Exemplo n.º 1
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
                
                // get claims from authorized issuer
                ClaimSet issuedClaims = null;
                foreach (ClaimSet cs in evaluationContext.ClaimSets)
                {
                    // If the issuer of the ClaimSet is this STS...
                    if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey")))
                    {
                        issuedClaims = cs;
                    }
                }

                if (issuedClaims == null)
                {
                    throw new SecurityException("Unable to authenticate caller. Invalid claimset provided.");
                }

                CustomIdentity identity = new CustomIdentity("Claims");
                CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims);

                evaluationContext.Properties["Principal"] = newPrincipal;

            return true;

        }
Exemplo n.º 2
0
 // called after the authentication stage
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     IList<IIdentity> idents;
     object identsObject;
     if (evaluationContext.Properties.TryGetValue(
         "Identities", out identsObject) && (idents =
         identsObject as IList<IIdentity>) != null)
     {
         foreach (IIdentity ident in idents)
         {
             if (ident.IsAuthenticated &&
                 ident.AuthenticationType == "BiometricValidator")
             {
                 StringReader reader = new StringReader(ident.Name);
                 System.Xml.Serialization.XmlSerializer deserializer = new System.Xml.Serialization.XmlSerializer(typeof(SecureContextCredentials));
                 SecureContextCredentials credentials = (SecureContextCredentials)deserializer.Deserialize(reader);
                 IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Bioemtrics, credentials.IdentityUid);
                 IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" });
                 evaluationContext.Properties["Principal"] = p;
                 return true;
             }
             else
             {
                 string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com");
                 IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Certificate, userId);
                 IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" });
                 evaluationContext.Properties["Principal"] = p;
                 return true;
             }
         }
     }
     return false;
 }
Exemplo n.º 3
0
 // called after the authentication stage
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     IList<IIdentity> idents;
     object identsObject;
     if (evaluationContext.Properties.TryGetValue(
         "Identities", out identsObject) && (idents =
         identsObject as IList<IIdentity>) != null)
     {
         foreach (IIdentity ident in idents)
         {
             if (ident.IsAuthenticated &&
                 ident.AuthenticationType == "BioUsernamePasswordVerifier")
             {
                 //evaluationContext.Properties["Principal"]
                 //    = new IdsPrincipal();
                 return true;
             }
             else
             {
                 string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com");
             }
         }
     }
     if (!evaluationContext.Properties.ContainsKey("Principal"))
     {
         //evaluationContext.Properties["Principal"] = new IdsPrincipal();
     }
     return false;
 }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            var success = false;

            var identity = GetClientIdentity(evaluationContext);
            if (identity != null)
            {
                if (Roles.Enabled)
                {
                    var provider = Roles.Provider;
                    var roles = provider.GetRolesForUser(identity.Name);

                    if (provider is AzManRoleProvider)
                    {
                        var azman = (AzManRoleProvider)provider;
                        var operations = azman.GetOperationsForUser(identity.Name);

                        evaluationContext.Properties["Principal"] = new AzManPrincipal(identity, roles, operations);
                    }
                    else
                    {
                        evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, roles);
                    }
                }
                else
                {
                    evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, null);
                }

                success = true;
            }

            return success;
        }
        /**
        This method receives the claim sets evaluated so far by other authorization policies.
        For example, it may include a claim set for each token passed in the request message,
         * thus contain a WindowsClaimSet or UserNameClaimSet or x509 cliams set and so on.
         *
         * Responsible for inspecting claims based on the credentials provided,
         * mapping those claims to normalized claims,
         * and constructing a security principal for the request thread.
         *
         * The method should return false if this authorization policy was not able to complete its authorization.
         *
         * If false, the service model will invoke other authorization policies and then call this one once more, passing the updated claim sets.
         * This gives the authorization policy another chance to authorize calls.
         *
        **/
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            object obj;
            if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
                return false;

            IList<IIdentity> identities = obj as IList<IIdentity>;
            if (obj == null || identities.Count <= 0)
                return false;

            IIdentity identity = identities[0];

            //This is claims conversion
            ClaimSet claims = MapClaims(identity);

            if (claims == null)
                return false;

            GenericPrincipal newPrincipal = new GenericPrincipal(identity, null);

            evaluationContext.Properties["Principal"] = newPrincipal;

            evaluationContext.AddClaimSet(this, claims);

            return true;
        }
Exemplo n.º 6
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            var client = GetClientIdentity(evaluationContext);
            evaluationContext.Properties["Principal"] = PrincipalFactory.Create(client);

            return true;
        }
Exemplo n.º 7
0
        private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity)
        {

            List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
            
            if (identities.Count == 0)
                throw new SecurityException("Authorization failed, identity missing from evaluation context.");

            identity = new CustomIdentity(identities[0].Name);
            
            // TODO: check identity against credential store and 
            // determine the appropriate claims to allocate
            
            // NOTE: in this sample, only partner certificates are provided,
            // and at this point have passed authorization, so we will grant
            // all custom claims 
            
            List<Claim> listClaims = new List<Claim>();

            listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty));
            listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty));

            return new DefaultClaimSet(this.m_issuer, listClaims);
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IPrincipal principal = null;
            if (HttpContext.Current != null)
            {
                principal = HttpContext.Current.User;
            }

            if (principal != null)
            {
                // set the identity (for PrimaryIdentity)
                evaluationContext.Properties["Identities"] =
                    new List<IIdentity>() { principal.Identity };

                evaluationContext.Properties["Principal"] = principal;

                var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
                ClaimSet set;

                if (HttpContext.Current != null)
                {
                    set = new DefaultClaimSet(
                        nameClaim,
                        new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
                }
                else
                {
                    set = new DefaultClaimSet(nameClaim);
                }

                evaluationContext.AddClaimSet(this, set);
            }

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            var client = GetClientIdentity(evaluationContext);

            evaluationContext.Properties["Principal"] = Thread.CurrentPrincipal;
            return true;
        }
        // this method gets called after the authentication stage
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            WebOperationContext ctx = WebOperationContext.Current;
            string authHeader = ctx.IncomingRequest.Headers[HttpRequestHeader.Authorization];

            if(!string.IsNullOrEmpty(authHeader))
            {
                string decryptedAuth = Common.Utils.Decrypt(authHeader.Substring(5).Trim());

                if (!string.IsNullOrEmpty(decryptedAuth) && decryptedAuth.Split('|').Length == 2 && decryptedAuth.Split('|')[0] == "mitko" && decryptedAuth.Split('|')[1] == "!@#mitko123")
                {
                    evaluationContext.Properties["Principal"] = new CustomPrincipal(new CredentialsValidator.CustomIdeintity("Basic", true, "decryptedAuth[0]"));

                    return true;
                }
                else
                {
                    return false;
                }
            }
            else
            {
                return false;

            }
        }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
   evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name)));
   evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] {_principal.Identity});
   evaluationContext.Properties["Principal"] = _principal;
   return true;
 }
        bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
        {
            foreach ( ClaimSet issuance in _issuedClaimSets )
                evaluationContext.AddClaimSet( this, issuance );

            return true;
        }
Exemplo n.º 13
0
 // this method gets called after the authentication stage
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     // get the authenticated client identity
     IIdentity client = GetClientIdentity(evaluationContext);
     // set the custom principal
     evaluationContext.Properties["Principal"] = new CustomPrincipal(client);
     return true;
 }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal;
            evaluationContext.Properties["Principal"] = user;
            evaluationContext.Properties["Identities"] = new List<IIdentity> { user.Identity };

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IIdentity identity = GetIdentityFromClient(evaluationContext);
            CustomIdentity Identity = new CustomIdentity(identity.AuthenticationType, identity.Name);

            evaluationContext.Properties["Principal"] = new CustomPrincipal(Identity, SecurityHelper.GetRolesByUserName(Identity.Name), SecurityHelper.GetPermissions());
            return true;
        }
Exemplo n.º 16
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IIdentity client = GetClientIdentity(evaluationContext);

            evaluationContext.Properties["Principal"] = new CustomPrincipal(client);

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            // set a new principal holding the combined roles
            // this could be your own IPrincipal implementation
            var currentIdentity = GetClientIdentity(evaluationContext);
            evaluationContext.Properties["Principal"] = new GenericPrincipal(new GenericIdentity(currentIdentity.Name + "_Modified"), new string[]{});

            return true;
        }
        public bool Evaluate(EvaluationContext context, ref object state)
        {
            foreach (ClaimSet issuance in this.issuedClaimSets)
            {
                context.AddClaimSet(this, issuance);
            }

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            var client = GetClientIdentity(evaluationContext);

            evaluationContext.Properties["Principal"] = new GenericPrincipal(client, new[] { client.Name });
            Id = Guid.NewGuid().ToString();

            return true;
        }
 bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
 {
     if ( evaluationContext == null )
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "evaluationContext" );
     }
     evaluationContext.AddClaimSet( this, _issuer );
     return true;
 }
Exemplo n.º 21
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            bool bRet = false;
            CustomAuthState customstate = null;

            // If state is null, then we've not been called before so we need
            // to set up our custom state
            if (state == null)
            {
                customstate = new CustomAuthState();
                state = customstate;
            }
            else
                customstate = (CustomAuthState)state;

            Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

            // If we've not added claims yet...
            if (!customstate.ClaimsAdded)
            {
                // Create an empty list of Claims
                IList<Claim> claims = new List<Claim>();

                // Iterate through each of the claimsets in the evaluation context
                foreach (ClaimSet cs in evaluationContext.ClaimSets)
                    // Look for Name claims in the current claimset...
                    foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                        // Get the list of operations the given username is allowed to call...
                        foreach (string s in GetAllowedOpList(c.Resource.ToString()))
                        {
                            // Check numbers aren't too large
                            

                            // Add claims to the list
                            claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
                            Console.WriteLine("Claim added {0}", s);
                        }

                // Add claims to the evaluation context    
                evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));

                // record that we've added claims
                customstate.ClaimsAdded = true;

                // return true, indicating we do not need to be called again.
                bRet = true;
            }
            else
            {
                // Should never get here, but just in case...
                bRet = true;
            }


            return bRet;
        }
Exemplo n.º 22
0
 private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
 {
     object obj;
     if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
         throw new Exception("No Identity found");
     IList<IIdentity> identities = obj as IList<IIdentity>;
     if (identities == null || identities.Count <= 0)
         throw new Exception("No Identity found");
     return identities[0];
 }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            // find identity
            Claim id = evaluationContext.ClaimSets.FindIdentityClaim();
            string userId = Map(id);

            evaluationContext.AddClaimSet(this, new CustomerClaimSet(userId, Issuer));

            return true;
        }
Exemplo n.º 24
0
        private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
        {
            object obj;
            if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
            {
                var authorization = WebOperationContext.Current.IncomingRequest.Headers[HttpRequestHeader.Authorization] ?? DefaultAuthorization;
                if (authorization == null)
                {
                    WebOperationContext.Current.OutgoingResponse.Headers["WWW-Authenticate"] = "Basic realm=\"site\"";
                    Utility.ThrowError("Authorization header not provided.", HttpStatusCode.Unauthorized);
                }

                var splt = authorization.Split(' ');
                var authType = splt[0];
                if (splt.Length != 2)
                    Utility.ThrowError("Invalid authorization header.", HttpStatusCode.Unauthorized);

                var cred = Encoding.UTF8.GetString(Convert.FromBase64String(splt[1])).Split(':');
                if (cred.Length != 2)
                    Utility.ThrowError("Invalid authorization header content.", HttpStatusCode.Unauthorized);

                var user = cred[0];
                var password = new SecureString();
                foreach (var c in cred[1])
                    password.AppendChar(c);

                if (string.IsNullOrEmpty(user))
                    Utility.ThrowError("User not specified in authorization header.", HttpStatusCode.Unauthorized);

                var identity = new RestIdentity
                {
                    AuthenticationType = authType,
                    IsAuthenticated = Authentication.IsAuthenticated(user, password),
                    Name = user
                };
                var template = WebOperationContext.Current.IncomingRequest.UriTemplateMatch;
                if (!identity.IsAuthenticated)
                {
                    Utility.ThrowError("User '" + user + "' was not authenticated.", HttpStatusCode.Forbidden);
                }
                else if (template == null)
                {
                    var url = OperationContext.Current.RequestContext.RequestMessage.Headers.To;
                    Utility.ThrowError("Unknown route: " + url.PathAndQuery, HttpStatusCode.NotFound);
                }
                return identity;
            }

            var identities = obj as IList<IIdentity>;
            if (identities == null || identities.Count < 1)
                Utility.ThrowError("No Identity found.", HttpStatusCode.Unauthorized);

            return identities[0];
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            HttpContext context = HttpContext.Current;

            if (context != null)
            {
                evaluationContext.Properties["Principal"] = context.User;
                evaluationContext.Properties["Identities"] = new List<IIdentity>() { context.User.Identity };
            }

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            Claim claim = Claim.CreateNameClaim(user.Identity.Name);
            evaluationContext.AddClaimSet(this, new DefaultClaimSet(claim));

            evaluationContext.Properties["Identities"] =
                new List<IIdentity>(new IIdentity[] { user.Identity });

            evaluationContext.Properties["Principal"] = user;

            return true;
        }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     object obj;
     if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
         throw new Exception("No Identity Found");
     IList<IIdentity> identity = obj as IList<IIdentity>;
     if (identity == null || identity.Count <= 0)
         throw new Exception("No Indentity Found");
     IIdentity Identity = identity[0];
     evaluationContext.Properties["Principal"] = new GenericPrincipal(Identity, new string[] { "admin", "user" });
     return true;
 }
Exemplo n.º 28
0
        // this method gets called after the authentication stage
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            // get the authenticated client identity
            //IIdentity client = HttpContext.Current.User.Identity;

            // set the custom principal
            var client = new BaseAuthClient();
            var principal = new CustomPrincipal(client);
            evaluationContext.Properties["Principal"] = principal;
            HttpContext.Current.User = principal;
            return client.IsAuthenticated;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            const String IdentitiesKey = "Identities";

            // Check if the properties of the context has the identities list
            if (evaluationContext.Properties.Count == 0
                || evaluationContext.Properties.ContainsKey(IdentitiesKey) == false
                || evaluationContext.Properties[IdentitiesKey] == null)
            {
                return false;
            }

            // Get the identities list
            List<IIdentity> identities = evaluationContext.Properties[IdentitiesKey] as List<IIdentity>;

            // Validate that the identities list is valid
            if (identities == null)
            {
                return false;
            }

            GenericIdentity newIdentity;
            String[] roles = new string[] { };

            // Password es el token, y UserName el idMovimiento
            if (Password != "Guest" && ControllersHub.Instance.getISessionController().ValidateToken(Convert.ToInt32(UserName), Password))
            {
                newIdentity = new GenericIdentity(Password, UserName);
                roles = ControllersHub.Instance.getISessionController().GetUserInfo(Password).Roles;
            }
            else
            {
                newIdentity = new GenericIdentity("NoId", UserName);
            }

            const String PrimaryIdentityKey = "PrimaryIdentity";

            // Update the list and the context with the new identity
            //identities.Remove(currentIdentity);
            identities.Add(newIdentity);
            evaluationContext.Properties[PrimaryIdentityKey] = newIdentity;

            // Create a new principal for this identity
            GenericPrincipal newPrincipal = new GenericPrincipal(newIdentity, roles);
            const String PrincipalKey= "Principal";

            // Store the new principal in the context
            evaluationContext.Properties[PrincipalKey] = newPrincipal;

            // This policy has successfully been evaluated and doesn't need to be called again
            return true;
        }
Exemplo n.º 30
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IIdentity identity = GetIdentityFromClient(evaluationContext);
            XmlIdentity xmlIdentity =
                new XmlIdentity(identity.AuthenticationType, identity.Name);

            evaluationContext.Properties["Principal"] =
                new XmlPrincipal(
                    xmlIdentity,
                    XmlSecurityHelper.GetRolesByUserName(xmlIdentity.Name));

            return true;
        }