static void Main(string[] args)
{
// <Snippet2>
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
// </Snippet2>
// <Snippet3>
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
// </Snippet3>
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
string ICrudService.DeleteSomething()
{
ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.CreateApplicationClaimSet(ClaimsAuthorizationPolicy.ClaimTypes.Delete));
perm.Demand();
return(String.Format("DeleteSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name));
}
string ICrudService.ReadSomething()
{
ClaimsPrincipalPermission perm = new ClaimsPrincipalPermission(true, ClaimsAuthorizationPolicy.IssuerName, ClaimsAuthorizationPolicy.ClaimTypes.Read);
perm.Demand();
return(String.Format("ReadSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name));
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal;
if (user != null)
{
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue);
try
{
cpp.Demand();
}
catch (Exception)
{
base.HandleUnauthorizedRequest(actionContext);
}
base.OnAuthorization(actionContext);
}
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var user = actionContext?.Request?.GetUserPrincipal() as ClaimsPrincipal;
if (user == null)
{
return(false);
}
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission(claimType, claimValue);
try
{
cpp.Demand();
return(true);
}
catch (Exception)
{
return(false);
}
}
protected void Page_Load(object sender, EventArgs e)
{
ClaimsPrincipalPermission p = new ClaimsPrincipalPermission("Contacts", "Show");
p.Demand();
ClaimsPrincipalPermission.CheckAccess("Contacts", "Show");
ClaimsPrincipal principal = HttpContext.Current.User as ClaimsPrincipal;
if (null != principal)
{
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
if (null != identity)
{
foreach (Claim claim in identity.Claims)
{
Response.Write("CLAIM TYPE: " + claim.Type + "; CLAIM VALUE: " + claim.Value + "</br>");
}
}
}
}
static void Main(string[] args)
{
//
// Configure .NET Framework to use Windows Claims Principals
// Emulates the authentication phase supported by the Windows Identity Foundation.
//
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
Thread.CurrentPrincipal = ClaimsPrincipal.CreateFromPrincipal(Thread.CurrentPrincipal);
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("resource", "action");
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
ClaimsPrincipalPermission cpp = new ClaimsPrincipalPermission("resource", "action");
cpp.Demand();
//
// Method 3. Access check interacting directly with the authorization manager.
//
ClaimsAuthorizationManager am = new ClaimsAuthorizationManager();
am.CheckAccess(new AuthorizationContext((IClaimsPrincipal)Thread.CurrentPrincipal, "resource", "action"));
//
// Method 4. Call a method that is protected using the permission attribute class
//
ProtectedMethod();
Console.WriteLine("Press [Enter] to continue.");
Console.ReadLine();
}
public string GetGrade(int value)
{
//
// Method 1. Simple access check using static method.
// Expect this to be most common method.
//
ClaimsPrincipalPermission.CheckAccess("Grade", "read");
string result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 2. Programmatic check using the permission class
// Follows model found at http://msdn.microsoft.com/en-us/library/system.security.permissions.principalpermission.aspx
//
var cpp = new ClaimsPrincipalPermission("Grade", "read");
cpp.Demand();
result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 3. Access check interacting directly with the authorization manager.
//
var am = new ClaimsAuthorizationManager();
if (!am.CheckAccess(new AuthorizationContext((ClaimsPrincipal)Thread.CurrentPrincipal, "Grade", "read")))
throw new SecurityException("Access denied");
result = new GradeAction().GetGrade(value);
Console.WriteLine(result);
//
// Method 4. Call a method that is protected using the permission attribute class
//
result = new GradeAction().ProtectedGetGrade(value);
Console.WriteLine(result);
return result;
}