private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity) { List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>; if (identities.Count == 0) throw new SecurityException("Authorization failed, identity missing from evaluation context."); identity = new CustomIdentity(identities[0].Name); // TODO: check identity against credential store and // determine the appropriate claims to allocate // NOTE: in this sample, only partner certificates are provided, // and at this point have passed authorization, so we will grant // all custom claims List<Claim> listClaims = new List<Claim>(); listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty)); return new DefaultClaimSet(this.m_issuer, listClaims); }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get claims from authorized issuer ClaimSet issuedClaims = null; foreach (ClaimSet cs in evaluationContext.ClaimSets) { // If the issuer of the ClaimSet is this STS... if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey"))) { issuedClaims = cs; } } if (issuedClaims == null) { throw new SecurityException("Unable to authenticate caller. Invalid claimset provided."); } CustomIdentity identity = new CustomIdentity("Claims"); CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims); evaluationContext.Properties["Principal"] = newPrincipal; return true; }