/// <summary>
/// Evaluates the specified authority against the specified context.
/// </summary>
/// <param name="principal">Must be an <see cref="IPrincipal"/> object.</param>
/// <param name="ruleName">Must be a string that is the name of the rule to evaluate.</param>
/// <returns><c>true</c> if the expression evaluates to true,
/// otherwise <c>false</c>.</returns>
public bool Authorize(IPrincipal principal, string ruleName)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (ruleName == null || ruleName.Length == 0)
{
throw new ArgumentNullException("ruleName");
}
SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, ruleName);
BooleanExpression booleanExpression = GetParsedExpression(ruleName);
if (booleanExpression == null)
{
throw new AuthorizationRuleNotFoundException(SR.AuthorizationRuleNotFoundMsg(ruleName));
}
bool result = booleanExpression.Evaluate(principal);
if (result == false)
{
SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, ruleName);
}
return(result);
}
/// <summary>
/// Evaluates the specified authority against the specified context that is either a task or operation in Authorization Manager. If the context is an operation it should be prefixed by "O".
/// </summary>
/// <param name="principal">Principal object containing a windows identity.</param>
/// <param name="context">Name of the task or operation to evaluate.</param>
/// <returns><strong>True</strong> if AzMan evaluates to true,
/// otherwise <strong>false</strong>.</returns>
public bool Authorize(IPrincipal principal, string context)
{
ArgumentValidation.CheckForNullReference(principal, "principal");
ArgumentValidation.CheckForNullReference(context, "context");
SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
AzManAuthorizationProviderData data = GetConfigurationData();
string auditIdentifier = data.AuditIdentifierPrefix + principal.Identity.Name + ":" + context;
bool result = false;
bool operation = false;
if (context.IndexOf(OperationContextPrefix) == 0)
{
operation = true;
context = context.Substring(OperationContextPrefix.Length);
}
if (operation)
{
string[] operations = new string[] { context };
result = CheckAccessOperations(data, auditIdentifier, principal.Identity, operations);
}
else
{
string[] tasks = new string[] { context };
result = CheckAccessTasks(data, auditIdentifier, principal.Identity, tasks);
}
if (result == false)
{
SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
}
return(result);
}
private void FireSecurityAuthorizationFailedEvent()
{
SecurityAuthorizationFailedEvent.Fire(testMessage, "action");
}
private void FireSecurityAuthorizationFailureEvent()
{
SecurityAuthorizationFailedEvent.Fire("test", "action");
}