public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            IPrincipal principal = null;
            if (HttpContext.Current != null)
            {
                principal = HttpContext.Current.User;
            }

            if (principal != null)
            {
                // set the identity (for PrimaryIdentity)
                evaluationContext.Properties["Identities"] =
                    new List<IIdentity>() { principal.Identity };

                evaluationContext.Properties["Principal"] = principal;

                var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
                ClaimSet set;

                if (HttpContext.Current != null)
                {
                    set = new DefaultClaimSet(
                        nameClaim,
                        new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
                }
                else
                {
                    set = new DefaultClaimSet(nameClaim);
                }

                evaluationContext.AddClaimSet(this, set);
            }

            return true;
        }
        /**
        This method receives the claim sets evaluated so far by other authorization policies.
        For example, it may include a claim set for each token passed in the request message,
         * thus contain a WindowsClaimSet or UserNameClaimSet or x509 cliams set and so on.
         *
         * Responsible for inspecting claims based on the credentials provided,
         * mapping those claims to normalized claims,
         * and constructing a security principal for the request thread.
         *
         * The method should return false if this authorization policy was not able to complete its authorization.
         *
         * If false, the service model will invoke other authorization policies and then call this one once more, passing the updated claim sets.
         * This gives the authorization policy another chance to authorize calls.
         *
        **/
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            object obj;
            if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
                return false;

            IList<IIdentity> identities = obj as IList<IIdentity>;
            if (obj == null || identities.Count <= 0)
                return false;

            IIdentity identity = identities[0];

            //This is claims conversion
            ClaimSet claims = MapClaims(identity);

            if (claims == null)
                return false;

            GenericPrincipal newPrincipal = new GenericPrincipal(identity, null);

            evaluationContext.Properties["Principal"] = newPrincipal;

            evaluationContext.AddClaimSet(this, claims);

            return true;
        }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
   evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name)));
   evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] {_principal.Identity});
   evaluationContext.Properties["Principal"] = _principal;
   return true;
 }
        bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
        {
            foreach ( ClaimSet issuance in _issuedClaimSets )
                evaluationContext.AddClaimSet( this, issuance );

            return true;
        }
        public bool Evaluate(EvaluationContext context, ref object state)
        {
            foreach (ClaimSet issuance in this.issuedClaimSets)
            {
                context.AddClaimSet(this, issuance);
            }

            return true;
        }
 bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
 {
     if ( evaluationContext == null )
     {
         throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "evaluationContext" );
     }
     evaluationContext.AddClaimSet( this, _issuer );
     return true;
 }
Exemplo n.º 7
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            bool bRet = false;
            CustomAuthState customstate = null;

            // If state is null, then we've not been called before so we need
            // to set up our custom state
            if (state == null)
            {
                customstate = new CustomAuthState();
                state = customstate;
            }
            else
                customstate = (CustomAuthState)state;

            Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");

            // If we've not added claims yet...
            if (!customstate.ClaimsAdded)
            {
                // Create an empty list of Claims
                IList<Claim> claims = new List<Claim>();

                // Iterate through each of the claimsets in the evaluation context
                foreach (ClaimSet cs in evaluationContext.ClaimSets)
                    // Look for Name claims in the current claimset...
                    foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                        // Get the list of operations the given username is allowed to call...
                        foreach (string s in GetAllowedOpList(c.Resource.ToString()))
                        {
                            // Check numbers aren't too large
                            

                            // Add claims to the list
                            claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
                            Console.WriteLine("Claim added {0}", s);
                        }

                // Add claims to the evaluation context    
                evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));

                // record that we've added claims
                customstate.ClaimsAdded = true;

                // return true, indicating we do not need to be called again.
                bRet = true;
            }
            else
            {
                // Should never get here, but just in case...
                bRet = true;
            }


            return bRet;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            // find identity
            Claim id = evaluationContext.ClaimSets.FindIdentityClaim();
            string userId = Map(id);

            evaluationContext.AddClaimSet(this, new CustomerClaimSet(userId, Issuer));

            return true;
        }
Exemplo n.º 9
0
        public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            ThrowIfDisposed();
            if (_issuance != null)
            {
                evaluationContext.AddClaimSet(this, _issuance);
            }
            else
            {
                for (int i = 0; i < _issuances.Count; ++i)
                {
                    if (_issuances[i] != null)
                    {
                        evaluationContext.AddClaimSet(this, _issuances[i]);
                    }
                }
            }

            // Preferably Non-Anonymous
            if (this.PrimaryIdentity != null && this.PrimaryIdentity != SecurityUtils.AnonymousIdentity)
            {
                IList <IIdentity> identities;
                object            obj;
                if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
                {
                    identities = new List <IIdentity>(1);
                    evaluationContext.Properties.Add(SecurityUtils.Identities, identities);
                }
                else
                {
                    // null if other overrides the property with something else
                    identities = obj as IList <IIdentity>;
                }

                if (identities != null)
                {
                    identities.Add(this.PrimaryIdentity);
                }
            }

            evaluationContext.RecordExpirationTime(_expirationTime);
            return(true);
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            Claim claim = Claim.CreateNameClaim(user.Identity.Name);
            evaluationContext.AddClaimSet(this, new DefaultClaimSet(claim));

            evaluationContext.Properties["Identities"] =
                new List<IIdentity>(new IIdentity[] { user.Identity });

            evaluationContext.Properties["Principal"] = user;

            return true;
        }
 public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     this.ThrowIfDisposed();
     if (this.issuance != null)
     {
         evaluationContext.AddClaimSet(this, this.issuance);
     }
     else
     {
         for (int i = 0; i < this.issuances.Count; i++)
         {
             if (this.issuances[i] != null)
             {
                 evaluationContext.AddClaimSet(this, this.issuances[i]);
             }
         }
     }
     if ((this.PrimaryIdentity != null) && (this.PrimaryIdentity != System.IdentityModel.SecurityUtils.AnonymousIdentity))
     {
         IList <IIdentity> list;
         object            obj2;
         if (!evaluationContext.Properties.TryGetValue("Identities", out obj2))
         {
             list = new List <IIdentity>(1);
             evaluationContext.Properties.Add("Identities", list);
         }
         else
         {
             list = obj2 as IList <IIdentity>;
         }
         if (list != null)
         {
             list.Add(this.PrimaryIdentity);
         }
     }
     evaluationContext.RecordExpirationTime(this.expirationTime);
     return(true);
 }
        public bool Evaluate(EvaluationContext context, ref object state)
        {
            var identities = new List<IIdentity> {_identity};

            context.AddClaimSet(this,
                new DefaultClaimSet(Issuer, new Claim(ClaimTypes.Name, _identity == null ? null : _identity.Name, Rights.Identity)));

            if (context.Properties.ContainsKey(AuthContextIdentityPropertyName))
                context.Properties[AuthContextIdentityPropertyName] = identities;
            else
                context.Properties.Add(AuthContextIdentityPropertyName, identities);

            return true;
        }
Exemplo n.º 13
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            if (evaluationContext.Properties.ContainsKey("Identities"))
            {
                IIdentity identity;
                ClaimSet claims = MapClaims(evaluationContext, out identity);
                
                CustomPrincipal newPrincipal = new CustomPrincipal(identity, claims);
                evaluationContext.Properties["Principal"] = newPrincipal;
                evaluationContext.AddClaimSet(this, claims);
            }
            return true;

        }
        //We will add a custom claim to the EvaluationContext if the 'magic character' exists in the username
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            //Get the Identities Property
            object obj;
            if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
            {
                Debug.WriteLine("CustomNameCheckerPolicy: Identities is null");
                return false;
            }

            //Get the list of IIdentities
            IList<IIdentity> identities = obj as IList<IIdentity>;
            if (identities == null || identities.Count != 1)
            {
                Debug.WriteLine("CustomNameCheckerPolicy: Identities.count = 0");
                return false;
            }

            //Get the WindowsIdentity
            //Any other type of IIdentity will cause it to return false
            WindowsIdentity wID = identities[0] as WindowsIdentity;
            if (wID == null)
            {
                Debug.WriteLine("CustomNameCheckerPolicy: Not a Windows Identity");
                return false;
            }

            //retrieve the username
            string[] domainAndUsername =  wID.Name.Split(new char[]{'\\'});
            string userName = domainAndUsername[0];
            if (domainAndUsername.Length > 1)
                userName = domainAndUsername[1];

            //Check to see if the 'magic character' exists in the username
            //Add our claim if it does
            if (userName.ToUpper().Contains(Constants.magicCharacter.ToUpper()))
            {
                List<Claim> claims = new List<Claim>(1);
                Claim magicCharacterClaim = new Claim(Constants.PossessesMagicCharacterType, Constants.magicCharacter, Rights.PossessProperty);
                claims.Add(magicCharacterClaim);
                evaluationContext.AddClaimSet(this, new DefaultClaimSet(claims));
            }

            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            if (evaluationContext.Properties.ContainsKey("Identities"))
            {
                List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
                IIdentity identity = identities.FirstOrDefault(i => i.AuthenticationType == "X509");
                
                GenericPrincipal genprincipal = new GenericPrincipal(identity, null);
                evaluationContext.Properties["Principal"] = genprincipal;

                var user = UserStore.GetUserByCertificate(identity.Name);
                evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("User", user, Rights.Identity)));

                return true;
            }
            else
                return false;
        }
			// This method is expected to be thread safe
			public bool Evaluate (EvaluationContext ec, ref object state)
			{
				lock (ec) {
					ec.AddClaimSet (this, CreateClaims ());
					List<IIdentity> list;
					if (!ec.Properties.ContainsKey ("Identities")) {
						list = new List<IIdentity> ();
						ec.Properties ["Identities"] = list;
					} else {
						IList<IIdentity> ilist = (IList<IIdentity>) ec.Properties ["Identities"];
						list = ilist as List<IIdentity>;
						if (list == null) {
							list = new List<IIdentity> (ilist);
							ec.Properties ["Identities"] = list;
						}
					}
					list.Add (CreateIdentity ());
					ec.RecordExpirationTime (DateTime.MaxValue.AddDays (-1));
				}
				// FIXME: is it correct that this should always return true?
				return true;
			}
Exemplo n.º 17
0
        /// <summary>
        /// Defines the set of rules to for authorizing a user given a set of claims. 
        /// It prepares the evaluation context with relevant information and adds the claims to the evaluation context.
        /// </summary>
        /// <param name="evaluationContext">Evaluation context</param>
        /// <param name="state">State</param>
        /// <returns>return false if this authorization policy was not able to complete its authorization, otherwise true</returns>
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            if (OperationContext.Current.IncomingMessageProperties[PRINCIPAL] != null)
            {
                IClaimsPrincipal principal = OperationContext.Current.IncomingMessageProperties[PRINCIPAL] as IClaimsPrincipal;

                // If the principal is not an IClaimsPrincipal we can not authorize it
                if (principal == null)
                {
                    return false;
                }

                evaluationContext.Properties[PRINCIPAL] = principal;

                if (principal.Claims != null)
                {
                    evaluationContext.AddClaimSet(this, principal.Claims);
                }

                return true;
            }
            return false;
        }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     if (null == state)
     {
         state = false;
     }
     bool hasAddedClaims = (bool)state;
     if (hasAddedClaims)
     {
         return true; ;
     }
     IList<Claim> claims = new List<Claim>();
     foreach (ClaimSet claimSet in evaluationContext.ClaimSets)
     {
         foreach (Claim claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
         {
             string userName = (string)claim.Resource;
             if (userName.Contains('\\'))
             {
                 userName = userName.Split('\\')[1];
                 if (string.Compare("Foo", userName, true) == 0)
                 {
                     claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfAdd, Rights.PossessProperty));
                     claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfSubtract, Rights.PossessProperty));
                 }
                 if (string.Compare("Bar", userName, true) == 0)
                 {
                     claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfMultiply, Rights.PossessProperty));
                     claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfDivide, Rights.PossessProperty));
                 }
             }
         }
     }
     evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
     state = true;
     return true;
 }
Exemplo n.º 19
0
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            evaluationContext.AddClaimSet(this, this.issuance);

            if (this.identities != null)
            {
                object value;
                IList<IIdentity> contextIdentities;
                if (!evaluationContext.Properties.TryGetValue("Identities", out value))
                {
                    contextIdentities = new List<IIdentity>(this.identities.Count);
                    evaluationContext.Properties.Add("Identities", contextIdentities);
                }
                else
                {
                    contextIdentities = value as IList<IIdentity>;
                }
                foreach (IIdentity identity in this.identities)
                {
                    contextIdentities.Add(identity);
                }
            }

            evaluationContext.RecordExpirationTime(this.expirationTime);
            return true;
        }
Exemplo n.º 20
0
		public bool Evaluate(EvaluationContext evaluationContext, ref object state)
		{
			// Add the token claim set to the evaluation context.
			evaluationContext.AddClaimSet(this, tokenClaims);

			// Return true if the policy evaluation is finished.
			return true;
		}
Exemplo n.º 21
0
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     evaluationContext.AddClaimSet(this, issuance);
     evaluationContext.RecordExpirationTime(DateTime.UtcNow.AddDays(1.0));
     return true;
 }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     for (int num1 = 0; num1 < this.claimSets.Count; num1++)
     {
         evaluationContext.AddClaimSet(this, this.claimSets[num1]);
     }
     if (this.identities != null)
     {
         object obj;
         if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
         {
             evaluationContext.Properties.Add("Identities", (object)this.identities);
         }
         else
         {
             List<IIdentity> identities = obj as List<IIdentity>;
             if (identities != null)
             {
                 identities.AddRange(this.identities);
             }
         }
     }
     evaluationContext.RecordExpirationTime(this.expirationTime);
     return true;
 }
        public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            ThrowIfDisposed();
            if (this.issuance != null)
            {
                evaluationContext.AddClaimSet(this, this.issuance);
            }
            else
            {
                for (int i = 0; i < this.issuances.Count; ++i)
                {
                    if (this.issuances[i] != null)
                    {
                        evaluationContext.AddClaimSet(this, this.issuances[i]);
                    }
                }
            }

            // Preferably Non-Anonymous
            if (this.PrimaryIdentity != null && this.PrimaryIdentity != SecurityUtils.AnonymousIdentity)
            {
                IList<IIdentity> identities;
                object obj;
                if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
                {
                    identities = new List<IIdentity>(1);
                    evaluationContext.Properties.Add(SecurityUtils.Identities, identities);
                }
                else
                {
                    // null if other overrides the property with something else
                    identities = obj as IList<IIdentity>;
                }

                if (identities != null)
                {
                    identities.Add(this.PrimaryIdentity);
                }
            }

            evaluationContext.RecordExpirationTime(this.expirationTime);
            return true;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            bool bRet = false;

            CustomAuthState customAuthState = null;

            // If state is null, then this method has not been called before, so 
            // set up a custom state.
            if (state == null)
            {
                customAuthState = new CustomAuthState();
                state = customAuthState;
            }
            else
            {
                customAuthState = (CustomAuthState)state;
            }

            // If claims have not been added yet...
            if (!customAuthState.ClaimsAdded)
            {
                // helpful class for processing certificates
                X509CertificateClaimSet certClaimSet = null;

                // look for the client's certificate
                foreach (ClaimSet cs in evaluationContext.ClaimSets)
                {
                    certClaimSet = cs as X509CertificateClaimSet;

                    // As of this writing, calling evaluationContext.AddClaimSets
                    // directly modifies the ClaimSets collection we are enumerating,
                    // which will result in an exception, so we break out of this loop
                    // before adding our new ClaimSet
                    if (null != certClaimSet)
                    {
                        break;
                    }
                }

                if (null != certClaimSet)
                {
                    // note how we can get access to the client certificate here,
                    // so if you already know how to program certs in .NET, you're all set
                    string clientName = certClaimSet.X509Certificate.Subject;
                    string x509ThumbPrint = certClaimSet.X509Certificate.Thumbprint;

                    // map the user's name onto a set of claims that represent WSC's entity attributes
                    ClaimSet newClaimSet = LookupClaimsForWsc(clientName, x509ThumbPrint);
                    evaluationContext.AddClaimSet(this, newClaimSet);

                    // Record that claims have been added.
                    customAuthState.ClaimsAdded = true;

                    bRet = true;
                }
            }
            else
            {
                bRet = true;
            }

            return bRet;
        }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {


            if (evaluationContext.Properties.ContainsKey("Identities"))
            {
                List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
                IIdentity identity = identities.FirstOrDefault(i=>i.AuthenticationType == "CustomUsernameValidator");

                GenericPrincipal genprincipal = new GenericPrincipal(identity, null);
                evaluationContext.Properties["Principal"] = genprincipal;

                //find a user for this identity
                var user = UserStore.GetUserByUsername(identity.Name);

                //Add a claim with the user entity
                evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("User", user, Rights.Identity)));

                return true;
            }
            else
                return false;



            //evaluationContext.ClaimSets.
            //var name = ServiceSecurityContext.Current.AuthorizationContext .AuthorizationContext.Properties["name"];
            //OperationContext.Current

            //IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal;

            //var user = OperationContext.Current.IncomingMessageProperties["Principal"] as DAL.User;//evaluationContext.Properties["Principal"] as DAL.User;
            //if (user == null)
            //    throw new SecurityTokenException("Unauthorized");

            //evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("UserId", user.UserId, Rights.Identity)));


            //const String HttpRequestKey = "httpRequest";
            //const String UsernameHeaderKey = "x-ms-credentials-username";
            //const String PasswordHeaderKey = "x-ms-credentials-password";
            //const String IdentitiesKey = "Identities";
            //const String PrincipalKey = "Principal";

            //// Check if the properties of the context has the identities list 
            //if (evaluationContext.Properties.Count > 0 ||
            //  evaluationContext.Properties.ContainsKey(IdentitiesKey) ||
            //  !OperationContext.Current.IncomingMessageProperties.ContainsKey(HttpRequestKey))
            //    return false;

            //// get http request
            //var httpRequest = (HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestKey];

            //// extract credentials
            //var username = httpRequest.Headers[UsernameHeaderKey];
            //var password = httpRequest.Headers[PasswordHeaderKey];

            //// verify credentials complete
            //if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
            //    return false;

            //// Get or create the identities list 
            //if (!evaluationContext.Properties.ContainsKey(IdentitiesKey))
            //    evaluationContext.Properties[IdentitiesKey] = new List<IIdentity>();
            //var identities = (List<IIdentity>)evaluationContext.Properties[IdentitiesKey];

            // lookup user
            //using (var con = ServiceLocator.Current.GetInstance<IDbConnection>())
            //{
            //    using (var userDao = ServiceLocator.Current.GetDao<IUserDao>(con))
            //    {
            //        var user = userDao.GetUserByUsernamePassword(username, password);

            //        //evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, roleClaims));
            //    }
            //}


            //check that!
            return true;
        }
		public bool Evaluate(EvaluationContext evaluationContext, ref object state) {
			evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(this.principal.Identity.Name)));
			evaluationContext.Properties["Principal"] = this.principal;
			return true;
		}
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     for (int i = 0; i < this.claimSets.Count; i++)
     {
         evaluationContext.AddClaimSet(this, this.claimSets[i]);
     }
     if (this.identities != null)
     {
         object obj2;
         if (!evaluationContext.Properties.TryGetValue("Identities", out obj2))
         {
             evaluationContext.Properties.Add("Identities", this.identities);
         }
         else
         {
             List<IIdentity> list = obj2 as List<IIdentity>;
             if (list != null)
             {
                 list.AddRange(this.identities);
             }
         }
     }
     evaluationContext.RecordExpirationTime(this.expirationTime);
     return true;
 }
Exemplo n.º 28
0
			public bool Evaluate (EvaluationContext ec, ref Object state)
			{
				ec.AddClaimSet (this, new DefaultClaimSet (Claim.CreateRsaClaim (rsa)));
				ec.RecordExpirationTime (DateTime.MaxValue.AddDays (-1));
				return true;
			}
Exemplo n.º 29
0
        /// <summary>
        /// called for every server operation
        /// </summary>
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            if (evaluationContext.Properties.ContainsKey("Identities"))
            {
                var identities = (List<IIdentity>) evaluationContext.Properties["Identities"];
                IIdentity identity = identities[0];

                ClaimSet claims = MapClaims(identity);

                var newPrincipal = new GenericPrincipal(identity, null);
                evaluationContext.Properties["Principal"] = newPrincipal;

                if (claims != null)
                    evaluationContext.AddClaimSet(this, claims);

                return true;
            }
            return false;
        }
            public bool Evaluate(EvaluationContext evaluationContext, ref object state)
            {
                for (int i = 0; i < this.claimSets.Count; ++i)
                {
                    evaluationContext.AddClaimSet(this, this.claimSets[i]);
                }

                if (this.identities != null)
                {
                    object obj;
                    if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
                    {
                        evaluationContext.Properties.Add(SecurityUtils.Identities, this.identities);
                    }
                    else
                    {
                        // null if other overrides the property with something else
                        List<IIdentity> dstIdentities = obj as List<IIdentity>;
                        if (dstIdentities != null)
                        {
                            dstIdentities.AddRange(this.identities);
                        }
                    }
                }
                evaluationContext.RecordExpirationTime(this.expirationTime);
                return true;
            }
        public bool Evaluate(EvaluationContext evaluationContext, ref object state)
        {
            if (state != null)
                return true; // If state is null, then this method has already been called

            Debug.WriteLine("Inside MyAuthorizationPolicy.Evaluate");

            var claims = new List<Claim>();
            // Iterate through each of the claim sets in the evaluation context.
            foreach (var claimSet in evaluationContext.ClaimSets)
            {
                // Look for Name claims in the current claim set.
                foreach (var claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
                {
                    // Get the list of operations the given user (resource) is allowed to call.
                    var user = claim.Resource;
                    var ops = GetAllowedOperations(user);
                    foreach (var operation in ops)
                    {
                        // Add claims to the list
                        claims.Add(new Claim("http://example.org/claims/allowedoperation", operation, Rights.PossessProperty));
                        Debug.WriteLine("Claim added: " + operation);
                    }
                }
            }

            // Add claims to the evaluation context.
            evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));

            // Will signifies that claims have been added.
            state = new object();

            return true;
        }