public IAsyncResult BeginCheckAccess(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
{
AsyncIteratorContext <NoResults> asyncIteratorContext = new AsyncIteratorContext <NoResults>("RealServiceManager.Authorize", callback, state);
asyncIteratorContext.Begin(this.CheckAccessImpl(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
return(asyncIteratorContext);
}
private IEnumerator <IAsyncResult> CheckAccessImpl(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <NoResults> context)
{
IAsyncResult asyncResult = this.BeginAuthorizeRequest(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, context.GetResumeCallback(), context.GetResumeState("RealServiceManager.AuthorizeImpl"));
yield return(asyncResult);
AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);
if (!authorizationResult.Authorized)
{
if (identifier == null || !identifier.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requestedPermission))
{
throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, identifier, requestedPermission, requestedSasParameters.SignedPermission, authorizationResult.FailureReason);
}
throw new SecondaryWriteNotAllowedException();
}
}
public abstract IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state);
private IEnumerator <IAsyncResult> AuthorizeRequestImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context)
{
Duration startingNow = Duration.StartingNow;
IAsyncResult asyncResult = this.BeginSharedKeyAuthorization(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, authorizationInfo, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl"));
yield return(asyncResult);
AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);
bool authorized = authorizationResult.Authorized;
if (!authorized || !(requestor is SignedAccessAccountIdentifier) && !(requestor is AccountSasAccessIdentifier))
{
context.ResultData = authorizationResult;
}
else
{
NephosAssertionException.Assert((requestor is SignedAccessAccountIdentifier ? true : requestor is AccountSasAccessIdentifier));
if (!(requestor is SignedAccessAccountIdentifier))
{
if (!(requestor is AccountSasAccessIdentifier))
{
throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if ((requestedSasParameters.SupportedSasTypes & SasType.AccountSas) != SasType.AccountSas)
{
throw new NephosUnauthorizedAccessException("Account signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if (requestedSasParameters.SignedPermission == SASPermission.None)
{
throw new ArgumentException("signedPerrmission");
}
authorizationResult = this.AuthorizeAccountSignedAccessRequest(requestor as AccountSasAccessIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters);
context.ResultData = authorizationResult;
}
else
{
if ((requestedSasParameters.SupportedSasTypes & SasType.ResourceSas) != SasType.ResourceSas)
{
throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if (requestedSasParameters.SignedPermission == SASPermission.None)
{
throw new ArgumentException("signedPerrmission");
}
authorizationResult = this.AuthorizeResourceSignedAccessRequest(requestor as SignedAccessAccountIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters.SignedPermission);
context.ResultData = authorizationResult;
}
}
}
private IEnumerator <IAsyncResult> SharedKeyAuthorizationImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel permission, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context)
{
PermissionLevel permissionLevel;
PermissionLevel permissionLevel1;
PermissionLevel permissionLevel2;
PermissionLevel permissionLevel3;
PermissionLevel permissionLevel4;
IEnumerable <IAsyncResult> asyncResults;
Duration startingNow = Duration.StartingNow;
AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure);
PermissionLevel permissionLevel5 = PermissionLevel.Read | PermissionLevel.Write | PermissionLevel.Delete | PermissionLevel.ReadAcl | PermissionLevel.WriteAcl | PermissionLevel.FullControl | PermissionLevel.Owner | PermissionLevel.ReadDelete | PermissionLevel.ReadWrite | PermissionLevel.ReadWriteDelete | PermissionLevel.WriteDelete | PermissionLevel.ReadAclWriteAcl;
if ((int)(permission & ~permissionLevel5) != 0 || (int)permission == 0)
{
throw new ArgumentException("permission", string.Format("permission is not well formed. Permission: {0}", permission));
}
if (requestor == null)
{
throw new ArgumentNullException("requestor");
}
if (!requestor.IsKeyDisabled)
{
PermissionLevel permissionLevel6 = permission & (PermissionLevel.Read | PermissionLevel.Write | PermissionLevel.Delete | PermissionLevel.ReadAcl | PermissionLevel.WriteAcl | PermissionLevel.FullControl | PermissionLevel.ReadDelete | PermissionLevel.ReadWrite | PermissionLevel.ReadWriteDelete | PermissionLevel.WriteDelete | PermissionLevel.ReadAclWriteAcl);
if (!string.IsNullOrEmpty(resourceAccount) && resourceAccount.Equals(requestor.AccountName, StringComparison.OrdinalIgnoreCase))
{
PermissionLevel permissionLevel7 = (PermissionLevel)0;
if ((permissionLevel6 & PermissionLevel.Read) == PermissionLevel.Read)
{
PermissionLevel permissionLevel8 = permissionLevel7;
if (requestor.IsReadAllowed)
{
permissionLevel4 = PermissionLevel.Read;
}
else
{
permissionLevel4 = (PermissionLevel)0;
}
permissionLevel7 = permissionLevel8 | permissionLevel4;
}
if ((permissionLevel6 & PermissionLevel.Write) == PermissionLevel.Write && requestor.IsWriteAllowed)
{
permissionLevel7 |= PermissionLevel.Write;
}
if ((permissionLevel6 & PermissionLevel.Delete) == PermissionLevel.Delete)
{
PermissionLevel permissionLevel9 = permissionLevel7;
if (requestor.IsDeleteAllowed)
{
permissionLevel3 = PermissionLevel.Delete;
}
else
{
permissionLevel3 = (PermissionLevel)0;
}
permissionLevel7 = permissionLevel9 | permissionLevel3;
}
if ((permissionLevel6 & PermissionLevel.FullControl) == PermissionLevel.FullControl)
{
PermissionLevel permissionLevel10 = permissionLevel7;
if (requestor.IsFullControlAllowed)
{
permissionLevel2 = PermissionLevel.FullControl;
}
else
{
permissionLevel2 = (PermissionLevel)0;
}
permissionLevel7 = permissionLevel10 | permissionLevel2;
}
if ((permissionLevel6 & PermissionLevel.ReadAcl) == PermissionLevel.ReadAcl)
{
PermissionLevel permissionLevel11 = permissionLevel7;
if (requestor.IsReadAllowed)
{
permissionLevel1 = PermissionLevel.ReadAcl;
}
else
{
permissionLevel1 = (PermissionLevel)0;
}
permissionLevel7 = permissionLevel11 | permissionLevel1;
}
if ((permissionLevel6 & PermissionLevel.WriteAcl) == PermissionLevel.WriteAcl)
{
PermissionLevel permissionLevel12 = permissionLevel7;
if (requestor.IsWriteAllowed)
{
permissionLevel = PermissionLevel.WriteAcl;
}
else
{
permissionLevel = (PermissionLevel)0;
}
permissionLevel7 = permissionLevel12 | permissionLevel;
}
if (permissionLevel7 != permissionLevel6)
{
authorizationResult.FailureReason = AuthorizationFailureReason.PermissionMismatch;
authorizationResult.Authorized = false;
}
else
{
authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable;
authorizationResult.Authorized = true;
}
context.ResultData = authorizationResult;
}
else if (!this.checkResourceAcl)
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
else if (!this.PublicAccessEnabled)
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
else if ((permission & PermissionLevel.Owner) == PermissionLevel.Owner)
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
else if (permissionLevel6 != PermissionLevel.Read)
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
else if (!string.IsNullOrEmpty(resourceContainer) || !string.IsNullOrEmpty(resourceIdentifier))
{
try
{
asyncResults = this.AuthorizePublicAccess(context, authorizationResult, this.storageManager, resourceAccount, resourceContainer, resourceIdentifier, requestor, permission, startingNow, timeout);
}
catch (Exception exception1)
{
Exception exception = exception1;
Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Can't authorize public access using ACL");
throw exception;
}
foreach (IAsyncResult asyncResult in asyncResults)
{
yield return(asyncResult);
}
}
else
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
}
else
{
authorizationResult.FailureReason = AuthorizationFailureReason.KeyDisabled;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
}
protected internal IAsyncResult BeginSharedKeyAuthorization(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel permission, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
{
AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state);
asyncIteratorContext.Begin(this.SharedKeyAuthorizationImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, permission, authorizationInfo, timeout, asyncIteratorContext));
return(asyncIteratorContext);
}
public override IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
{
AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state);
asyncIteratorContext.Begin(this.AuthorizeRequestImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
return(asyncIteratorContext);
}
