public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, HeaderCollection headers) { if (method == null) { throw new ArgumentNullException("method"); } if (url == null) { throw new ArgumentNullException("url"); } if (body == null) { throw new ArgumentNullException("body"); } if (identity == null) { throw new ArgumentNullException("identity"); } Method = method; Url = url; Body = new UnclosableStream(_stream = body); _identity = identity; Headers = headers ?? new HeaderCollection(); }
private static void ValidateSecurityRequirements(OperationInfo operation, IClaimBasedIdentity identity) { var securityRequirements = operation.UnifiedSecurityRequirements; if ((securityRequirements.Denied[ClaimTypes.Anonymous] != null) && (!identity.IsAuthenticated)) { throw new UnauthenticatedAccessException("Anonymous access to the requested resource is denied."); } if (!operation.Allows(identity)) { throw new AccessDeniedException("Access to the requested resource is denied."); } }
/// <summary>Checks if a given <paramref name="identity" /> is allowed to operate on a given <paramref name="securableResource" />.</summary> /// <param name="securableResource">The securable resource to check.</param> /// <param name="identity">The identity.</param> /// <returns><b>true</b> if a <paramref name="identity" /> meets the <paramref name="securableResource" />'s requirements; otherwise <b>false</b>.</returns> public static bool Allows(this SecurableResourceInfo securableResource, IClaimBasedIdentity identity) { if (securableResource == null) { throw new ArgumentNullException("securableResource"); } if (identity == null) { throw new ArgumentNullException("identity"); } var securityRequirements = securableResource.UnifiedSecurityRequirements; return((!securityRequirements.Denied.Matches(identity)) && ((!securityRequirements.Allowed.Any()) || (securityRequirements.Allowed.Matches(identity)))); }
internal static bool Matches(this SecuritySpecificationInfo securitySpecificationInfo, IClaimBasedIdentity identity) { foreach (var claimType in securitySpecificationInfo) { IEnumerable <string> claims; if ((claims = identity[claimType]) == null) { continue; } var claimValues = securitySpecificationInfo[claimType]; var anyValues = claimValues.Any(); var matchingClaims = from value in claimValues join claim in claims on value equals claim select claim; if ((!anyValues) || (matchingClaims.Any())) { return(true); } } return(false); }
public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, params Header[] headers) : this(method, url, body, identity, new HeaderCollection(headers)) { }