingUriAsString = req.HttpServerRequest.Uri.ToRelativeString();
if (!_uriParser.TryParse(incomingUriAsString, out parsedUri))
{
throw new Exception($"Could not parse uri: {incomingUriAsString}");
}
var restMethods = _restMethodCollection.Where(r => r.Match(parsedUri)).ToList();
if (!restMethods.Any())
{
return(_responseFactory.CreateBadRequest());
}
var restMethod = restMethods.FirstOrDefault(r => r.Verb == req.HttpServerRequest.Method);
if (restMethod == null)
{
return(new MethodNotAllowedResponse(restMethods.Select(r => r.Verb)));
}
// check if authentication is required
AuthorizeAttribute authAttribute = null;
// first check on controller level
if (restMethod.MethodInfo.DeclaringType.GetTypeInfo().IsDefined(typeof(AuthorizeAttribute)))
{
authAttribute = restMethod.MethodInfo.DeclaringType.GetTypeInfo().GetCustomAttributes <AuthorizeAttribute>().Single();
}
// otherwise check on method level
else if (restMethod.MethodInfo.IsDefined(typeof(AuthorizeAttribute)))
{
authAttribute = restMethod.MethodInfo.GetCustomAttributes <AuthorizeAttribute>().Single();
}
if (authAttribute != null) // need to check authentication
{
if (authorizationProvider == null)
{
_log.Error("HandleRequestAsync|AuthenticationProvider not configured");
return(_responseFactory.CreateInternalServerError());
}
var authResult = authorizationProvider.Authorize(req.HttpServerRequest);
if (authResult == HttpResponseStatus.Unauthorized)
{
return(_responseFactory.CreateWwwAuthenticate(authorizationProvider.Realm));
}
}
var restMethodExecutor = _methodExecuteFactory.Create(restMethod);
try
{
return(await restMethodExecutor.ExecuteMethodAsync(restMethod, req, parsedUri));
}
catch
{
return(_responseFactory.CreateBadRequest());
}
}