/// <summary> /// Demand the permission /// </summary> public void Demand() { var pdp = ApplicationServiceContext.Current.GetService <IPolicyDecisionService>(); var principal = this.m_principal ?? AuthenticationContext.Current.Principal; var action = AuthenticationContext.Current.Principal == AuthenticationContext.SystemPrincipal ? PolicyGrantType.Grant : PolicyGrantType.Deny; // Non system principals must be authenticated if (!principal.Identity.IsAuthenticated && principal != AuthenticationContext.SystemPrincipal && this.m_isUnrestricted == true) { throw new PolicyViolationException(principal, this.m_policyId, PolicyGrantType.Deny); } else { if (pdp == null) // No way to verify { action = PolicyGrantType.Deny; } else if (pdp != null) { action = pdp.GetPolicyOutcome(principal, this.m_policyId); } } this.m_traceSource.TraceVerbose("Policy Enforce: {0}({1}) = {2}", principal?.Identity?.Name, this.m_policyId, action); AuditUtil.AuditAccessControlDecision(principal, m_policyId, action); if (action != PolicyGrantType.Grant) { throw new PolicyViolationException(principal, this.m_policyId, action); } }
/// <summary> /// Demand the permission /// </summary> public void Demand() { var result = this.DemandSoft(); AuditUtil.AuditAccessControlDecision(this.m_principal, this.m_policyId, result); if (result != PolicyGrantType.Grant) { throw new PolicyViolationException(this.m_principal, this.m_policyId, result); } }
/// <summary> /// Demand policy enforcement /// </summary> public void Demand(string policyId, IPrincipal principal) { var result = this.GetGrant(principal, policyId); AuditUtil.AuditAccessControlDecision(principal, policyId, result); if (result != PolicyGrantType.Grant) { throw new PolicyViolationException(principal, policyId, result); } }