public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get claims from authorized issuer ClaimSet issuedClaims = null; foreach (ClaimSet cs in evaluationContext.ClaimSets) { // If the issuer of the ClaimSet is this STS... if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey"))) { issuedClaims = cs; } } if (issuedClaims == null) { throw new SecurityException("Unable to authenticate caller. Invalid claimset provided."); } CustomIdentity identity = new CustomIdentity("Claims"); CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims); evaluationContext.Properties["Principal"] = newPrincipal; return true; }
// called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IList<IIdentity> idents; object identsObject; if (evaluationContext.Properties.TryGetValue( "Identities", out identsObject) && (idents = identsObject as IList<IIdentity>) != null) { foreach (IIdentity ident in idents) { if (ident.IsAuthenticated && ident.AuthenticationType == "BiometricValidator") { StringReader reader = new StringReader(ident.Name); System.Xml.Serialization.XmlSerializer deserializer = new System.Xml.Serialization.XmlSerializer(typeof(SecureContextCredentials)); SecureContextCredentials credentials = (SecureContextCredentials)deserializer.Deserialize(reader); IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Bioemtrics, credentials.IdentityUid); IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" }); evaluationContext.Properties["Principal"] = p; return true; } else { string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com"); IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Certificate, userId); IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" }); evaluationContext.Properties["Principal"] = p; return true; } } } return false; }
// called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IList<IIdentity> idents; object identsObject; if (evaluationContext.Properties.TryGetValue( "Identities", out identsObject) && (idents = identsObject as IList<IIdentity>) != null) { foreach (IIdentity ident in idents) { if (ident.IsAuthenticated && ident.AuthenticationType == "BioUsernamePasswordVerifier") { //evaluationContext.Properties["Principal"] // = new IdsPrincipal(); return true; } else { string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com"); } } } if (!evaluationContext.Properties.ContainsKey("Principal")) { //evaluationContext.Properties["Principal"] = new IdsPrincipal(); } return false; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { var success = false; var identity = GetClientIdentity(evaluationContext); if (identity != null) { if (Roles.Enabled) { var provider = Roles.Provider; var roles = provider.GetRolesForUser(identity.Name); if (provider is AzManRoleProvider) { var azman = (AzManRoleProvider)provider; var operations = azman.GetOperationsForUser(identity.Name); evaluationContext.Properties["Principal"] = new AzManPrincipal(identity, roles, operations); } else { evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, roles); } } else { evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, null); } success = true; } return success; }
/** This method receives the claim sets evaluated so far by other authorization policies. For example, it may include a claim set for each token passed in the request message, * thus contain a WindowsClaimSet or UserNameClaimSet or x509 cliams set and so on. * * Responsible for inspecting claims based on the credentials provided, * mapping those claims to normalized claims, * and constructing a security principal for the request thread. * * The method should return false if this authorization policy was not able to complete its authorization. * * If false, the service model will invoke other authorization policies and then call this one once more, passing the updated claim sets. * This gives the authorization policy another chance to authorize calls. * **/ public bool Evaluate(EvaluationContext evaluationContext, ref object state) { object obj; if (!evaluationContext.Properties.TryGetValue("Identities", out obj)) return false; IList<IIdentity> identities = obj as IList<IIdentity>; if (obj == null || identities.Count <= 0) return false; IIdentity identity = identities[0]; //This is claims conversion ClaimSet claims = MapClaims(identity); if (claims == null) return false; GenericPrincipal newPrincipal = new GenericPrincipal(identity, null); evaluationContext.Properties["Principal"] = newPrincipal; evaluationContext.AddClaimSet(this, claims); return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { var client = GetClientIdentity(evaluationContext); evaluationContext.Properties["Principal"] = PrincipalFactory.Create(client); return true; }
private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity) { List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>; if (identities.Count == 0) throw new SecurityException("Authorization failed, identity missing from evaluation context."); identity = new CustomIdentity(identities[0].Name); // TODO: check identity against credential store and // determine the appropriate claims to allocate // NOTE: in this sample, only partner certificates are provided, // and at this point have passed authorization, so we will grant // all custom claims List<Claim> listClaims = new List<Claim>(); listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty)); listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty)); return new DefaultClaimSet(this.m_issuer, listClaims); }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IPrincipal principal = null; if (HttpContext.Current != null) { principal = HttpContext.Current.User; } if (principal != null) { // set the identity (for PrimaryIdentity) evaluationContext.Properties["Identities"] = new List<IIdentity>() { principal.Identity }; evaluationContext.Properties["Principal"] = principal; var nameClaim = Claim.CreateNameClaim(principal.Identity.Name); ClaimSet set; if (HttpContext.Current != null) { set = new DefaultClaimSet( nameClaim, new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity)); } else { set = new DefaultClaimSet(nameClaim); } evaluationContext.AddClaimSet(this, set); } return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { var client = GetClientIdentity(evaluationContext); evaluationContext.Properties["Principal"] = Thread.CurrentPrincipal; return true; }
// this method gets called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { WebOperationContext ctx = WebOperationContext.Current; string authHeader = ctx.IncomingRequest.Headers[HttpRequestHeader.Authorization]; if(!string.IsNullOrEmpty(authHeader)) { string decryptedAuth = Common.Utils.Decrypt(authHeader.Substring(5).Trim()); if (!string.IsNullOrEmpty(decryptedAuth) && decryptedAuth.Split('|').Length == 2 && decryptedAuth.Split('|')[0] == "mitko" && decryptedAuth.Split('|')[1] == "!@#mitko123") { evaluationContext.Properties["Principal"] = new CustomPrincipal(new CredentialsValidator.CustomIdeintity("Basic", true, "decryptedAuth[0]")); return true; } else { return false; } } else { return false; } }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name))); evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] {_principal.Identity}); evaluationContext.Properties["Principal"] = _principal; return true; }
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state ) { foreach ( ClaimSet issuance in _issuedClaimSets ) evaluationContext.AddClaimSet( this, issuance ); return true; }
// this method gets called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity IIdentity client = GetClientIdentity(evaluationContext); // set the custom principal evaluationContext.Properties["Principal"] = new CustomPrincipal(client); return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal; evaluationContext.Properties["Principal"] = user; evaluationContext.Properties["Identities"] = new List<IIdentity> { user.Identity }; return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IIdentity identity = GetIdentityFromClient(evaluationContext); CustomIdentity Identity = new CustomIdentity(identity.AuthenticationType, identity.Name); evaluationContext.Properties["Principal"] = new CustomPrincipal(Identity, SecurityHelper.GetRolesByUserName(Identity.Name), SecurityHelper.GetPermissions()); return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IIdentity client = GetClientIdentity(evaluationContext); evaluationContext.Properties["Principal"] = new CustomPrincipal(client); return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // set a new principal holding the combined roles // this could be your own IPrincipal implementation var currentIdentity = GetClientIdentity(evaluationContext); evaluationContext.Properties["Principal"] = new GenericPrincipal(new GenericIdentity(currentIdentity.Name + "_Modified"), new string[]{}); return true; }
public bool Evaluate(EvaluationContext context, ref object state) { foreach (ClaimSet issuance in this.issuedClaimSets) { context.AddClaimSet(this, issuance); } return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { var client = GetClientIdentity(evaluationContext); evaluationContext.Properties["Principal"] = new GenericPrincipal(client, new[] { client.Name }); Id = Guid.NewGuid().ToString(); return true; }
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state ) { if ( evaluationContext == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "evaluationContext" ); } evaluationContext.AddClaimSet( this, _issuer ); return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { bool bRet = false; CustomAuthState customstate = null; // If state is null, then we've not been called before so we need // to set up our custom state if (state == null) { customstate = new CustomAuthState(); state = customstate; } else customstate = (CustomAuthState)state; Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate"); // If we've not added claims yet... if (!customstate.ClaimsAdded) { // Create an empty list of Claims IList<Claim> claims = new List<Claim>(); // Iterate through each of the claimsets in the evaluation context foreach (ClaimSet cs in evaluationContext.ClaimSets) // Look for Name claims in the current claimset... foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty)) // Get the list of operations the given username is allowed to call... foreach (string s in GetAllowedOpList(c.Resource.ToString())) { // Check numbers aren't too large // Add claims to the list claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty)); Console.WriteLine("Claim added {0}", s); } // Add claims to the evaluation context evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims)); // record that we've added claims customstate.ClaimsAdded = true; // return true, indicating we do not need to be called again. bRet = true; } else { // Should never get here, but just in case... bRet = true; } return bRet; }
private IIdentity GetClientIdentity(EvaluationContext evaluationContext) { object obj; if (!evaluationContext.Properties.TryGetValue("Identities", out obj)) throw new Exception("No Identity found"); IList<IIdentity> identities = obj as IList<IIdentity>; if (identities == null || identities.Count <= 0) throw new Exception("No Identity found"); return identities[0]; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // find identity Claim id = evaluationContext.ClaimSets.FindIdentityClaim(); string userId = Map(id); evaluationContext.AddClaimSet(this, new CustomerClaimSet(userId, Issuer)); return true; }
private IIdentity GetClientIdentity(EvaluationContext evaluationContext) { object obj; if (!evaluationContext.Properties.TryGetValue("Identities", out obj)) { var authorization = WebOperationContext.Current.IncomingRequest.Headers[HttpRequestHeader.Authorization] ?? DefaultAuthorization; if (authorization == null) { WebOperationContext.Current.OutgoingResponse.Headers["WWW-Authenticate"] = "Basic realm=\"site\""; Utility.ThrowError("Authorization header not provided.", HttpStatusCode.Unauthorized); } var splt = authorization.Split(' '); var authType = splt[0]; if (splt.Length != 2) Utility.ThrowError("Invalid authorization header.", HttpStatusCode.Unauthorized); var cred = Encoding.UTF8.GetString(Convert.FromBase64String(splt[1])).Split(':'); if (cred.Length != 2) Utility.ThrowError("Invalid authorization header content.", HttpStatusCode.Unauthorized); var user = cred[0]; var password = new SecureString(); foreach (var c in cred[1]) password.AppendChar(c); if (string.IsNullOrEmpty(user)) Utility.ThrowError("User not specified in authorization header.", HttpStatusCode.Unauthorized); var identity = new RestIdentity { AuthenticationType = authType, IsAuthenticated = Authentication.IsAuthenticated(user, password), Name = user }; var template = WebOperationContext.Current.IncomingRequest.UriTemplateMatch; if (!identity.IsAuthenticated) { Utility.ThrowError("User '" + user + "' was not authenticated.", HttpStatusCode.Forbidden); } else if (template == null) { var url = OperationContext.Current.RequestContext.RequestMessage.Headers.To; Utility.ThrowError("Unknown route: " + url.PathAndQuery, HttpStatusCode.NotFound); } return identity; } var identities = obj as IList<IIdentity>; if (identities == null || identities.Count < 1) Utility.ThrowError("No Identity found.", HttpStatusCode.Unauthorized); return identities[0]; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { HttpContext context = HttpContext.Current; if (context != null) { evaluationContext.Properties["Principal"] = context.User; evaluationContext.Properties["Identities"] = new List<IIdentity>() { context.User.Identity }; } return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { Claim claim = Claim.CreateNameClaim(user.Identity.Name); evaluationContext.AddClaimSet(this, new DefaultClaimSet(claim)); evaluationContext.Properties["Identities"] = new List<IIdentity>(new IIdentity[] { user.Identity }); evaluationContext.Properties["Principal"] = user; return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { object obj; if (!evaluationContext.Properties.TryGetValue("Identities", out obj)) throw new Exception("No Identity Found"); IList<IIdentity> identity = obj as IList<IIdentity>; if (identity == null || identity.Count <= 0) throw new Exception("No Indentity Found"); IIdentity Identity = identity[0]; evaluationContext.Properties["Principal"] = new GenericPrincipal(Identity, new string[] { "admin", "user" }); return true; }
// this method gets called after the authentication stage public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity //IIdentity client = HttpContext.Current.User.Identity; // set the custom principal var client = new BaseAuthClient(); var principal = new CustomPrincipal(client); evaluationContext.Properties["Principal"] = principal; HttpContext.Current.User = principal; return client.IsAuthenticated; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { const String IdentitiesKey = "Identities"; // Check if the properties of the context has the identities list if (evaluationContext.Properties.Count == 0 || evaluationContext.Properties.ContainsKey(IdentitiesKey) == false || evaluationContext.Properties[IdentitiesKey] == null) { return false; } // Get the identities list List<IIdentity> identities = evaluationContext.Properties[IdentitiesKey] as List<IIdentity>; // Validate that the identities list is valid if (identities == null) { return false; } GenericIdentity newIdentity; String[] roles = new string[] { }; // Password es el token, y UserName el idMovimiento if (Password != "Guest" && ControllersHub.Instance.getISessionController().ValidateToken(Convert.ToInt32(UserName), Password)) { newIdentity = new GenericIdentity(Password, UserName); roles = ControllersHub.Instance.getISessionController().GetUserInfo(Password).Roles; } else { newIdentity = new GenericIdentity("NoId", UserName); } const String PrimaryIdentityKey = "PrimaryIdentity"; // Update the list and the context with the new identity //identities.Remove(currentIdentity); identities.Add(newIdentity); evaluationContext.Properties[PrimaryIdentityKey] = newIdentity; // Create a new principal for this identity GenericPrincipal newPrincipal = new GenericPrincipal(newIdentity, roles); const String PrincipalKey= "Principal"; // Store the new principal in the context evaluationContext.Properties[PrincipalKey] = newPrincipal; // This policy has successfully been evaluated and doesn't need to be called again return true; }
public bool Evaluate(EvaluationContext evaluationContext, ref object state) { IIdentity identity = GetIdentityFromClient(evaluationContext); XmlIdentity xmlIdentity = new XmlIdentity(identity.AuthenticationType, identity.Name); evaluationContext.Properties["Principal"] = new XmlPrincipal( xmlIdentity, XmlSecurityHelper.GetRolesByUserName(xmlIdentity.Name)); return true; }