private void AuthorizeCall(IClaimsPrincipal principal)
{
string action = OperationContext.Current.RequestContext.RequestMessage.Headers.Action;
ClaimsPrincipalPermission p = null;
switch (action)
{
case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/CreateSomething":
p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationCreateClaim()));
p.CheckClaims(principal);
break;
case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/ReadSomething":
p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationReadClaim()));
p.CheckClaims(principal);
break;
case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/UpdateSomething":
p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationUpdateClaim()));
p.CheckClaims(principal);
break;
case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/DeleteSomething":
p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationDeleteClaim()));
p.CheckClaims(principal);
break;
}
}
/// <summary>
/// Return a new permission with the union of this and the permission
/// provided.
/// IsAuthenticated must match.
/// Issuer must be an exact match.
/// All claims added to a new ClaimSet with the same Issuer.
/// </summary>
/// <param name="target"></param>
/// <returns></returns>
public IPermission Union(IPermission target)
{
if (target == null)
{
return(null);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(null);
}
if (perm.IsUnrestricted() || this.IsUnrestricted())
{
return(new ClaimsPrincipalPermission(PermissionState.Unrestricted));
}
if (this.m_isAuthenticated != perm.IsAuthenticated)
{
return(null);
}
if (!IsExactIssuerMatch(perm.Issuer))
{
return(null);
}
List <Claim> claims = new List <Claim>();
foreach (Claim c in this.m_requiredClaims)
{
claims.Add(c);
}
foreach (Claim c in perm.RequiredClaims)
{
if (!this.m_requiredClaims.ContainsClaim(c))
{
claims.Add(c);
}
}
// it is assumed that the issuers are identical from the call
// to IsExactIssuerMatch() above
ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, new DefaultClaimSet(this.m_requiredClaims.Issuer, claims));
return(newPerm);
}
/// <summary>
/// Is the permission provided a subset of this permission?
/// Issuer must be an exact match.
/// Claims in this permission must all be contained in target.
/// </summary>
/// <param name="target"></param>
/// <returns></returns>
public bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(false);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(false);
}
if (perm.IsUnrestricted())
{
return(true);
}
if (this.IsUnrestricted())
{
return(false);
}
if (this.m_isAuthenticated != perm.IsAuthenticated)
{
return(false);
}
if (!IsExactIssuerMatch(perm.Issuer))
{
return(false);
}
bool isSubsetOf = false;
foreach (Claim c in this.m_requiredClaims)
{
if (!perm.RequiredClaims.ContainsClaim(c))
{
isSubsetOf = false;
break;
}
}
return(isSubsetOf);
}
public IPermission Intersect(IPermission target)
{
if (target == null)
{
return(null);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(null);
}
if (this.m_isAuthenticated != perm.IsAuthenticated)
{
return(null);
}
if (this.m_issuer != perm.Issuer)
{
return(null);
}
List <string> claims = new List <string>();
foreach (string s in this.m_requiredClaims)
{
Predicate <string> predicate = delegate(string sMatch) { if (sMatch == s)
{
return(true);
}
else
{
return(false);
} };
if (perm.RequiredClaims.Exists(predicate))
{
claims.Add(s);
}
}
ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, this.m_issuer, claims.ToArray());
return(newPerm);
}
public bool IsSubsetOf(IPermission target)
{
bool isSubsetOf = false;
if (target == null)
{
return(false);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(false);
}
if (this.m_isAuthenticated != perm.IsAuthenticated)
{
return(false);
}
if (this.m_issuer != perm.Issuer)
{
return(false);
}
int count = 0;
foreach (string s in this.m_requiredClaims)
{
if (perm.m_requiredClaims.Contains(s))
{
count++;
}
}
if (count == this.m_requiredClaims.Count)
{
isSubsetOf = true;
}
return(isSubsetOf);
}
public IPermission Union(IPermission target)
{
if (target == null)
{
return(null);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(null);
}
if (this.m_isAuthenticated != perm.IsAuthenticated)
{
return(null);
}
if (this.m_issuer != perm.Issuer)
{
return(null);
}
string[] claimsArray = perm.RequiredClaims.ToArray();
List <string> claims = new List <string>();
claims.AddRange(claimsArray);
foreach (string s in this.m_requiredClaims)
{
if (!claims.Contains(s))
{
claims.Add(s);
}
}
ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, this.m_issuer, claims.ToArray());
return(newPerm);
}
