/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
/// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable <Saml2Action> actions)
{
if (null == resource)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
}
// This check is making sure the resource is either a well-formed absolute uri or
// an empty relative uri before passing through to the rest of the constructor.
if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
}
if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
}
this.resource = resource;
this.decision = decision;
if (null != actions)
{
foreach (Saml2Action action in actions)
{
this.actions.Add(action);
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
/// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable<Saml2Action> actions)
{
if (null == resource)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
}
// This check is making sure the resource is either a well-formed absolute uri or
// an empty relative uri before passing through to the rest of the constructor.
if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
}
if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
}
this.resource = resource;
this.decision = decision;
if (null != actions)
{
foreach (Saml2Action action in actions)
{
this.actions.Add(action);
}
}
}
public SamlAuthorizationDecisionStatement(
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable <SamlAction> samlActions)
: base(samlSubject)
{
if (samlActions == null)
{
throw new ArgumentNullException("samlActions");
}
if (resource == null || resource.Length == 0)
{
throw new SecurityTokenException("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
}
Resource = resource;
AccessDecision = accessDecision;
foreach (SamlAction a in samlActions)
{
if (a == null)
{
throw new ArgumentException("samlActions contain null item.");
}
actions.Add(a);
}
}
public SamlAuthorizationDecisionClaimResource(
string resource, SamlAccessDecision decision, string actionName, string actionNamespace)
{
this.resource = resource;
this.decision = decision;
this.name = actionName;
this.ns = actionNamespace;
}
public SamlAuthorizationDecisionClaimResource (
string resource, SamlAccessDecision decision, string actionName, string actionNamespace)
{
this.resource = resource;
this.decision = decision;
this.name = actionName;
this.ns = actionNamespace;
}
public SamlAuthorizationDecisionStatement (
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable<SamlAction> samlActions,
SamlEvidence samlEvidence)
: this (samlSubject, resource, accessDecision, samlActions)
{
evidence = samlEvidence;
}
public SamlAuthorizationDecisionStatement(
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable <SamlAction> samlActions,
SamlEvidence samlEvidence)
: this(samlSubject, resource, accessDecision, samlActions)
{
evidence = samlEvidence;
}
public SamlAuthorizationDecisionClaimResource(string resource, SamlAccessDecision accessDecision, string actionNamespace, string actionName)
{
if (string.IsNullOrEmpty(resource))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
if (string.IsNullOrEmpty(actionName))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actionName");
this.resource = resource;
this.accessDecision = accessDecision;
this.actionNamespace = actionNamespace;
this.actionName = actionName;
}
public SamlAuthorizationDecisionClaimResource(string resource, SamlAccessDecision accessDecision, string actionNamespace, string actionName)
{
if (string.IsNullOrEmpty(resource))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
}
if (string.IsNullOrEmpty(actionName))
{
throw System.IdentityModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("actionName");
}
this.resource = resource;
this.accessDecision = accessDecision;
this.actionNamespace = actionNamespace;
this.actionName = actionName;
}
public SamlAuthorizationDecisionStatement (
SamlSubject samlSubject, string resource,
SamlAccessDecision accessDecision,
IEnumerable<SamlAction> samlActions)
: base (samlSubject)
{
if (samlActions == null)
throw new ArgumentNullException ("samlActions");
if (resource == null || resource.Length == 0)
throw new SecurityTokenException ("non-zero length string must be set to Resource of SAML AuthorizationDecisionStatement.");
Resource = resource;
AccessDecision = accessDecision;
foreach (SamlAction a in samlActions) {
if (a == null)
throw new ArgumentException ("samlActions contain null item.");
actions.Add (a);
}
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
{
this.actions = new ImmutableCollection<SamlAction>();
if (samlActions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
}
foreach (SamlAction action in samlActions)
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
}
this.actions.Add(action);
}
this.evidence = samlEvidence;
this.accessDecision = accessDecision;
this.resource = resource;
this.CheckObjectValidity();
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions, SamlEvidence samlEvidence) : base(samlSubject)
{
this.actions = new ImmutableCollection <SamlAction>();
if (samlActions == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlActions"));
}
foreach (SamlAction action in samlActions)
{
if (action == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(System.IdentityModel.SR.GetString("SAMLEntityCannotBeNullOrEmpty", new object[] { XD.SamlDictionary.Action.Value }));
}
this.actions.Add(action);
}
this.evidence = samlEvidence;
this.accessDecision = accessDecision;
this.resource = resource;
this.CheckObjectValidity();
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable <SamlAction> samlActions) : this(samlSubject, resource, accessDecision, samlActions, null)
{
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(samlDictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
}
string attribute = reader.GetAttribute(samlDictionary.Decision, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
}
if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
this.accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
}
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
while (reader.IsStartElement())
{
if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
{
SamlAction item = new SamlAction();
item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(item);
}
else
{
if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
}
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public SamlAuthorizationDecisionStatement(SamlSubject samlSubject, string resource, SamlAccessDecision accessDecision, IEnumerable<SamlAction> samlActions) : this(samlSubject, resource, accessDecision, samlActions, null)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
: this(resource, decision, null)
{
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(dictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
}
string decisionString = reader.GetAttribute(dictionary.Decision, null);
if (string.IsNullOrEmpty(decisionString))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
}
if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
}
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
SamlAction action = new SamlAction();
action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(action);
}
else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
{
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
}
reader.MoveToContent();
reader.ReadEndElement();
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
: this(resource, decision, null)
{
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
}
if (samlSerializer == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
}
SamlDictionary samlDictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(samlDictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead")));
}
string attribute = reader.GetAttribute(samlDictionary.Decision, null);
if (string.IsNullOrEmpty(attribute))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead")));
}
if (attribute.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Deny;
}
else if (attribute.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
{
this.accessDecision = SamlAccessDecision.Permit;
}
else
{
this.accessDecision = SamlAccessDecision.Indeterminate;
}
reader.MoveToContent();
reader.Read();
if (!reader.IsStartElement(samlDictionary.Subject, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionStatementMissingSubjectOnRead")));
}
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
while (reader.IsStartElement())
{
if (reader.IsStartElement(samlDictionary.Action, samlDictionary.Namespace))
{
SamlAction item = new SamlAction();
item.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(item);
}
else
{
if (!reader.IsStartElement(samlDictionary.Evidence, samlDictionary.Namespace))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLBadSchema", new object[] { samlDictionary.AuthorizationDecisionStatement })));
}
if (this.evidence != null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionHasMoreThanOneEvidence")));
}
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
}
if (this.actions.Count == 0)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("SAMLAuthorizationDecisionShouldHaveOneActionOnRead")));
}
reader.MoveToContent();
reader.ReadEndElement();
}
public override void ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver)
{
if (reader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("reader"));
if (samlSerializer == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentNullException("samlSerializer"));
#pragma warning suppress 56506 // samlSerializer.DictionaryManager is never null.
SamlDictionary dictionary = samlSerializer.DictionaryManager.SamlDictionary;
this.resource = reader.GetAttribute(dictionary.Resource, null);
if (string.IsNullOrEmpty(this.resource))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingResourceAttributeOnRead)));
string decisionString = reader.GetAttribute(dictionary.Decision, null);
if (string.IsNullOrEmpty(decisionString))
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingDecisionAttributeOnRead)));
if (decisionString.Equals(SamlAccessDecision.Deny.ToString(), StringComparison.OrdinalIgnoreCase))
this.accessDecision = SamlAccessDecision.Deny;
else if (decisionString.Equals(SamlAccessDecision.Permit.ToString(), StringComparison.OrdinalIgnoreCase))
this.accessDecision = SamlAccessDecision.Permit;
else
accessDecision = SamlAccessDecision.Indeterminate;
reader.MoveToContent();
reader.Read();
if (reader.IsStartElement(dictionary.Subject, dictionary.Namespace))
{
SamlSubject subject = new SamlSubject();
subject.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
base.SamlSubject = subject;
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionStatementMissingSubjectOnRead)));
while (reader.IsStartElement())
{
if (reader.IsStartElement(dictionary.Action, dictionary.Namespace))
{
SamlAction action = new SamlAction();
action.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
this.actions.Add(action);
}
else if (reader.IsStartElement(dictionary.Evidence, dictionary.Namespace))
{
if (this.evidence != null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionHasMoreThanOneEvidence)));
this.evidence = new SamlEvidence();
this.evidence.ReadXml(reader, samlSerializer, keyInfoSerializer, outOfBandTokenResolver);
}
else
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLBadSchema, dictionary.AuthorizationDecisionStatement)));
}
if (this.actions.Count == 0)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.SAMLAuthorizationDecisionShouldHaveOneActionOnRead)));
reader.MoveToContent();
reader.ReadEndElement();
}