/// <summary>
/// Demand the permission
/// </summary>
public void Demand()
{
var pdp = ApplicationContext.Current.GetService <IPolicyDecisionService>();
var principal = this.m_principal ?? AuthenticationContext.Current.Principal;
// Non system principals must be authenticated
if (!principal.Identity.IsAuthenticated &&
principal != AuthenticationContext.SystemPrincipal)
{
throw new PolicyViolationException(this.m_policyId, PolicyDecisionOutcomeType.Deny);
}
PolicyDecisionOutcomeType action = PolicyDecisionOutcomeType.Deny;
if (pdp == null) // No way to verify
{
action = PolicyDecisionOutcomeType.Deny;
}
else if (pdp != null)
{
action = pdp.GetPolicyOutcome(principal, this.m_policyId);
}
this.m_traceSource.TraceInformation("Policy Enforce: {0}({1}) = {2}", principal?.Identity?.Name, this.m_policyId, action);
if (action != PolicyDecisionOutcomeType.Grant)
{
throw new PolicyViolationException(this.m_policyId, action);
}
}
/// <summary>
/// Creates a new instance of the policy violation
/// </summary>
public PolicyViolationException(String policyId, PolicyDecisionOutcomeType outcome)
{
if (policyId == null)
{
throw new ArgumentNullException(nameof(policyId));
}
this.PolicyId = policyId;
this.PolicyDecision = outcome;
}
/// <summary>
/// Creates a new instance of the policy violation exception
/// </summary>
public PolicyViolationException(IPolicy policy, PolicyDecisionOutcomeType outcome)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
this.Policy = policy;
this.PolicyId = policy.Oid;
this.PolicyDecision = outcome;
}
/// <summary>
/// Creates a new policy decision outcome
/// </summary>
public PolicyDecisionDetail(String policyId, PolicyDecisionOutcomeType outcome)
{
this.PolicyId = policyId;
this.Outcome = outcome;
}
