public SASAuthorizationParameters CheckAccessWithMultiplePermissions(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requiredPermission, SasType supportedSasTypes, SasResourceType requiredResourceType, List <SASPermission> requiredSasPermissions, TimeSpan timeout) { SASAuthorizationParameters sASAuthorizationParameter; AuthorizationResult authorizationResult = null; Duration startingNow = Duration.StartingNow; SASAuthorizationParameters sASAuthorizationParameter1 = new SASAuthorizationParameters() { SupportedSasTypes = supportedSasTypes, SignedResourceType = requiredResourceType }; SASAuthorizationParameters current = sASAuthorizationParameter1; List <SASPermission> .Enumerator enumerator = requiredSasPermissions.GetEnumerator(); try { do { if (!enumerator.MoveNext()) { break; } current.SignedPermission = enumerator.Current; IAsyncResult asyncResult = this.BeginAuthorizeRequest(requestor, resourceAccount, resourceContainer, resourceIdentifier, requiredPermission, current, startingNow.Remaining(timeout), null, null); authorizationResult = this.EndAuthorizeRequest(asyncResult); if (!authorizationResult.Authorized) { continue; } sASAuthorizationParameter = current; return(sASAuthorizationParameter); }while (authorizationResult.Authorized || authorizationResult.FailureReason == AuthorizationFailureReason.PermissionMismatch); if (requestor == null || !requestor.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requiredPermission)) { throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, requestor, requiredPermission, authorizationResult.FailureReason); } throw new SecondaryWriteNotAllowedException(); } finally { ((IDisposable)enumerator).Dispose(); } return(sASAuthorizationParameter); }
protected internal override AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters) { AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure); return(base.AuthorizeAccountSignedAccessRequest(signedRequestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters)); }
protected internal virtual AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters) { return(AuthorizationManager.AuthorizeAccountSignedAccessRequest(signedRequestor, resourceAccount, requestedSasParameters)); }
public static AuthorizationResult AuthorizeAccountSignedAccessRequest(AccountSasAccessIdentifier signedRequestor, string resourceAccount, SASAuthorizationParameters requestedSasParameters) { AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure); if (string.IsNullOrEmpty(resourceAccount) || !resourceAccount.Equals(signedRequestor.AccountName, StringComparison.OrdinalIgnoreCase)) { authorizationResult.FailureReason = AuthorizationFailureReason.UnauthorizedAccountSasRequest; authorizationResult.Authorized = false; return(authorizationResult); } if ((requestedSasParameters.SignedResourceType & signedRequestor.SignedResourceType) != requestedSasParameters.SignedResourceType) { authorizationResult.FailureReason = AuthorizationFailureReason.ResourceTypeMismatch; authorizationResult.Authorized = false; return(authorizationResult); } if ((requestedSasParameters.SignedPermission & signedRequestor.SignedAccessPermission) != requestedSasParameters.SignedPermission) { authorizationResult.FailureReason = AuthorizationFailureReason.PermissionMismatch; authorizationResult.Authorized = false; return(authorizationResult); } authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable; authorizationResult.Authorized = true; return(authorizationResult); }
private IEnumerator <IAsyncResult> CheckAccessImpl(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <NoResults> context) { IAsyncResult asyncResult = this.BeginAuthorizeRequest(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, context.GetResumeCallback(), context.GetResumeState("RealServiceManager.AuthorizeImpl")); yield return(asyncResult); AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult); if (!authorizationResult.Authorized) { if (identifier == null || !identifier.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requestedPermission)) { throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, identifier, requestedPermission, requestedSasParameters.SignedPermission, authorizationResult.FailureReason); } throw new SecondaryWriteNotAllowedException(); } }
public IAsyncResult BeginCheckAccess(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state) { AsyncIteratorContext <NoResults> asyncIteratorContext = new AsyncIteratorContext <NoResults>("RealServiceManager.Authorize", callback, state); asyncIteratorContext.Begin(this.CheckAccessImpl(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext)); return(asyncIteratorContext); }
public abstract IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state);
private IEnumerator <IAsyncResult> AuthorizeRequestImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context) { Duration startingNow = Duration.StartingNow; IAsyncResult asyncResult = this.BeginSharedKeyAuthorization(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, authorizationInfo, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl")); yield return(asyncResult); AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult); bool authorized = authorizationResult.Authorized; if (!authorized || !(requestor is SignedAccessAccountIdentifier) && !(requestor is AccountSasAccessIdentifier)) { context.ResultData = authorizationResult; } else { NephosAssertionException.Assert((requestor is SignedAccessAccountIdentifier ? true : requestor is AccountSasAccessIdentifier)); if (!(requestor is SignedAccessAccountIdentifier)) { if (!(requestor is AccountSasAccessIdentifier)) { throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS); } if ((requestedSasParameters.SupportedSasTypes & SasType.AccountSas) != SasType.AccountSas) { throw new NephosUnauthorizedAccessException("Account signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS); } if (requestedSasParameters.SignedPermission == SASPermission.None) { throw new ArgumentException("signedPerrmission"); } authorizationResult = this.AuthorizeAccountSignedAccessRequest(requestor as AccountSasAccessIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters); context.ResultData = authorizationResult; } else { if ((requestedSasParameters.SupportedSasTypes & SasType.ResourceSas) != SasType.ResourceSas) { throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS); } if (requestedSasParameters.SignedPermission == SASPermission.None) { throw new ArgumentException("signedPerrmission"); } authorizationResult = this.AuthorizeResourceSignedAccessRequest(requestor as SignedAccessAccountIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters.SignedPermission); context.ResultData = authorizationResult; } } }
public override IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state) { AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state); asyncIteratorContext.Begin(this.AuthorizeRequestImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext)); return(asyncIteratorContext); }