private void AuthorizeCall(IClaimsPrincipal principal) { string action = OperationContext.Current.RequestContext.RequestMessage.Headers.Action; ClaimsPrincipalPermission p = null; switch (action) { case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/CreateSomething": p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationCreateClaim())); p.CheckClaims(principal); break; case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/ReadSomething": p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationReadClaim())); p.CheckClaims(principal); break; case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/UpdateSomething": p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationUpdateClaim())); p.CheckClaims(principal); break; case "http://www.thatindigogirl.com/samples/2006/06/ICrudService/DeleteSomething": p = new ClaimsPrincipalPermission(true, new DefaultClaimSet(ClaimsAuthorizationPolicy.CreateIssuerClaimSet(), ClaimsAuthorizationPolicy.CreateApplicationDeleteClaim())); p.CheckClaims(principal); break; } }
/// <summary> /// Return a new permission with the union of this and the permission /// provided. /// IsAuthenticated must match. /// Issuer must be an exact match. /// All claims added to a new ClaimSet with the same Issuer. /// </summary> /// <param name="target"></param> /// <returns></returns> public IPermission Union(IPermission target) { if (target == null) { return(null); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(null); } if (perm.IsUnrestricted() || this.IsUnrestricted()) { return(new ClaimsPrincipalPermission(PermissionState.Unrestricted)); } if (this.m_isAuthenticated != perm.IsAuthenticated) { return(null); } if (!IsExactIssuerMatch(perm.Issuer)) { return(null); } List <Claim> claims = new List <Claim>(); foreach (Claim c in this.m_requiredClaims) { claims.Add(c); } foreach (Claim c in perm.RequiredClaims) { if (!this.m_requiredClaims.ContainsClaim(c)) { claims.Add(c); } } // it is assumed that the issuers are identical from the call // to IsExactIssuerMatch() above ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, new DefaultClaimSet(this.m_requiredClaims.Issuer, claims)); return(newPerm); }
/// <summary> /// Is the permission provided a subset of this permission? /// Issuer must be an exact match. /// Claims in this permission must all be contained in target. /// </summary> /// <param name="target"></param> /// <returns></returns> public bool IsSubsetOf(IPermission target) { if (target == null) { return(false); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(false); } if (perm.IsUnrestricted()) { return(true); } if (this.IsUnrestricted()) { return(false); } if (this.m_isAuthenticated != perm.IsAuthenticated) { return(false); } if (!IsExactIssuerMatch(perm.Issuer)) { return(false); } bool isSubsetOf = false; foreach (Claim c in this.m_requiredClaims) { if (!perm.RequiredClaims.ContainsClaim(c)) { isSubsetOf = false; break; } } return(isSubsetOf); }
public IPermission Intersect(IPermission target) { if (target == null) { return(null); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(null); } if (this.m_isAuthenticated != perm.IsAuthenticated) { return(null); } if (this.m_issuer != perm.Issuer) { return(null); } List <string> claims = new List <string>(); foreach (string s in this.m_requiredClaims) { Predicate <string> predicate = delegate(string sMatch) { if (sMatch == s) { return(true); } else { return(false); } }; if (perm.RequiredClaims.Exists(predicate)) { claims.Add(s); } } ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, this.m_issuer, claims.ToArray()); return(newPerm); }
public bool IsSubsetOf(IPermission target) { bool isSubsetOf = false; if (target == null) { return(false); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(false); } if (this.m_isAuthenticated != perm.IsAuthenticated) { return(false); } if (this.m_issuer != perm.Issuer) { return(false); } int count = 0; foreach (string s in this.m_requiredClaims) { if (perm.m_requiredClaims.Contains(s)) { count++; } } if (count == this.m_requiredClaims.Count) { isSubsetOf = true; } return(isSubsetOf); }
public IPermission Union(IPermission target) { if (target == null) { return(null); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(null); } if (this.m_isAuthenticated != perm.IsAuthenticated) { return(null); } if (this.m_issuer != perm.Issuer) { return(null); } string[] claimsArray = perm.RequiredClaims.ToArray(); List <string> claims = new List <string>(); claims.AddRange(claimsArray); foreach (string s in this.m_requiredClaims) { if (!claims.Contains(s)) { claims.Add(s); } } ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this.m_isAuthenticated, this.m_issuer, claims.ToArray()); return(newPerm); }