public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, HeaderCollection headers)
{
if (method == null)
{
throw new ArgumentNullException("method");
}
if (url == null)
{
throw new ArgumentNullException("url");
}
if (body == null)
{
throw new ArgumentNullException("body");
}
if (identity == null)
{
throw new ArgumentNullException("identity");
}
Method = method;
Url = url;
Body = new UnclosableStream(_stream = body);
_identity = identity;
Headers = headers ?? new HeaderCollection();
}
public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, HeaderCollection headers)
{
if (method == null)
{
throw new ArgumentNullException("method");
}
if (url == null)
{
throw new ArgumentNullException("url");
}
if (body == null)
{
throw new ArgumentNullException("body");
}
if (identity == null)
{
throw new ArgumentNullException("identity");
}
Method = method;
Url = url;
Body = new UnclosableStream(_stream = body);
_identity = identity;
Headers = headers ?? new HeaderCollection();
}
private static void ValidateSecurityRequirements(OperationInfo operation, IClaimBasedIdentity identity)
{
var securityRequirements = operation.UnifiedSecurityRequirements;
if ((securityRequirements.Denied[ClaimTypes.Anonymous] != null) && (!identity.IsAuthenticated))
{
throw new UnauthenticatedAccessException("Anonymous access to the requested resource is denied.");
}
if (!operation.Allows(identity))
{
throw new AccessDeniedException("Access to the requested resource is denied.");
}
}
/// <summary>Checks if a given <paramref name="identity" /> is allowed to operate on a given <paramref name="securableResource" />.</summary>
/// <param name="securableResource">The securable resource to check.</param>
/// <param name="identity">The identity.</param>
/// <returns><b>true</b> if a <paramref name="identity" /> meets the <paramref name="securableResource" />'s requirements; otherwise <b>false</b>.</returns>
public static bool Allows(this SecurableResourceInfo securableResource, IClaimBasedIdentity identity)
{
if (securableResource == null)
{
throw new ArgumentNullException("securableResource");
}
if (identity == null)
{
throw new ArgumentNullException("identity");
}
var securityRequirements = securableResource.UnifiedSecurityRequirements;
return((!securityRequirements.Denied.Matches(identity)) &&
((!securityRequirements.Allowed.Any()) || (securityRequirements.Allowed.Matches(identity))));
}
internal static bool Matches(this SecuritySpecificationInfo securitySpecificationInfo, IClaimBasedIdentity identity)
{
foreach (var claimType in securitySpecificationInfo)
{
IEnumerable <string> claims;
if ((claims = identity[claimType]) == null)
{
continue;
}
var claimValues = securitySpecificationInfo[claimType];
var anyValues = claimValues.Any();
var matchingClaims = from value in claimValues join claim in claims on value equals claim select claim;
if ((!anyValues) || (matchingClaims.Any()))
{
return(true);
}
}
return(false);
}
public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, params Header[] headers) :
this(method, url, body, identity, new HeaderCollection(headers))
{
}
public RequestInfo(Verb method, HttpUrl url, Stream body, IClaimBasedIdentity identity, params Header[] headers) :
this(method, url, body, identity, new HeaderCollection(headers))
{
}
