public void PlaceOrder(OrderMessage message)
{
Console.WriteLine("Order:");
Console.WriteLine("Product name: {0}", message.Order.ProductName);
Console.WriteLine("Quantity: {0}", message.Order.Quantity);
Console.WriteLine("Comments: {0}", message.Order.Comments);
int requiredPoints;
if (!requiredPointsMap.TryGetValue(message.Order.ProductName, out requiredPoints))
{
ReportSenderFault("An unknown product was ordered", "UnknownProduct");
}
try
{
ClaimsPrincipalPermission.CheckAccess(requiredPoints.ToString(), "BuyAnimal");
}
catch (SecurityException)
{
ReportSenderFault(string.Format("Required points: {0}.", requiredPoints),
"InsufficientExperiencePoints");
}
Console.WriteLine("Order accepted.");
}
static void Main(string[] args)
{
// <Snippet2>
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
// </Snippet2>
// <Snippet3>
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
// </Snippet3>
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
string ICrudService.DeleteSomething()
{
ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.CreateApplicationClaimSet(ClaimsAuthorizationPolicy.ClaimTypes.Delete));
perm.Demand();
return(String.Format("DeleteSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name));
}
string ICrudService.ReadSomething()
{
ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.IssuerName, ClaimsAuthorizationPolicy.ClaimTypes.Read);
perm.Demand();
return(String.Format("ReadSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name));
}
/// <summary>
/// Demo method with direct authorization call
/// </summary>
public void AdminsCanDoThis2()
{
ClaimsPrincipalPermission.CheckAccess("AdminArea", "Read");
Console.WriteLine(Environment.NewLine);
Console.WriteLine("Only the person with 'admin' role can invoke this method (2).");
Console.WriteLine(Environment.NewLine);
}
private static void UsePrincipal()
{
ShowCastle();
//imperative check
ClaimsPrincipalPermission.CheckAccess("Castle", "Show");
var authz = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
AuthorizationContext context = new AuthorizationContext(ClaimsPrincipal.Current, "Castle", "Show");
bool isAuthz = authz.CheckAccess(context);
}
public ActionResult About()
{
var ca = new ClaimsAuthorizationManager();
ClaimsPrincipalPermission.CheckAccess("home/about", "view");
ViewBag.Message = "Your application description page.";
return(View());
}
private void Application_AuthorizeRequest(Object source, EventArgs e)
{
//Create HttpContext object to access request and response properties.
var context = ((HttpApplication)source).Context;
var identity = Thread.CurrentPrincipal.Identity;
if (identity.IsAuthenticated &&
identity.AuthenticationType == AuthenticationTypes.Federation)
{
ClaimsPrincipalPermission.CheckAccess(context.Request.Url.OriginalString, context.Request.HttpMethod);
}
}
/// <summary>
/// Calls ClaimsAuthorizationManager.
/// </summary>
/// <param name="operation">The action.</param>
/// <param name="resources">The resources for to be checked </param>
/// <exception cref="SecurityException">If access is denied</exception>
public static void CheckAccess(
string operation,
params Claim[] resources)
{
var actionClaim = new Claim(ActionType, operation);
var context = new AuthorizationContext(
ClaimsPrincipal.Current,
new Collection<Claim>(resources),
new Collection<Claim> { actionClaim });
var federationConfiguration = FederatedAuthentication.FederationConfiguration;
var claimsAuthorizationManager =
federationConfiguration.IdentityConfiguration.ClaimsAuthorizationManager;
if (!claimsAuthorizationManager.CheckAccess(context))
{
string resource = resources.Any() ? resources.First().Value : "None";
var permission = new ClaimsPrincipalPermission(resource, operation);
ThrowSecurityException(permission);
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal;
if (user != null)
{
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue);
try
{
cpp.Demand();
}
catch (Exception)
{
base.HandleUnauthorizedRequest(actionContext);
}
base.OnAuthorization(actionContext);
}
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal;
if (user == null)
{
return(false);
}
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue);
try
{
cpp.Demand();
return(true);
}
catch (Exception)
{
return(false);
}
}
protected void Page_Load(object sender, EventArgs e)
{
ClaimsPrincipalPermission p = new ClaimsPrincipalPermission("Contacts", "Show");
p.Demand();
ClaimsPrincipalPermission.CheckAccess("Contacts", "Show");
ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;
if (null != principal)
{
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
if (null != identity)
{
foreach (Claim claim in identity.Claims)
{
Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");
}
}
}
}
static void Main(string[] args)
{
//
// Configure .NET Framework to use Windows Claims Principals
// Emulates the authentication phase supported by the Windows Identity Foundation.
//
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
Thread.CurrentPrincipal = ClaimsPrincipal.CreateFromPrincipal(Thread.CurrentPrincipal);
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((IClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
public string GetGrade(int value)
{
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("Grade", "read");
string result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
var cpp = new ClaimsPrincipalPermission("Grade", "read");
cpp.Demand();
result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 3. Access check interacting directly with the authorization manager.
//
var am = new ClaimsAuthorizationManager();
if (!am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "Grade", "read")))
throw new SecurityException("Access denied");
result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 4. Call a method that is protected using the permission attribute class
//
result = new GradeAction().ProtectedGetGrade(value);
Console.WriteLine(result);
return result;
}
public SecuredClass()
{
ClaimsPrincipalPermission.CheckAccess("SecuredClass", "GeneralAccess");
}
public static void MyMethod()
{
//Here is where we would check access to perform operations in this method.
ClaimsPrincipalPermission.CheckAccess(AppResources.Foo.ToString(), Operations.Read.ToString());
//If we made it this far we were authorized and we would perform the actual operations here.
}
