public void WriteXmlNoAssertionsOrIDs ()
{
SamlEvidence a = new SamlEvidence ();
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
a.WriteXml (dw, new SamlSerializer (), null);
}
}
public SamlAuthorizationDecisionStatement(
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable <SamlAction> samlActions,
SamlEvidence samlEvidence)
: this(samlSubject, resource, accessDecision, samlActions)
{
evidence = samlEvidence;
}
public SamlAuthorizationDecisionStatement (
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable<SamlAction> samlActions,
SamlEvidence samlEvidence)
: this (samlSubject, resource, accessDecision, samlActions)
{
evidence = samlEvidence;
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
{
this.actions = new ImmutableCollection<SamlAction>();
if (samlActions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
}
foreach (SamlAction action in samlActions)
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
}
this.actions.Add(action);
}
this.evidence = samlEvidence;
this.accessDecision = accessDecision;
this.resource = resource;
this.CheckObjectValidity();
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
{
this.actions = new ImmutableCollection <SamlAction>();
if (samlActions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
}
foreach (SamlAction action in samlActions)
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
}
this.actions.Add(action);
}
this.evidence = samlEvidence;
this.accessDecision = accessDecision;
this.resource = resource;
this.CheckObjectValidity();
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(samlDictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
}
string attribute = reader.GetAttribute(samlDictionary.Decision, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
}
if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
this.accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
}
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
while (reader.IsStartElement())
{
if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
{
SamlAction item = new SamlAction();
item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(item);
}
else
{
if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
}
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public void WriteXml1 ()
{
SamlEvidence a = new SamlEvidence ();
a.AssertionIdReferences.Add ("myref");
StringWriter sw = new StringWriter ();
using (XmlDictionaryWriter dw = CreateWriter (sw)) {
a.WriteXml (dw, new SamlSerializer (), null);
}
Assert.AreEqual (String.Format ("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace), sw.ToString ());
}
public void ReadXml1 ()
{
SamlSerializer ser = new SamlSerializer ();
string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader (xml);
reader.MoveToContent ();
SamlEvidence s = new SamlEvidence ();
s.ReadXml (reader, ser, null, null);
Assert.AreEqual (1, s.AssertionIdReferences.Count, "#1");
Assert.AreEqual ("myref", s.AssertionIdReferences [0], "#2");
}
public void ReadXmlExternalContent ()
{
SamlSerializer ser = new SamlSerializer ();
string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><external-element /><saml:AssertionIDReference>myref</saml:AssertionIDReference></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader (xml);
reader.MoveToContent ();
SamlEvidence s = new SamlEvidence ();
s.ReadXml (reader, ser, null, null);
}
public override void ReadXml (XmlDictionaryReader reader,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoSerializer,
SecurityTokenResolver resolver)
{
if (reader == null)
throw new ArgumentNullException ("reader");
if (samlSerializer == null)
throw new ArgumentNullException ("samlSerializer");
string decision = reader.GetAttribute ("Decision");
switch (decision) {
case "Permit":
AccessDecision = SamlAccessDecision.Permit;
break;
case "Deny":
AccessDecision = SamlAccessDecision.Deny;
break;
case "Indeterminate":
AccessDecision = SamlAccessDecision.Indeterminate;
break;
default:
throw new SecurityTokenException (String.Format ("AccessDecision value is wrong: {0}", decision));
}
Resource = reader.GetAttribute ("Resource");
reader.ReadStartElement ("AuthorizationDecisionStatement", SamlConstants.Namespace);
reader.MoveToContent ();
SamlSubject = new SamlSubject ();
SamlSubject.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
SamlActions.Clear ();
for (reader.MoveToContent ();
reader.LocalName == "Action" &&
reader.NamespaceURI == SamlConstants.Namespace;
reader.MoveToContent ()) {
SamlAction action = new SamlAction ();
action.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
SamlActions.Add (action);
}
if (reader.LocalName == "Evidence" &&
reader.NamespaceURI == SamlConstants.Namespace) {
Evidence = new SamlEvidence ();
Evidence.ReadXml (reader, samlSerializer, keyInfoSerializer, resolver);
reader.MoveToContent ();
}
reader.ReadEndElement ();
// verify contents
if (SamlActions.Count == 0)
throw new SecurityTokenException ("SAML AuthorizationDecisionStatement must contain at least one Action.");
if (SamlSubject == null)
throw new SecurityTokenException ("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
if (Resource == null || Resource.Length == 0)
throw new SecurityTokenException ("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
}
public override void ReadXml(XmlDictionaryReader reader,
SamlSerializer samlSerializer,
SecurityTokenSerializer keyInfoSerializer,
SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw new ArgumentNullException("reader");
}
if (samlSerializer == null)
{
throw new ArgumentNullException("samlSerializer");
}
string decision = reader.GetAttribute("Decision");
switch (decision)
{
case "Permit":
AccessDecision = SamlAccessDecision.Permit;
break;
case "Deny":
AccessDecision = SamlAccessDecision.Deny;
break;
case "Indeterminate":
AccessDecision = SamlAccessDecision.Indeterminate;
break;
default:
throw new SecurityTokenException(String.Format("AccessDecision value is wrong: {0}", decision));
}
Resource = reader.GetAttribute("Resource");
reader.ReadStartElement("AuthorizationDecisionStatement", SamlConstants.Namespace);
reader.MoveToContent();
SamlSubject = new SamlSubject();
SamlSubject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
SamlActions.Clear();
for (reader.MoveToContent();
reader.LocalName == "Action" &&
reader.NamespaceURI == SamlConstants.Namespace;
reader.MoveToContent())
{
SamlAction action = new SamlAction();
action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
SamlActions.Add(action);
}
if (reader.LocalName == "Evidence" &&
reader.NamespaceURI == SamlConstants.Namespace)
{
Evidence = new SamlEvidence();
Evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
reader.MoveToContent();
}
reader.ReadEndElement();
// verify contents
if (SamlActions.Count == 0)
{
throw new SecurityTokenException("SAML AuthorizationDecisionStatement must contain at least one Action.");
}
if (SamlSubject == null)
{
throw new SecurityTokenException("SAML Subject must be set to SAML AuthorizationDecisionStatement before being written.");
}
if (Resource == null || Resource.Length == 0)
{
throw new SecurityTokenException("non-zero string must be set to Resource on SAML AuthorizationDecisionStatement.");
}
}
/// <summary>
/// Serializes a given SamlEvidence.
/// </summary>
/// <param name="writer">XmlWriter to serialize the SamlEvidence.</param>
/// <param name="evidence">SamlEvidence to be serialized.</param>
/// <exception cref="ArgumentNullException">The input parameter 'evidence' is null.</exception>
protected virtual void WriteEvidence(XmlWriter writer, SamlEvidence evidence)
{
if (writer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("writer");
}
if (evidence == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("evidence");
}
writer.WriteStartElement(SamlConstants.Prefix, SamlConstants.ElementNames.Evidence, SamlConstants.Namespace);
for (int i = 0; i < evidence.AssertionIdReferences.Count; i++)
{
writer.WriteElementString(SamlConstants.Prefix, SamlConstants.ElementNames.AssertionIdReference, SamlConstants.Namespace, evidence.AssertionIdReferences[i]);
}
for (int i = 0; i < evidence.Assertions.Count; i++)
{
WriteAssertion(writer, evidence.Assertions[i]);
}
writer.WriteEndElement();
}
/// <summary>
/// Read the saml:Evidence element.
/// </summary>
/// <param name="reader">XmlReader positioned at saml:Evidence element.</param>
/// <returns>SamlEvidence</returns>
/// <exception cref="ArgumentNullException">The input parameter 'reader' is null.</exception>
/// <exception cref="XmlException">The XmlReader is not positioned at a saml:Evidence element or
/// the element contains unrecognized or invalid child elements.</exception>
protected virtual SamlEvidence ReadEvidence(XmlReader reader)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("reader");
}
if (!reader.IsStartElement(SamlConstants.ElementNames.Evidence, SamlConstants.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new XmlException(SR.GetString(SR.ID4082, SamlConstants.ElementNames.Evidence, SamlConstants.Namespace, reader.LocalName, reader.NamespaceURI)));
}
SamlEvidence evidence = new SamlEvidence();
reader.ReadStartElement();
while (reader.IsStartElement())
{
if (reader.IsStartElement(SamlConstants.ElementNames.AssertionIdReference, SamlConstants.Namespace))
{
evidence.AssertionIdReferences.Add(reader.ReadElementString());
}
else if (reader.IsStartElement(SamlConstants.ElementNames.Assertion, SamlConstants.Namespace))
{
evidence.Assertions.Add(ReadAssertion(reader));
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4210, reader.LocalName, reader.NamespaceURI)));
}
}
if ((evidence.AssertionIdReferences.Count == 0) && (evidence.Assertions.Count == 0))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.ID4211)));
}
reader.MoveToContent();
reader.ReadEndElement();
return evidence;
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(dictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
}
string decisionString = reader.GetAttribute(dictionary.Decision, null);
if (string.IsNullOrEmpty(decisionString))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
}
if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
SamlAction action = new SamlAction();
action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(action);
}
else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
{
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public void ReadXmlBadContent ()
{
SamlSerializer ser = new SamlSerializer ();
string xml = String.Format ("<saml:Evidence xmlns:saml=\"{0}\"><saml:DoNotCacheCondition /></saml:Evidence>", SamlConstants.Namespace);
XmlDictionaryReader reader = CreateReader (xml);
reader.MoveToContent ();
SamlEvidence s = new SamlEvidence ();
s.ReadXml (reader, ser, null, null);
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(samlDictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
}
string attribute = reader.GetAttribute(samlDictionary.Decision, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
}
if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
this.accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
}
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
while (reader.IsStartElement())
{
if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
{
SamlAction item = new SamlAction();
item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(item);
}
else
{
if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
}
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(dictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
string decisionString = reader.GetAttribute(dictionary.Decision, null);
if (string.IsNullOrEmpty(decisionString))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
this.accessDecision = SamlAccessDecision.Deny;
else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
this.accessDecision = SamlAccessDecision.Permit;
else
accessDecision = SamlAccessDecision.Indeterminate;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
SamlAction action = new SamlAction();
action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(action);
}
else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
{
if (this.evidence != null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
}
if (this.actions.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
reader.MoveToContent();
reader.ReadEndElement();
}