/// <summary>
/// Demand the permission
/// </summary>
public void Demand()
{
var pdp = ApplicationServiceContext.Current.GetService <IPolicyDecisionService>();
var principal = this.m_principal ?? AuthenticationContext.Current.Principal;
var action = AuthenticationContext.Current.Principal == AuthenticationContext.SystemPrincipal ? PolicyGrantType.Grant : PolicyGrantType.Deny;
// Non system principals must be authenticated
if (!principal.Identity.IsAuthenticated &&
principal != AuthenticationContext.SystemPrincipal &&
this.m_isUnrestricted == true)
{
throw new PolicyViolationException(principal, this.m_policyId, PolicyGrantType.Deny);
}
else
{
if (pdp == null) // No way to verify
{
action = PolicyGrantType.Deny;
}
else if (pdp != null)
{
action = pdp.GetPolicyOutcome(principal, this.m_policyId);
}
}
this.m_traceSource.TraceVerbose("Policy Enforce: {0}({1}) = {2}", principal?.Identity?.Name, this.m_policyId, action);
AuditUtil.AuditAccessControlDecision(principal, m_policyId, action);
if (action != PolicyGrantType.Grant)
{
throw new PolicyViolationException(principal, this.m_policyId, action);
}
}
/// <summary>
/// Demand the permission
/// </summary>
public void Demand()
{
var result = this.DemandSoft();
AuditUtil.AuditAccessControlDecision(this.m_principal, this.m_policyId, result);
if (result != PolicyGrantType.Grant)
{
throw new PolicyViolationException(this.m_principal, this.m_policyId, result);
}
}
/// <summary>
/// Demand policy enforcement
/// </summary>
public void Demand(string policyId, IPrincipal principal)
{
var result = this.GetGrant(principal, policyId);
AuditUtil.AuditAccessControlDecision(principal, policyId, result);
if (result != PolicyGrantType.Grant)
{
throw new PolicyViolationException(principal, policyId, result);
}
}
