public void Validation() { Authenticator a = new Authenticator( new SecurityTokenAuthenticator [] { new CustomUserNameSecurityTokenAuthenticator(UserNamePasswordValidator.None), new X509SecurityTokenAuthenticator(X509CertificateValidator.None), }); PolicyCollection pl = a.ValidateToken(GetSamlToken()); Assert.AreEqual(1, pl.Count, "#1"); IAuthorizationPolicy p = pl [0]; Assert.AreEqual(ClaimSet.System, p.Issuer, "#2"); TestEvaluationContext ec = new TestEvaluationContext(); object o = null; Assert.IsTrue(p.Evaluate(ec, ref o), "#3"); Assert.AreEqual(DateTime.MaxValue.AddDays(-1), ec.ExpirationTime, "#4"); IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.IsNotNull(identities, "#5"); Assert.AreEqual(1, identities.Count, "#6"); IIdentity ident = identities [0]; Assert.AreEqual(true, ident.IsAuthenticated, "#6-2"); // it's implementation details. //Assert.AreEqual ("NoneUserNamePasswordValidator", ident.AuthenticationType, "#6-3"); Assert.AreEqual("mono", ident.Name, "#6-4"); Assert.AreEqual(1, ec.ClaimSets.Count, "#7"); Assert.IsTrue(p.Evaluate(ec, ref o), "#8"); identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.AreEqual(2, identities.Count, "#9"); Assert.AreEqual(2, ec.ClaimSets.Count, "#10"); }
public void Check_PoliciesCanMutateUsersClaims() { // Arrange var user = new ClaimsPrincipal( new ClaimsIdentity(new Claim[0], "Basic") ); var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { if (!context.Authorized) { context.UserClaims.Add(new Claim("Permission", "CanDeleteComments")); context.Retry = true; } } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(new Claim("Permission", "CanDeleteComments"), user); // Assert Assert.True(allowed); }
public async Task Invoke(HttpContext context, IAuthorizationService authorizationService) { HttpResponse response = context.Response; try { await _next(context); } catch (UnauthorizedArgumentException) { response.Clear(); response.StatusCode = StatusCodes.Status403Forbidden; } // // Handle only 401 and 403 if (response.StatusCode != StatusCodes.Status403Forbidden && response.StatusCode != StatusCodes.Status401Unauthorized) { return; } // // Get uncompleted AuthorizationPolicy AuthorizationHandlerContext azContext = context.GetAuthorizationHandlerContext(); IAuthorizationPolicy policy = (IAuthorizationPolicy)azContext?.PendingRequirements.Where(r => r is IAuthorizationPolicy).FirstOrDefault() ?? null; // // Do Challenge if (policy != null) { await policy.Challenge(context); } }
public void Check_ShouldApplyPoliciesInOrder() { // Arrange string result = ""; var policies = new IAuthorizationPolicy[] { new FakePolicy() { Order = 20, ApplyingAsyncAction = (context) => { result += "20"; } }, new FakePolicy() { Order = -1, ApplyingAsyncAction = (context) => { result += "-1"; } }, new FakePolicy() { Order = 30, ApplyingAsyncAction = (context) => { result += "30"; } }, }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), null); // Assert Assert.Equal("-12030", result); }
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator) { if (issuer == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer"); // SupportingTokenAuthenticator collection can be null when the Subject does not // contain a key. if (this.policy == null) { List<ClaimSet> claimSets = new List<ClaimSet>(); ClaimSet subjectKeyClaimset = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator); if (subjectKeyClaimset != null) claimSets.Add(subjectKeyClaimset); List<Claim> claims = new List<Claim>(); ReadOnlyCollection<Claim> subjectClaims = this.subject.ExtractClaims(); for (int i = 0; i < subjectClaims.Count; ++i) { claims.Add(subjectClaims[i]); } AddClaimsToList(claims); claimSets.Add(new DefaultClaimSet(issuer, claims)); this.policy = new UnconditionalPolicy(this.subject.Identity, claimSets.AsReadOnly(), SecurityUtils.MaxUtcDateTime); } return this.policy; }
public void Check_ApplyCanMutateCheckedClaims() { // Arrange var user = new ClaimsPrincipal( new ClaimsIdentity(new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic") ); var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { // for instance, if user owns the comment if (!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments")) { context.Claims.Add(new Claim("Permission", "CanDeleteComments")); context.Retry = true; } } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty <Claim>(), user); // Assert Assert.True(allowed); }
public void Validation() { X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.cer")); Authenticator a = new Authenticator( X509CertificateValidator.None); PolicyCollection pl = a.ValidateToken(new X509SecurityToken(cert)); Assert.AreEqual(1, pl.Count, "#1"); IAuthorizationPolicy p = pl [0]; Assert.AreEqual(ClaimSet.System, p.Issuer, "#2"); TestEvaluationContext ec = new TestEvaluationContext(); object o = null; Assert.IsTrue(p.Evaluate(ec, ref o), "#3"); // mhm, should this really be converted to UTC? Assert.AreEqual(cert.NotAfter.ToUniversalTime(), ec.ExpirationTime, "#4"); IList <IIdentity> identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.IsNotNull(identities, "#5"); Assert.AreEqual(1, identities.Count, "#6"); IIdentity ident = identities [0]; Assert.AreEqual(true, ident.IsAuthenticated, "#6-2"); Assert.AreEqual("X509", ident.AuthenticationType, "#6-3"); //Assert.AreEqual (cert.SubjectName.Name + "; " + cert.Thumbprint, ident.Name, "#6-4"); Assert.AreEqual(1, ec.ClaimSets.Count, "#7"); Assert.IsTrue(p.Evaluate(ec, ref o), "#8"); identities = ec.Properties ["Identities"] as IList <IIdentity>; Assert.AreEqual(2, identities.Count, "#9"); Assert.AreEqual(2, ec.ClaimSets.Count, "#10"); }
/// <summary> /// Combines the specified <paramref name="policy"/> into the current instance. /// </summary> /// <param name="policy">The <see cref="IAuthorizationPolicy"/> to combine.</param> /// <returns>A reference to this instance after the operation has completed.</returns> public AuthorizationPolicyBuilder Combine(IAuthorizationPolicy policy) { Contract.Requires(policy != null); AddRequirements(policy.Requirements.ToArray()); return(this); }
public MatchesForTeamController(IGlobalSettings globalSettings, IUmbracoContextAccessor umbracoContextAccessor, ServiceContext serviceContext, AppCaches appCaches, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITeamDataSource teamDataSource, IMatchFilterFactory matchFilterFactory, IMatchListingDataSource matchDataSource, IDateTimeFormatter dateFormatter, ICreateMatchSeasonSelector createMatchSeasonSelector, IAuthorizationPolicy <Team> authorizationPolicy, IMatchFilterQueryStringParser matchFilterQueryStringParser, IMatchFilterHumanizer matchFilterHumanizer) : base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper) { _teamDataSource = teamDataSource ?? throw new ArgumentNullException(nameof(teamDataSource)); _matchFilterFactory = matchFilterFactory ?? throw new ArgumentNullException(nameof(matchFilterFactory)); _matchDataSource = matchDataSource ?? throw new ArgumentNullException(nameof(matchDataSource)); _dateFormatter = dateFormatter ?? throw new ArgumentNullException(nameof(dateFormatter)); _createMatchSeasonSelector = createMatchSeasonSelector ?? throw new ArgumentNullException(nameof(createMatchSeasonSelector)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); _matchFilterQueryStringParser = matchFilterQueryStringParser ?? throw new ArgumentNullException(nameof(matchFilterQueryStringParser)); _matchFilterHumanizer = matchFilterHumanizer ?? throw new ArgumentNullException(nameof(matchFilterHumanizer)); }
public AuthorizationPolicy() { var builder = new AuthorizationPolicyBuilder(this.GetType().FullName); Build(builder); _inner = builder.Build(); }
public TodoController(IResourceManager <Server.Todo> todoManager, IHttpSessionManager httpSessionManager, IAuthorizationPolicy <Server.Todo> authorizationPolicy) : base(todoManager, httpSessionManager, authorizationPolicy, keyGenerator: t => Guid.NewGuid().ToString(), modelValidator: new TodoValidator()) { this.todoManager_ = todoManager; this.httpSessionManager_ = httpSessionManager; this.authorizationPolicy_ = authorizationPolicy; }
public void Check_ApplyCanMutateCheckedClaims() { // Arrange var user = new ClaimsPrincipal( new ClaimsIdentity( new Claim[] { new Claim("Permission", "CanDeleteComments") }, "Basic") ); var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { // for instance, if user owns the comment if(!context.Claims.Any(claim => claim.Type == "Permission" && claim.Value == "CanDeleteComments")) { context.Claims.Add(new Claim("Permission", "CanDeleteComments")); context.Retry = true; } } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), user); // Assert Assert.True(allowed); }
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator) { if (issuer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer"); } if (this.policy == null) { List<ClaimSet> list = new List<ClaimSet>(); ClaimSet item = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator); if (item != null) { list.Add(item); } List<Claim> claims = new List<Claim>(); ReadOnlyCollection<Claim> onlys = this.subject.ExtractClaims(); for (int i = 0; i < onlys.Count; i++) { claims.Add(onlys[i]); } this.AddClaimsToList(claims); list.Add(new DefaultClaimSet(issuer, claims)); this.policy = new UnconditionalPolicy(this.subject.Identity, list.AsReadOnly(), System.IdentityModel.SecurityUtils.MaxUtcDateTime); } return this.policy; }
public virtual IIdentity ResolveIdentity(SecurityToken token) { if (token == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("token"); } for (int i = 0; i < this.supportingAuthenticators.Count; ++i) { if (this.supportingAuthenticators[i].CanValidateToken(token)) { ReadOnlyCollection <IAuthorizationPolicy> authorizationPolicies = this.supportingAuthenticators[i].ValidateToken(token); if (authorizationPolicies != null && authorizationPolicies.Count != 0) { for (int j = 0; j < authorizationPolicies.Count; ++j) { IAuthorizationPolicy policy = authorizationPolicies[j]; if (policy is UnconditionalPolicy) { return(((UnconditionalPolicy)policy).PrimaryIdentity); } } } } } return(null); }
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator) { if (issuer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer"); } if (this.policy == null) { List <ClaimSet> list = new List <ClaimSet>(); ClaimSet item = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator); if (item != null) { list.Add(item); } List <Claim> claims = new List <Claim>(); ReadOnlyCollection <Claim> onlys = this.subject.ExtractClaims(); for (int i = 0; i < onlys.Count; i++) { claims.Add(onlys[i]); } this.AddClaimsToList(claims); list.Add(new DefaultClaimSet(issuer, claims)); this.policy = new UnconditionalPolicy(this.subject.Identity, list.AsReadOnly(), System.IdentityModel.SecurityUtils.MaxUtcDateTime); } return(this.policy); }
public TestController(ITeamDataSource teamDataSource, ISeasonDataSource seasonDataSource, ICreateMatchSeasonSelector createMatchSeasonSelector, IEditMatchHelper editMatchHelper, Uri requestUrl, IAuthorizationPolicy <Competition> competitionAuthorizationPolicy) : base( Mock.Of <IGlobalSettings>(), Mock.Of <IUmbracoContextAccessor>(), null, AppCaches.NoCache, Mock.Of <IProfilingLogger>(), null, teamDataSource, seasonDataSource, createMatchSeasonSelector, editMatchHelper, competitionAuthorizationPolicy) { var request = new Mock <HttpRequestBase>(); request.SetupGet(x => x.RawUrl).Returns(requestUrl.AbsolutePath); var context = new Mock <HttpContextBase>(); context.SetupGet(x => x.Request).Returns(request.Object); var controllerContext = new Mock <ControllerContext>(); controllerContext.Setup(p => p.HttpContext).Returns(context.Object); controllerContext.Setup(p => p.HttpContext.User).Returns(new GenericPrincipal(new GenericIdentity("test"), null)); ControllerContext = controllerContext.Object; }
public override IAuthorizationPolicy CreatePolicy(ClaimSet issuer, SamlSecurityTokenAuthenticator samlAuthenticator) { if (issuer == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("issuer"); } // SupportingTokenAuthenticator collection can be null when the Subject does not // contain a key. if (this.policy == null) { List <ClaimSet> claimSets = new List <ClaimSet>(); ClaimSet subjectKeyClaimset = this.subject.ExtractSubjectKeyClaimSet(samlAuthenticator); if (subjectKeyClaimset != null) { claimSets.Add(subjectKeyClaimset); } List <Claim> claims = new List <Claim>(); ReadOnlyCollection <Claim> subjectClaims = this.subject.ExtractClaims(); for (int i = 0; i < subjectClaims.Count; ++i) { claims.Add(subjectClaims[i]); } AddClaimsToList(claims); claimSets.Add(new DefaultClaimSet(issuer, claims)); this.policy = new UnconditionalPolicy(this.subject.Identity, claimSets.AsReadOnly(), SecurityUtils.MaxUtcDateTime); } return(this.policy); }
public TournamentController(IGlobalSettings globalSettings, IUmbracoContextAccessor umbracoContextAccessor, ServiceContext serviceContext, AppCaches appCaches, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITournamentDataSource tournamentDataSource, IMatchListingDataSource matchDataSource, IMatchFilterFactory matchFilterFactory, ICommentsDataSource <Tournament> commentsDataSource, IAuthorizationPolicy <Tournament> authorizationPolicy, IDateTimeFormatter dateFormatter, IEmailProtector emailProtector, IBadLanguageFilter badLanguageFilter) : base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper) { _tournamentDataSource = tournamentDataSource ?? throw new ArgumentNullException(nameof(tournamentDataSource)); _matchDataSource = matchDataSource ?? throw new ArgumentNullException(nameof(matchDataSource)); _matchFilterFactory = matchFilterFactory ?? throw new ArgumentNullException(nameof(matchFilterFactory)); _commentsDataSource = commentsDataSource ?? throw new ArgumentNullException(nameof(commentsDataSource)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); _dateFormatter = dateFormatter ?? throw new ArgumentNullException(nameof(dateFormatter)); _emailProtector = emailProtector ?? throw new ArgumentNullException(nameof(emailProtector)); _badLanguageFilter = badLanguageFilter ?? throw new ArgumentNullException(nameof(badLanguageFilter)); }
public TestController(IMatchDataSource matchDataSource, ISeasonDataSource seasonDataSource, IEditMatchHelper editMatchHelper, Uri requestUrl, UmbracoHelper umbracoHelper, IAuthorizationPolicy <Stoolball.Matches.Match> matchAuthorizationPolicy, IAuthorizationPolicy <Competition> competitionAuthorizationPolicy) : base( Mock.Of <IGlobalSettings>(), Mock.Of <IUmbracoContextAccessor>(), null, AppCaches.NoCache, Mock.Of <IProfilingLogger>(), umbracoHelper, matchDataSource, matchAuthorizationPolicy, competitionAuthorizationPolicy, Mock.Of <IDateTimeFormatter>(), seasonDataSource, editMatchHelper) { var request = new Mock <HttpRequestBase>(); request.SetupGet(x => x.Url).Returns(requestUrl); var context = new Mock <HttpContextBase>(); context.SetupGet(x => x.Request).Returns(request.Object); var controllerContext = new Mock <ControllerContext>(); controllerContext.Setup(p => p.HttpContext).Returns(context.Object); controllerContext.Setup(p => p.HttpContext.User).Returns(new GenericPrincipal(new GenericIdentity("test"), null)); ControllerContext = controllerContext.Object; }
public override void AddClaimSet( IAuthorizationPolicy authorizationPolicy, ClaimSet claimSet) { generation++; claim_set_map.Add(authorizationPolicy, claimSet); claim_sets.Add(claimSet); }
public EmployeeController(IEmployeeService employeeService, ApplicationDbContext dbContext, IMapper mapper, ICurrentUser currentUser, IAuthorizationPolicy authorizationPolicy) { EmployeeService = employeeService; DbContext = dbContext; Mapper = mapper; CurrentUser = currentUser; Policies = authorizationPolicy; }
/// <summary> /// Add an authorization policy with the provided name. /// </summary> /// <param name="policy">The authorization policy.</param> public void AddPolicy(IAuthorizationPolicy policy) { if (policy == null) { throw new ArgumentNullException(nameof(policy)); } _policyMap.Add(policy.Name, policy); }
public CreateSeasonSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ICompetitionDataSource competitionDataSource, ISeasonRepository seasonRepository, IAuthorizationPolicy <Competition> authorizationPolicy) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _competitionDataSource = competitionDataSource ?? throw new ArgumentNullException(nameof(competitionDataSource)); _seasonRepository = seasonRepository ?? throw new System.ArgumentNullException(nameof(seasonRepository)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); }
public CreateTeamSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITeamRepository teamRepository, IAuthorizationPolicy <Team> authorizationPolicy, ICacheOverride cacheOverride) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _teamRepository = teamRepository ?? throw new System.ArgumentNullException(nameof(teamRepository)); _authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy)); _cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride)); }
public CreateMatchLocationSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, IMatchLocationRepository matchLocationRepository, IAuthorizationPolicy <MatchLocation> authorizationPolicy, IRouteGenerator routeGenerator, ICacheOverride cacheOverride) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _matchLocationRepository = matchLocationRepository ?? throw new System.ArgumentNullException(nameof(matchLocationRepository)); _authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy)); _routeGenerator = routeGenerator ?? throw new System.ArgumentNullException(nameof(routeGenerator)); _cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride)); }
public ResourceActionHandler(IAuthorizationPolicy authorizationPolicy) { EnsureArg.IsNotNull(authorizationPolicy, nameof(authorizationPolicy)); _authorizationPolicy = authorizationPolicy; foreach (ResourceAction resourceActionValue in Enum.GetValues(typeof(ResourceAction))) { _resourceActionLookup.Add(resourceActionValue.ToString(), resourceActionValue); } }
public AuthorizationPolicyValidator( IJwksStore jwksStore, IResourceSetRepository resourceSetRepository, IEventPublisher eventPublisher) { _authorizationPolicy = new DefaultAuthorizationPolicy(); _jwksStore = jwksStore; _resourceSetRepository = resourceSetRepository; _eventPublisher = eventPublisher; }
public DeleteClubSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, IClubDataSource clubDataSource, IClubRepository clubRepository, IAuthorizationPolicy <Club> authorizationPolicy, ICacheOverride cacheOverride) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _clubDataSource = clubDataSource ?? throw new System.ArgumentNullException(nameof(clubDataSource)); _clubRepository = clubRepository ?? throw new System.ArgumentNullException(nameof(clubRepository)); _authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy)); _cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride)); }
public EditSeasonResultsTableSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ISeasonDataSource seasonDataSource, ISeasonRepository seasonRepository, IAuthorizationPolicy <Competition> authorizationPolicy, IPostSaveRedirector postSaveRedirector) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _seasonDataSource = seasonDataSource ?? throw new ArgumentNullException(nameof(seasonDataSource)); _seasonRepository = seasonRepository ?? throw new ArgumentNullException(nameof(seasonRepository)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); _postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector)); }
/// <summary> /// Given a collection of IAuthorizationPolicies this method will eliminate the IAuthorizationPolicy /// that was created for the given transport Security Token. The method modifies the given collection /// of IAuthorizationPolicy. /// </summary> /// <param name="transportToken">Client's Security Token provided at the transport layer.</param> /// <param name="tranportTokenIdentities"></param> /// <param name="baseAuthorizationPolicies">Collection of IAuthorizationPolicies that were created by WCF.</param> static void EliminateTransportTokenPolicy( SecurityToken transportToken, IEnumerable <ClaimsIdentity> tranportTokenIdentities, List <IAuthorizationPolicy> baseAuthorizationPolicies) { if (transportToken == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("transportToken"); } if (tranportTokenIdentities == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("tranportTokenIdentities"); } if (baseAuthorizationPolicies == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("baseAuthorizationPolicy"); } if (baseAuthorizationPolicies.Count == 0) { // This should never happen in our current configuration. IDFx token handlers do not validate // client tokens present at the transport level. So we should atleast have one IAuthorizationPolicy // that WCF generated for the transport token. throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("baseAuthorizationPolicy", SR.GetString(SR.ID0020)); } // // We will process one IAuthorizationPolicy at a time. Transport token will have been authenticated // by WCF and would have created a IAuthorizationPolicy for the same. If the transport token is a X.509 // SecurityToken and 'mapToWindows' was set to true then the IAuthorizationPolicy that was created // by WCF will have two Claimsets, a X509ClaimSet and a WindowsClaimSet. We need to prune out this case // and ignore both these Claimsets as we have made a call to the token handler to authenticate this // token above. If we create a AuthorizationContext using all the IAuthorizationPolicies then all // the claimsets are merged and it becomes hard to identify this case. // IAuthorizationPolicy policyToEliminate = null; foreach (IAuthorizationPolicy authPolicy in baseAuthorizationPolicies) { if (DoesPolicyMatchTransportToken(transportToken, tranportTokenIdentities, authPolicy)) { policyToEliminate = authPolicy; break; } } if (policyToEliminate == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperInvalidOperation(SR.GetString(SR.ID4271, transportToken)); } baseAuthorizationPolicies.Remove(policyToEliminate); }
public EditCompetitionSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ICompetitionDataSource competitionDataSource, ICompetitionRepository competitionRepository, IAuthorizationPolicy <Competition> authorizationPolicy, IPostSaveRedirector postSaveRedirector, ICacheOverride cacheOverride) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _competitionDataSource = competitionDataSource ?? throw new ArgumentNullException(nameof(competitionDataSource)); _competitionRepository = competitionRepository ?? throw new ArgumentNullException(nameof(competitionRepository)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); _postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector)); _cacheOverride = cacheOverride ?? throw new ArgumentNullException(nameof(cacheOverride)); }
public override void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet) { if (claimSet == null) throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claimSet"); if (_claimSets == null) _claimSets = new List<ClaimSet>(); _claimSets.Add(claimSet); ++_generation; }
public CreateClubController(IGlobalSettings globalSettings, IUmbracoContextAccessor umbracoContextAccessor, ServiceContext serviceContext, AppCaches appCaches, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, IAuthorizationPolicy <Club> authorizationPolicy) : base(globalSettings, umbracoContextAccessor, serviceContext, appCaches, profilingLogger, umbracoHelper) { _authorizationPolicy = authorizationPolicy ?? throw new System.ArgumentNullException(nameof(authorizationPolicy)); }
public EditTournamentSeasonsSurfaceController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory umbracoDatabaseFactory, ServiceContext serviceContext, AppCaches appCaches, ILogger logger, IProfilingLogger profilingLogger, UmbracoHelper umbracoHelper, ITournamentDataSource tournamentDataSource, ICacheClearer <Tournament> cacheClearer, ITournamentRepository tournamentRepository, IAuthorizationPolicy <Tournament> authorizationPolicy, IPostSaveRedirector postSaveRedirector) : base(umbracoContextAccessor, umbracoDatabaseFactory, serviceContext, appCaches, logger, profilingLogger, umbracoHelper) { _tournamentDataSource = tournamentDataSource ?? throw new ArgumentNullException(nameof(tournamentDataSource)); _cacheClearer = cacheClearer ?? throw new ArgumentNullException(nameof(cacheClearer)); _tournamentRepository = tournamentRepository ?? throw new ArgumentNullException(nameof(tournamentRepository)); _authorizationPolicy = authorizationPolicy ?? throw new ArgumentNullException(nameof(authorizationPolicy)); _postSaveRedirector = postSaveRedirector ?? throw new ArgumentNullException(nameof(postSaveRedirector)); }
public override void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet) { if (claimSet == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("claimSet"); } if (this.claimSets == null) { this.claimSets = new List<ClaimSet>(); } this.claimSets.Add(claimSet); this.generation++; }
public void Check_ShouldConvertNullClaimsToEmptyList() { // Arrange IList<Claim> claims = null; var policies = new IAuthorizationPolicy[] { new FakePolicy() { Order = 20, ApplyingAsyncAction = (context) => { claims = context.Claims; } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null); // Assert Assert.NotNull(claims); Assert.Equal(0, claims.Count); }
public abstract void AddClaimSet(IAuthorizationPolicy policy, ClaimSet claimSet);
public override void AddClaimSet ( IAuthorizationPolicy authorizationPolicy, ClaimSet claimSet) { generation++; claim_set_map.Add (authorizationPolicy, claimSet); claim_sets.Add (claimSet); }
public void Check_ShouldThrowWhenPoliciesDontStop() { // Arrange var policies = new IAuthorizationPolicy[] { new FakePolicy() { ApplyAsyncAction = (context) => { context.Retry = true; } } }; var authorizationService = new DefaultAuthorizationService(policies); // Act // Assert Exception ex = Assert.Throws<AggregateException>(() => authorizationService.Authorize(Enumerable.Empty<Claim>(), null)); }
public void Check_ShouldInvokeApplyingApplyAppliedInOrder() { // Arrange string result = ""; var policies = new IAuthorizationPolicy[] { new FakePolicy() { Order = 20, ApplyingAsyncAction = (context) => { result += "Applying20"; }, ApplyAsyncAction = (context) => { result += "Apply20"; }, AppliedAsyncAction = (context) => { result += "Applied20"; } }, new FakePolicy() { Order = -1, ApplyingAsyncAction = (context) => { result += "Applying-1"; }, ApplyAsyncAction = (context) => { result += "Apply-1"; }, AppliedAsyncAction = (context) => { result += "Applied-1"; } }, new FakePolicy() { Order = 30, ApplyingAsyncAction = (context) => { result += "Applying30"; }, ApplyAsyncAction = (context) => { result += "Apply30"; }, AppliedAsyncAction = (context) => { result += "Applied30"; } }, }; var authorizationService = new DefaultAuthorizationService(policies); // Act var allowed = authorizationService.Authorize(Enumerable.Empty<Claim>(), null); // Assert Assert.Equal("Applying-1Applying20Applying30Apply-1Apply20Apply30Applied-1Applied20Applied30", result); }
public AuthorizationPolicyResult(IAuthorizationPolicy policy, AuthorizationRight rights) { _rights = rights; _policy = Description.For(policy); }
public override void AddClaimSet (IAuthorizationPolicy policy, ClaimSet claimSet) { claim_sets.Add (claimSet); }