private bool IsValidAccess(string domainOfAccess, string privilegeLevel, string userIdentifier) { ResultCode result; //NOTE: if this class in the platform appdomain then the platform has no reference to ModuleBase and hence Module Friendly Name // Hence we construct "module friendly name" (e.g., GuiWeb, scouts) by looking at the base addresses of the service host string accessedModuleName = safeServiceHost.BaseAddresses()[0].LocalPath.Split('/').ElementAt(2); result = (ResultCode)consumer.IsValidAccess(accessedModuleName, domainOfAccess, privilegeLevel, userIdentifier); if (result == ResultCode.InSufficientPrivilege) { ThrowRejection(HttpStatusCode.Unauthorized, "Insufficient privilege of given token."); } if (result == ResultCode.InvalidUser) { ThrowRejection(HttpStatusCode.Forbidden, "User access for given user not authorized."); } if (result == ResultCode.ForbiddenAccess) { ThrowRejection(HttpStatusCode.Forbidden, "User access forbidden by policy."); } if (result == ResultCode.Allow) { return(true); } return(false); }
public static SafeServiceHost CreateServiceHost(VLogger logger, ModuleBase moduleBase, ISimplexValveControllerNotifierContract instance, string address) { SafeServiceHost service = new SafeServiceHost(logger, moduleBase, instance, address); var contract = ContractDescription.GetContract(typeof(ISimplexValveControllerNotifierContract)); var webBinding = new WebHttpBinding(); var webEndPoint = new ServiceEndpoint(contract, webBinding, new EndpointAddress(service.BaseAddresses()[0])); webEndPoint.EndpointBehaviors.Add(new WebHttpBehavior()); service.AddServiceEndpoint(webEndPoint); service.AddServiceMetadataBehavior(new ServiceMetadataBehavior()); return service; }
public SafeServiceAuthorizationManager(SafeServicePolicyDecider consumer, SafeServiceHost safeServiceHost) : base() { hostTokenResultCache = new Dictionary <string, Dictionary <DateTime, bool> >(); this.consumer = consumer; this.safeServiceHost = safeServiceHost; this.enforcePolicies = true; // stub to check if policies are not to be enforced // Assumption: if the policy is to allow every user from every domain access to every module => EnforcePolicies = false string accessedModuleName = safeServiceHost.BaseAddresses()[0].LocalPath.Split('/').ElementAt(2); if ((ResultCode)consumer.IsValidAccess(accessedModuleName, "*", "*", "*") == ResultCode.Allow) { this.enforcePolicies = false; } }
/*public static ServiceHost CreateServiceHost(ISimplexDoorjambContract instance, Uri baseAddress)*/ public static SafeServiceHost CreateServiceHost(VLogger logger, ModuleBase moduleBase, ISimplexDoorjambContract instance, string address) { SafeServiceHost service = new SafeServiceHost(logger, moduleBase, instance, address); var contract = ContractDescription.GetContract(typeof(ISimplexDoorjambContract)); var webBinding = new WebHttpBinding(); var webEndPoint = new ServiceEndpoint(contract, webBinding, new EndpointAddress(service.BaseAddresses()[0])); webEndPoint.EndpointBehaviors.Add(new WebHttpBehavior()); service.AddServiceEndpoint(webEndPoint); service.AddServiceMetadataBehavior(new ServiceMetadataBehavior()); //service.Description.Behaviors.Add(new ServiceMetadataBehavior()); //service.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex"); return service; }
public SafeServiceAuthorizationManager(SafeServicePolicyDecider consumer, SafeServiceHost safeServiceHost) : base() { hostTokenResultCache = new Dictionary<string, Dictionary<DateTime,bool>>(); this.consumer = consumer; this.safeServiceHost = safeServiceHost; this.enforcePolicies = true; // stub to check if policies are not to be enforced // Assumption: if the policy is to allow every user from every domain access to every module => EnforcePolicies = false string accessedModuleName = safeServiceHost.BaseAddresses()[0].LocalPath.Split('/').ElementAt(2); if ((ResultCode)consumer.IsValidAccess(accessedModuleName, "*", "*", "*") == ResultCode.Allow) this.enforcePolicies = false; }