/// <summary>
/// Calls ClaimsAuthorizationManager.
/// </summary>
/// <param name="resourceType">The resource type.</param>
/// <param name="resource">The resource.</param>
/// <param name="action">The action.</param>
/// <returns>True when access is granted. Otherwise false.</returns>
public static bool CheckAccess(string resourceType, string resource, string action)
{
var resourceAction = new ResourceAction(resourceType, resource, ClaimTypes.ActionType, action);
var context = CreateAuthorizationContext(ClaimsPrincipal.Current, resourceAction);
var claimsAuthorizationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
return(claimsAuthorizationManager.CheckAccess(context));
}
/// <summary>
/// Calls ClaimsAuthorizationManager.
/// </summary>
/// <param name="action">The action.</param>
/// <param name="resource">The resource.</param>
/// <param name="additionalResources">Additional resources.</param>
/// <returns>True when access is granted. Otherwise false.</returns>
public static bool CheckAccess(string action, string resource, params Claim[] additionalResources)
{
var resourceAction = new ResourceAction(ClaimTypes.ResourceType, resource, ClaimTypes.ActionType, action);
var context = CreateAuthorizationContext(ClaimsPrincipal.Current, resourceAction);
additionalResources.ToList().ForEach(claim => context.Resource.Add(claim));
var claimsAuthorizationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
return(claimsAuthorizationManager.CheckAccess(context));
}
public static bool CheckAccess(string resourceType, string resource, string action, string userName)
{
var resourceAction = new ResourceAction(resourceType, resource, ClaimTypes.ActionType, action);
var user = IdentityHelper.GetIdentityUserByName(userName);
var manager = IdentityHelper.GetUserManager();
ClaimsIdentity userIdentity = null;
if (user == null)
{
log4net.LogManager.GetLogger(nameof(ClaimPermission)).Warn($"A user with username '{userName}' was not found by user manager. Creating Claims Identity from Owin Context Request User.Identity ...");
userIdentity = (OwinHelper.GetOwinContext(HttpContext.Current).Request.User.Identity as ClaimsIdentity);
}
else
{
userIdentity = user.GenerateUserIdentityAsync(manager).Result;
}
var context = CreateAuthorizationContext(ClaimsPrincipal.Current, resourceAction);
var claimsAuthorizationManager =
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager as AuthorizationManager;
return(claimsAuthorizationManager.CheckAccess(context, userIdentity));
}
private static AuthorizationContext CreateAuthorizationContext(ClaimsPrincipal currentPrincipal, ResourceAction resourceAction)
{
var resourceClaim = new Claim(resourceAction.ResourceType, resourceAction.Resource);
var actionClaim = new Claim(resourceAction.ActionType, resourceAction.Action);
return(new AuthorizationContext(currentPrincipal, new Collection <Claim> {
resourceClaim
}, new Collection <Claim> {
actionClaim
}));
}
