public void PlaceOrder(OrderMessage message) { Console.WriteLine("Order:"); Console.WriteLine("Product name: {0}", message.Order.ProductName); Console.WriteLine("Quantity: {0}", message.Order.Quantity); Console.WriteLine("Comments: {0}", message.Order.Comments); int requiredPoints; if (!requiredPointsMap.TryGetValue(message.Order.ProductName, out requiredPoints)) { ReportSenderFault("An unknown product was ordered", "UnknownProduct"); } try { ClaimsPrincipalPermission.CheckAccess(requiredPoints.ToString(), "BuyAnimal"); } catch (SecurityException) { ReportSenderFault(string.Format("Required points: {0}.", requiredPoints), "InsufficientExperiencePoints"); } Console.WriteLine("Order accepted."); }
static void Main(string[] args) { // <Snippet2> // // Method 1. Simple access check using static method. // Expect this to be most common method. // ClaimsPrincipalPermission.CheckAccess("resource", "action"); // </Snippet2> // <Snippet3> // // Method 2. Programmatic check using the permission class // Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx // ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action"); cpp.Demand(); // </Snippet3> // // Method 3. Access check interacting directly with the authorization manager. // ClaimsAuthorizationManager am = new ClaimsAuthorizationManager(); am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action")); // // Method 4. Call a method that is protected using the permission attribute class // ProtectedMethod(); Console.WriteLine("Press [Enter] to continue."); Console.ReadLine(); }
string ICrudService.DeleteSomething() { ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.CreateApplicationClaimSet(ClaimsAuthorizationPolicy.ClaimTypes.Delete)); perm.Demand(); return(String.Format("DeleteSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name)); }
string ICrudService.ReadSomething() { ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.IssuerName, ClaimsAuthorizationPolicy.ClaimTypes.Read); perm.Demand(); return(String.Format("ReadSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name)); }
/// <summary> /// Demo method with direct authorization call /// </summary> public void AdminsCanDoThis2() { ClaimsPrincipalPermission.CheckAccess("AdminArea", "Read"); Console.WriteLine(Environment.NewLine); Console.WriteLine("Only the person with 'admin' role can invoke this method (2)."); Console.WriteLine(Environment.NewLine); }
private static void UsePrincipal() { ShowCastle(); //imperative check ClaimsPrincipalPermission.CheckAccess("Castle", "Show"); var authz = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager; AuthorizationContext context = new AuthorizationContext(ClaimsPrincipal.Current, "Castle", "Show"); bool isAuthz = authz.CheckAccess(context); }
public ActionResult About() { var ca = new ClaimsAuthorizationManager(); ClaimsPrincipalPermission.CheckAccess("home/about", "view"); ViewBag.Message = "Your application description page."; return(View()); }
private void Application_AuthorizeRequest(Object source, EventArgs e) { //Create HttpContext object to access request and response properties. var context = ((HttpApplication)source).Context; var identity = Thread.CurrentPrincipal.Identity; if (identity.IsAuthenticated && identity.AuthenticationType == AuthenticationTypes.Federation) { ClaimsPrincipalPermission.CheckAccess(context.Request.Url.OriginalString, context.Request.HttpMethod); } }
/// <summary> /// Calls ClaimsAuthorizationManager. /// </summary> /// <param name="operation">The action.</param> /// <param name="resources">The resources for to be checked </param> /// <exception cref="SecurityException">If access is denied</exception> public static void CheckAccess( string operation, params Claim[] resources) { var actionClaim = new Claim(ActionType, operation); var context = new AuthorizationContext( ClaimsPrincipal.Current, new Collection<Claim>(resources), new Collection<Claim> { actionClaim }); var federationConfiguration = FederatedAuthentication.FederationConfiguration; var claimsAuthorizationManager = federationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager; if (!claimsAuthorizationManager.CheckAccess(context)) { string resource = resources.Any() ? resources.First().Value : "None"; var permission = new ClaimsPrincipalPermission(resource, operation); ThrowSecurityException(permission); } }
public override void OnAuthorization(HttpActionContext actionContext) { var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal; if (user != null) { ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue); try { cpp.Demand(); } catch (Exception) { base.HandleUnauthorizedRequest(actionContext); } base.OnAuthorization(actionContext); } }
protected override bool IsAuthorized(HttpActionContext actionContext) { var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal; if (user == null) { return(false); } ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue); try { cpp.Demand(); return(true); } catch (Exception) { return(false); } }
protected void Page_Load(object sender, EventArgs e) { ClaimsPrincipalPermission p = new ClaimsPrincipalPermission("Contacts", "Show"); p.Demand(); ClaimsPrincipalPermission.CheckAccess("Contacts", "Show"); ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal; if (null != principal) { ClaimsIdentity identity = principal.Identity as ClaimsIdentity; if (null != identity) { foreach (Claim claim in identity.Claims) { Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>"); } } } }
static void Main(string[] args) { // // Configure .NET Framework to use Windows Claims Principals // Emulates the authentication phase supported by the Windows Identity Foundation. // AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); Thread.CurrentPrincipal = ClaimsPrincipal.CreateFromPrincipal(Thread.CurrentPrincipal); // // Method 1. Simple access check using static method. // Expect this to be most common method. // ClaimsPrincipalPermission.CheckAccess("resource", "action"); // // Method 2. Programmatic check using the permission class // Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx // ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action"); cpp.Demand(); // // Method 3. Access check interacting directly with the authorization manager. // ClaimsAuthorizationManager am = new ClaimsAuthorizationManager(); am.CheckAccess(new AuthorizationContext((IClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action")); // // Method 4. Call a method that is protected using the permission attribute class // ProtectedMethod(); Console.WriteLine("Press [Enter] to continue."); Console.ReadLine(); }
public string GetGrade(int value) { // // Method 1. Simple access check using static method. // Expect this to be most common method. // ClaimsPrincipalPermission.CheckAccess("Grade", "read"); string result = new GradeAction().GetGrade(value); Console.WriteLine(result); // // Method 2. Programmatic check using the permission class // Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx // var cpp = new ClaimsPrincipalPermission("Grade", "read"); cpp.Demand(); result = new GradeAction().GetGrade(value); Console.WriteLine(result); // // Method 3. Access check interacting directly with the authorization manager. // var am = new ClaimsAuthorizationManager(); if (!am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "Grade", "read"))) throw new SecurityException("Access denied"); result = new GradeAction().GetGrade(value); Console.WriteLine(result); // // Method 4. Call a method that is protected using the permission attribute class // result = new GradeAction().ProtectedGetGrade(value); Console.WriteLine(result); return result; }
public SecuredClass() { ClaimsPrincipalPermission.CheckAccess("SecuredClass", "GeneralAccess"); }
public static void MyMethod() { //Here is where we would check access to perform operations in this method. ClaimsPrincipalPermission.CheckAccess(AppResources.Foo.ToString(), Operations.Read.ToString()); //If we made it this far we were authorized and we would perform the actual operations here. }