internal static ReadOnlyCollection <IAuthorizationPolicy> CreatePrincipalNameAuthorizationPolicies(string principalName) { if (principalName == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("principalName"); } Claim identityClaim; Claim primaryPrincipal; if (principalName.Contains("@") || principalName.Contains(@"\")) { identityClaim = new Claim(ClaimTypes.Upn, principalName, Rights.Identity); #if SUPPORTS_WINDOWSIDENTITY primaryPrincipal = Claim.CreateUpnClaim(principalName); #else throw ExceptionHelper.PlatformNotSupported("UPN claim not supported"); #endif // SUPPORTS_WINDOWSIDENTITY } else { identityClaim = new Claim(ClaimTypes.Spn, principalName, Rights.Identity); primaryPrincipal = Claim.CreateSpnClaim(principalName); } List <Claim> claims = new List <Claim>(2); claims.Add(identityClaim); claims.Add(primaryPrincipal); List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1); policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(principalName), new DefaultClaimSet(ClaimSet.Anonymous, claims))); return(policies.AsReadOnly()); }
static IIdentity DeserializePrimaryIdentity(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer) { IIdentity identity = null; if (reader.IsStartElement(dictionary.PrimaryIdentity, dictionary.EmptyString)) { reader.ReadStartElement(); if (reader.IsStartElement(dictionary.WindowsSidIdentity, dictionary.EmptyString)) { SecurityIdentifier sid = ReadSidAttribute(reader, dictionary); string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString); reader.ReadStartElement(); string name = reader.ReadContentAsString(); identity = new WindowsSidIdentity(sid, name, authenticationType ?? String.Empty); reader.ReadEndElement(); } else if (reader.IsStartElement(dictionary.GenericIdentity, dictionary.EmptyString)) { string authenticationType = reader.GetAttribute(dictionary.AuthenticationType, dictionary.EmptyString); reader.ReadStartElement(); string name = reader.ReadContentAsString(); identity = SecurityUtils.CreateIdentity(name, authenticationType ?? String.Empty); reader.ReadEndElement(); } else { identity = (IIdentity)serializer.ReadObject(reader); } reader.ReadEndElement(); } return(identity); }
// // Modeled after WCF's CoreFederatedTokenProvider.GetServiceAuthorizationPolicies // static ReadOnlyCollection <IAuthorizationPolicy> GetServiceAuthorizationPolicies(EndpointIdentity endpointIdentity) { if (endpointIdentity != null) { List <Claim> claims = new List <Claim>(1); claims.Add(endpointIdentity.IdentityClaim); List <IAuthorizationPolicy> policies = new List <IAuthorizationPolicy>(1); policies.Add(new UnconditionalPolicy(SecurityUtils.CreateIdentity(endpointIdentity.IdentityClaim.Resource.ToString()), new DefaultClaimSet(ClaimSet.System, claims))); return(policies.AsReadOnly()); } else { return(EmptyReadOnlyCollection <IAuthorizationPolicy> .Instance); } }