public SASAuthorizationParameters CheckAccessWithMultiplePermissions(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requiredPermission, SasType supportedSasTypes, SasResourceType requiredResourceType, List <SASPermission> requiredSasPermissions, TimeSpan timeout)
{
SASAuthorizationParameters sASAuthorizationParameter;
AuthorizationResult authorizationResult = null;
Duration startingNow = Duration.StartingNow;
SASAuthorizationParameters sASAuthorizationParameter1 = new SASAuthorizationParameters()
{
SupportedSasTypes = supportedSasTypes,
SignedResourceType = requiredResourceType
};
SASAuthorizationParameters current = sASAuthorizationParameter1;
List <SASPermission> .Enumerator enumerator = requiredSasPermissions.GetEnumerator();
try
{
do
{
if (!enumerator.MoveNext())
{
break;
}
current.SignedPermission = enumerator.Current;
IAsyncResult asyncResult = this.BeginAuthorizeRequest(requestor, resourceAccount, resourceContainer, resourceIdentifier, requiredPermission, current, startingNow.Remaining(timeout), null, null);
authorizationResult = this.EndAuthorizeRequest(asyncResult);
if (!authorizationResult.Authorized)
{
continue;
}
sASAuthorizationParameter = current;
return(sASAuthorizationParameter);
}while (authorizationResult.Authorized || authorizationResult.FailureReason == AuthorizationFailureReason.PermissionMismatch);
if (requestor == null || !requestor.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requiredPermission))
{
throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, requestor, requiredPermission, authorizationResult.FailureReason);
}
throw new SecondaryWriteNotAllowedException();
}
finally
{
((IDisposable)enumerator).Dispose();
}
return(sASAuthorizationParameter);
}
protected internal override AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters)
{
AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure);
return(base.AuthorizeAccountSignedAccessRequest(signedRequestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters));
}
protected internal virtual AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters)
{
return(AuthorizationManager.AuthorizeAccountSignedAccessRequest(signedRequestor, resourceAccount, requestedSasParameters));
}
public static AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, SASAuthorizationParameters requestedSasParameters)
{
AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure);
if (string.IsNullOrEmpty(resourceAccount) || !resourceAccount.Equals(signedRequestor.AccountName, StringComparison.OrdinalIgnoreCase))
{
authorizationResult.FailureReason = AuthorizationFailureReason.UnauthorizedAccountSasRequest;
authorizationResult.Authorized = false;
return(authorizationResult);
}
if ((requestedSasParameters.SignedResourceType & signedRequestor.SignedResourceType) != requestedSasParameters.SignedResourceType)
{
authorizationResult.FailureReason = AuthorizationFailureReason.ResourceTypeMismatch;
authorizationResult.Authorized = false;
return(authorizationResult);
}
if ((requestedSasParameters.SignedPermission & signedRequestor.SignedAccessPermission) != requestedSasParameters.SignedPermission)
{
authorizationResult.FailureReason = AuthorizationFailureReason.PermissionMismatch;
authorizationResult.Authorized = false;
return(authorizationResult);
}
authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable;
authorizationResult.Authorized = true;
return(authorizationResult);
}
private IEnumerator <IAsyncResult> CheckAccessImpl(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <NoResults> context)
{
IAsyncResult asyncResult = this.BeginAuthorizeRequest(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, context.GetResumeCallback(), context.GetResumeState("RealServiceManager.AuthorizeImpl"));
yield return(asyncResult);
AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);
if (!authorizationResult.Authorized)
{
if (identifier == null || !identifier.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requestedPermission))
{
throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, identifier, requestedPermission, requestedSasParameters.SignedPermission, authorizationResult.FailureReason);
}
throw new SecondaryWriteNotAllowedException();
}
}
public IAsyncResult BeginCheckAccess(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
{
AsyncIteratorContext <NoResults> asyncIteratorContext = new AsyncIteratorContext <NoResults>("RealServiceManager.Authorize", callback, state);
asyncIteratorContext.Begin(this.CheckAccessImpl(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
return(asyncIteratorContext);
}
public abstract IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state);
private IEnumerator <IAsyncResult> AuthorizeRequestImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context)
{
Duration startingNow = Duration.StartingNow;
IAsyncResult asyncResult = this.BeginSharedKeyAuthorization(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, authorizationInfo, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl"));
yield return(asyncResult);
AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);
bool authorized = authorizationResult.Authorized;
if (!authorized || !(requestor is SignedAccessAccountIdentifier) && !(requestor is AccountSasAccessIdentifier))
{
context.ResultData = authorizationResult;
}
else
{
NephosAssertionException.Assert((requestor is SignedAccessAccountIdentifier ? true : requestor is AccountSasAccessIdentifier));
if (!(requestor is SignedAccessAccountIdentifier))
{
if (!(requestor is AccountSasAccessIdentifier))
{
throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if ((requestedSasParameters.SupportedSasTypes & SasType.AccountSas) != SasType.AccountSas)
{
throw new NephosUnauthorizedAccessException("Account signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if (requestedSasParameters.SignedPermission == SASPermission.None)
{
throw new ArgumentException("signedPerrmission");
}
authorizationResult = this.AuthorizeAccountSignedAccessRequest(requestor as AccountSasAccessIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters);
context.ResultData = authorizationResult;
}
else
{
if ((requestedSasParameters.SupportedSasTypes & SasType.ResourceSas) != SasType.ResourceSas)
{
throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
}
if (requestedSasParameters.SignedPermission == SASPermission.None)
{
throw new ArgumentException("signedPerrmission");
}
authorizationResult = this.AuthorizeResourceSignedAccessRequest(requestor as SignedAccessAccountIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters.SignedPermission);
context.ResultData = authorizationResult;
}
}
}
public override IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
{
AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state);
asyncIteratorContext.Begin(this.AuthorizeRequestImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
return(asyncIteratorContext);
}
