public override void ExecuteCmdlet()
{
var options = new FilterDenyAssignmentsOptions()
{
DenyAssignmentId = Id,
DenyAssignmentName = DenyAssignmentName,
Scope = Scope,
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId?.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
ExcludeAssignmentsForDeletedPrincipals = false
};
AuthorizationClient.ValidateScope(options.Scope, true);
List <PSDenyAssignment> denyAssignments = PoliciesClient.FilterDenyAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString());
WriteObject(denyAssignments, enumerateCollection: true);
}
public ReservationManager()
{
_reservationServices = new ReservationServices();
_sessionServices = new SessionService();
_authorizationClient = new AuthorizationClient();
_loggerService = new LoggerService();
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
},
ExpandPrincipalGroups = ExpandPrincipalGroups.IsPresent,
IncludeClassicAdministrators = IncludeClassicAdministrators.IsPresent,
ExcludeAssignmentsForDeletedPrincipals = true
};
AuthorizationClient.ValidateScope(options.Scope, true);
List <PSRoleAssignment> ra = PoliciesClient.FilterRoleAssignments(options, DefaultProfile.DefaultContext.Subscription.Id.ToString());
WriteObject(ra, enumerateCollection: true);
}
private static void AddPermissionToRole(string permission, string role)
{
var permissionItem = ParseAuthorizationItem(permission);
var roleItem = ParseAuthorizationItem(role);
dynamic roleFromApi;
dynamic permissionFromApi;
using (var authClient = new AuthorizationClient(HttpClientFactory))
{
authClient.SetAccessToken(GetToken("fabric/authorization.read"));
roleFromApi = authClient.GetRole(roleItem.Grain, roleItem.SecurableItem, roleItem.Name).Result;
System.Console.WriteLine(JsonConvert.SerializeObject(roleFromApi, Formatting.Indented));
permissionFromApi = authClient
.GetPermission(permissionItem.Grain, permissionItem.SecurableItem, permissionItem.Name).Result;
System.Console.WriteLine(JsonConvert.SerializeObject(permissionFromApi, Formatting.Indented));
}
using (var authClient = new AuthorizationClient(HttpClientFactory))
{
authClient.SetAccessToken(GetToken("fabric/authorization.write"));
var result = authClient.AddPermissionToRole(permissionFromApi[0], roleFromApi[0]).Result;
System.Console.WriteLine(result ? "success!" : "Failure");
}
}
public override void ExecuteCmdlet()
{
PSRoleDefinition role = null;
if (!string.IsNullOrEmpty(InputFile))
{
string fileName = this.TryResolvePath(InputFile);
if (!(new FileInfo(fileName)).Exists)
{
throw new PSArgumentException(string.Format("File {0} does not exist", fileName));
}
try
{
role = JsonConvert.DeserializeObject <PSRoleDefinition>(File.ReadAllText(fileName));
}
catch (JsonException)
{
WriteVerbose("Deserializing the input role definition failed.");
throw;
}
}
else
{
role = Role;
}
foreach (var scope in role.AssignableScopes)
{
AuthorizationClient.ValidateScope(scope, false);
}
WriteObject(PoliciesClient.CreateRoleDefinition(role, RoleDefinitionId));
}
public override void ExecuteCmdlet()
{
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
CustomOnly = Custom.IsPresent ? true : false,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id?.ToString()
},
RoleDefinitionId = Id,
RoleDefinitionName = Name,
};
if (options.Scope == null && options.ResourceIdentifier.Subscription == null)
{
WriteTerminatingError("No subscription was found in the default profile and no scope was specified. Either specify a scope or use a tenant with a subscription to run the command.");
}
AuthorizationClient.ValidateScope(options.Scope, true);
IEnumerable <PSRoleDefinition> filteredRoleDefinitions = PoliciesClient.FilterRoleDefinitions(options);
if (filteredRoleDefinitions?.Count() == 0)
{
WriteWarning("No role definitions were found with those conditions.");
WriteWarning("If the role was created recently keep in mind there's a slight delay between creation and public view.");
WriteWarning("Please try again later.");
}
else
{
WriteObject(filteredRoleDefinitions, enumerateCollection: true);
}
}
private async Task <VimeoClient> CreateUnauthenticatedClient()
{
var authorizationClient = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret);
var unauthenticatedToken = await authorizationClient.GetUnauthenticatedTokenAsync();
return(new VimeoClient(unauthenticatedToken.access_token));
}
public override void ExecuteCmdlet()
{
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ApplicationId,
Id = ObjectId,
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id,
},
CanDelegate = AllowDelegation.IsPresent ? true : false,
};
AuthorizationClient.ValidateScope(parameters.Scope, false);
WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
}
protected async Task <VimeoClient> CreateUnauthenticatedClient()
{
var authorizationClient = new AuthorizationClient(VimeoSettings.ClientId, VimeoSettings.ClientSecret);
var unauthenticatedToken = await authorizationClient.GetUnauthenticatedTokenAsync();
return(new VimeoClient(unauthenticatedToken.AccessToken));
}
public UserManagementManager()
{
_userManagementService = new UserManagementService();
_sessionService = new SessionService();
_claimService = new ClaimService();
_authorizationClient = new AuthorizationClient();
_loggerService = new LoggerService();
}
public RegistryWnd()
{
InitializeComponent();
client = new AuthorizationClient();
this.btnReg.Click += btnReg_Click;
}
/// <summary>
/// <para>
/// Show <c>GetEntityRights</c> function usage.
/// </para>
/// </summary>
/// <param name="client">
/// <see cref="HermesAuthorizationServiceClient"/> instance.
/// </param>
private static void GetEntityRights(
AuthorizationClient client)
{
Rights rights = client.GetEntityRights("1", "101", "SomeEntity1");
Assert.AreEqual(
rights, Rights.Read | Rights.Insert, "entiry3 should have Execute rights.");
}
public RegistryWnd()
{
InitializeComponent();
client = new AuthorizationClient();
this.btnReg.Click += btnReg_Click;
}
public ResponseDTO <Boolean> AddLot(HttpRequest httprequest)
{
//ResponseDTO<ParkingMasterFrontendDTO> response = loginManager.SessionChecker(httpRequest["token"]);
try
{
var token = httprequest["token"];
ResponseDTO <Session> SessionDTO = _sessionServices.GetSession(new Guid(token));
if (SessionDTO.Data != null)
{
AuthorizationClient authorizationClient = new AuthorizationClient();
List <ClaimDTO> functionClaims = new List <ClaimDTO>()
{
new ClaimDTO(new Claim("Action", "AddParkingLot"))
};
var username = httprequest["username"];
ResponseDTO <Boolean> authCheck = authorizationClient.Authorize(username, functionClaims);
if (authCheck.Data == true)
{
//String[] arr = httprequest.Form.AllKeys;
var ownerid = SessionDTO.Data.UserAccount.Id;
var lotname = httprequest["lotname"];
var address = httprequest["address"];
var cost = Double.Parse(httprequest["cost"]);
var useraccount = SessionDTO.Data.UserAccount;
var spotfile = httprequest.Files["file"];
var mapfile = httprequest.Files["map"];
ResponseDTO <Boolean> response = _lotManagementService.AddLot(ownerid, lotname, address, cost, useraccount, spotfile, mapfile);
_loggerService.LogAction(LogConstants.ACTION_REGISTER_LOT, SessionDTO.Data.Id.ToString(), SessionDTO.Data.SessionId.ToString());
return(response);
}
else
{
return(new ResponseDTO <Boolean>()
{
Data = false,
Error = ErrorStrings.UNAUTHORIZED_ACTION
});
}
}
else
{
return(new ResponseDTO <Boolean>()
{
Data = false,
Error = ErrorStrings.SESSION_NOT_FOUND
});
}
}
catch (Exception e)
{
return(new ResponseDTO <Boolean>()
{
Data = false,
Error = httprequest.Form + e.ToString()
});
}
}
/// <summary>
/// <para>
/// Show <c>CheckRole</c> function usage.
/// </para>
/// </summary>
/// <param name="client">
/// <see cref="HermesAuthorizationServiceClient"/> instance.
/// </param>
private static void CheckRole(AuthorizationClient client)
{
Assert.IsTrue(
client.CheckRole("1", "101", "Admin"),
"Admin Role should been granted");
Assert.IsFalse(
client.CheckRole("1", "101", "Employee"),
"None Role should not been granted");
}
public MainWindow()
{
InitializeComponent();
client = new AuthorizationClient();
this.btnLog.Click += btnLog_Click;
this.btnInfo.Click += btnInfo_Click;
}
public MainWindow()
{
InitializeComponent();
client = new AuthorizationClient();
this.btnLog.Click += btnLog_Click;
this.btnInfo.Click += btnInfo_Click;
}
public async Task ShouldCorrectlyGetUnauthenticatedToken()
{
var client = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret);
var token = await client.GetUnauthenticatedTokenAsync();
token.access_token.ShouldNotBeNull();
token.user.ShouldBeNull();
}
private void Form1_Load(object sender, EventArgs e)
{
client = new AuthorizationClient();
Thread ServerStatus = new Thread(CheckServerStatus);
ServerStatus.IsBackground = true;
ServerStatus.Start();
}
protected BaseTest(FunctionalTestFixture fixture)
{
this.fixture = fixture;
this._client = new HttpClient
{
BaseAddress = fixture.BaseUrl
};
this._authorizationClient = new AuthorizationClient(this._client);
}
public override void ExecuteCmdlet()
{
PSRoleDefinition roleDefinition = null;
string confirmMessage = null;
if (this.IsParameterBound(c => c.InputObject))
{
var tempId = Guid.Empty;
if (!string.IsNullOrEmpty(InputObject.Id) && Guid.TryParse(InputObject.Id, out tempId))
{
Id = tempId;
}
else
{
Name = InputObject.Name;
}
}
if (Id != Guid.Empty)
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id);
}
else
{
confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name);
}
FilterRoleDefinitionOptions options = new FilterRoleDefinitionOptions
{
RoleDefinitionId = Id,
RoleDefinitionName = Name,
Scope = Scope,
ResourceIdentifier = new ResourceIdentifier
{
Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
}
};
AuthorizationClient.ValidateScope(options.Scope, true);
ConfirmAction(
Force.IsPresent,
confirmMessage,
ProjectResources.RemoveRoleDefinition,
Id.ToString(),
() =>
{
roleDefinition = PoliciesClient.RemoveRoleDefinition(options);
if (PassThru)
{
WriteObject(roleDefinition);
}
});
}
public void testDemo()
{
AuthorizationClient client = new AuthorizationClient(
new BasicHttpBinding(), new EndpointAddress(
"http://localhost:11111/demo"));
CheckEntity(client);
CheckRole(client);
CheckFunction(client);
GetEntityRights(client);
}
public async Task <ActionResult> Secure()
{
var user = User as ClaimsPrincipal;
var authClient = new AuthorizationClient(ConfigurationManager.AppSettings["AuthorizationEndpoint"], user);
var securityService = new IdentitySecurityService(authClient);
ViewBag.IsAdmin = await securityService.IsEdwAdmin();
ViewBag.User = IdentitySecurityService.CurrentUserName;
return(View());
}
public async Task VerifyAuthenticatedAccess()
{
var client = new AuthorizationClient(_vimeoSettings.ClientId, _vimeoSettings.ClientSecret);
var b = await client.VerifyAccessTokenAsync(_vimeoSettings.AccessToken);
b.ShouldBeTrue();
b = await client.VerifyAccessTokenAsync("abadaccesstoken");
b.ShouldBeFalse();
}
private void VerifyInvalidScope(string scope, string error)
{
try
{
AuthorizationClient.ValidateScope(scope, false);
Assert.True(false);
}
catch (ArgumentException ex)
{
Assert.Equal(ex.Message, error);
}
}
public override void ExecuteCmdlet()
{
MSGraphMessageHelper.WriteMessageForCmdletsSwallowException(this);
IEnumerable<PSRoleAssignment> roleAssignments = null;
if (this.IsParameterBound(c => c.InputObject))
{
Scope = InputObject.Scope;
ObjectId = InputObject.ObjectId;
RoleDefinitionName = InputObject.RoleDefinitionName;
}
FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
Id = ObjectId,
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id
},
// we should never expand principal groups in the Delete scenario
ExpandPrincipalGroups = false,
// never include classic administrators in the Delete scenario
IncludeClassicAdministrators = false
};
AuthorizationClient.ValidateScope(options.Scope, true);
ConfirmAction(
string.Format(ProjectResources.RemovingRoleAssignment, ObjectId, Scope, RoleDefinitionName),
ObjectId,
() =>
{
roleAssignments = PoliciesClient.RemoveRoleAssignment(options,
DefaultProfile.DefaultContext.Subscription.Id);
if (PassThru)
{
WriteObject(roleAssignments, enumerateCollection: true);
}
});
}
public static async Task SetPhoto()
{
if (token == null || userId == 0)
{
return;
}
var url = await AuthorizationClient.GetPhoto(token, userId);
Preference.Set(PhotoKey, url.ToString());
photoSource = ImageSource.FromUri(url);
}
public static bool AuthorizeFromUrl(Uri url)
{
var result = AuthorizationClient.SetUserFromUrl(url);
if (result.HasValue)
{
Token = result.Value.Token;
UserId = result.Value.UserId;
}
return(result.HasValue);
}
/// <summary>
/// <para>
/// Show <c>CheckEntity</c> function usage.
/// </para>
/// </summary>
/// <param name="client">
/// <see cref="HermesAuthorizationServiceClient"/> instance.
/// </param>
private static void CheckEntity(
AuthorizationClient client)
{
Assert.IsTrue(
client.CheckEntity("1", "101", "SomeEntity1", Rights.Read),
"entity1 should have read rights.");
Assert.IsFalse(client.CheckEntity(
"1", "101", "SomeEntity2", Rights.Read),
"entity2 should not have read rights.");
Assert.IsTrue(
client.CheckEntity("1", "101", "SomeEntity2", Rights.Update),
"entity2 should have update rights.");
}
public override void ExecuteCmdlet()
{
if (string.IsNullOrEmpty(Condition) ^ string.IsNullOrEmpty(ConditionVersion))
{
if (!string.IsNullOrEmpty(Condition))
{
ConditionVersion = "2.0";
WriteDebug("-Condition was set but -ConditionVersion was not, defaulting to lowest publicly available version: '2.0'");
}
else
{
WriteExceptionError(new ArgumentException("If -ConditionVersion is set -Condition can not be empty."));
return;
}
}
double _conditionVersion = double.Parse((ConditionVersion ?? "2.0"));
if (_conditionVersion < 2.0)
{
WriteExceptionError(new ArgumentException("Argument -ConditionVersion must be greater or equal than 2.0"));
return;
}
FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
{
Scope = Scope,
RoleDefinitionName = RoleDefinitionName,
RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
ADObjectFilter = new ADObjectFilterOptions
{
UPN = SignInName,
SPN = ApplicationId,
Id = ObjectId,
},
ResourceIdentifier = new ResourceIdentifier()
{
ParentResource = ParentResource,
ResourceGroupName = ResourceGroupName,
ResourceName = ResourceName,
ResourceType = ResourceType,
Subscription = DefaultProfile.DefaultContext.Subscription.Id,
},
CanDelegate = AllowDelegation.IsPresent ? true : false,
Description = Description,
Condition = Condition,
ConditionVersion = ConditionVersion,
};
AuthorizationClient.ValidateScope(parameters.Scope, false);
WriteObject(PoliciesClient.CreateRoleAssignment(parameters, RoleAssignmentId));
}
public void Constructor_HttpClientBase_DoesNotAppendsForwardSlash()
{
// Arrange
var url = "http://example.com/authorization2/";
var newHttpClient = new HttpClient();
newHttpClient.BaseAddress = new Uri(url);
// Act
var newSubject = new AuthorizationClient(newHttpClient);
// Assert
Assert.Equal(url, newHttpClient.BaseAddress.OriginalString);
}
private AuthorizationClient AuthorizationClient()
{
var webClient = new CookieWebClient();
var basePath = new ApplicationBasePath(
protocolPrefix: "https://",
site: options.AlbaHost,
applicationPath: "/alba");
var client = new AuthorizationClient(
webClient: webClient,
basePath: basePath);
return(client);
}
