public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get claims from authorized issuer
ClaimSet issuedClaims = null;
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
// If the issuer of the ClaimSet is this STS...
if ( cs.Issuer.ContainsClaim ( Claim.CreateDnsClaim("IPKey")))
{
issuedClaims = cs;
}
}
if (issuedClaims == null)
{
throw new SecurityException("Unable to authenticate caller. Invalid claimset provided.");
}
CustomIdentity identity = new CustomIdentity("Claims");
CustomPrincipal newPrincipal = new CustomPrincipal(identity, issuedClaims);
evaluationContext.Properties["Principal"] = newPrincipal;
return true;
}
// called after the authentication stage
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IList<IIdentity> idents;
object identsObject;
if (evaluationContext.Properties.TryGetValue(
"Identities", out identsObject) && (idents =
identsObject as IList<IIdentity>) != null)
{
foreach (IIdentity ident in idents)
{
if (ident.IsAuthenticated &&
ident.AuthenticationType == "BiometricValidator")
{
StringReader reader = new StringReader(ident.Name);
System.Xml.Serialization.XmlSerializer deserializer = new System.Xml.Serialization.XmlSerializer(typeof(SecureContextCredentials));
SecureContextCredentials credentials = (SecureContextCredentials)deserializer.Deserialize(reader);
IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Bioemtrics, credentials.IdentityUid);
IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" });
evaluationContext.Properties["Principal"] = p;
return true;
}
else
{
string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com");
IdsIdentity i = new IdsIdentity(ident.IsAuthenticated, AuthenticationType.Certificate, userId);
IdsPrincipal p = new IdsPrincipal(i, new List<string> { "LoggedIn" });
evaluationContext.Properties["Principal"] = p;
return true;
}
}
}
return false;
}
// called after the authentication stage
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IList<IIdentity> idents;
object identsObject;
if (evaluationContext.Properties.TryGetValue(
"Identities", out identsObject) && (idents =
identsObject as IList<IIdentity>) != null)
{
foreach (IIdentity ident in idents)
{
if (ident.IsAuthenticated &&
ident.AuthenticationType == "BioUsernamePasswordVerifier")
{
//evaluationContext.Properties["Principal"]
// = new IdsPrincipal();
return true;
}
else
{
string userId = OperationContext.Current.IncomingMessageHeaders.GetHeader<string>("userId", "http://www.identitystream.com");
}
}
}
if (!evaluationContext.Properties.ContainsKey("Principal"))
{
//evaluationContext.Properties["Principal"] = new IdsPrincipal();
}
return false;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
var success = false;
var identity = GetClientIdentity(evaluationContext);
if (identity != null)
{
if (Roles.Enabled)
{
var provider = Roles.Provider;
var roles = provider.GetRolesForUser(identity.Name);
if (provider is AzManRoleProvider)
{
var azman = (AzManRoleProvider)provider;
var operations = azman.GetOperationsForUser(identity.Name);
evaluationContext.Properties["Principal"] = new AzManPrincipal(identity, roles, operations);
}
else
{
evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, roles);
}
}
else
{
evaluationContext.Properties["Principal"] = new GenericPrincipal(identity, null);
}
success = true;
}
return success;
}
/**
This method receives the claim sets evaluated so far by other authorization policies.
For example, it may include a claim set for each token passed in the request message,
* thus contain a WindowsClaimSet or UserNameClaimSet or x509 cliams set and so on.
*
* Responsible for inspecting claims based on the credentials provided,
* mapping those claims to normalized claims,
* and constructing a security principal for the request thread.
*
* The method should return false if this authorization policy was not able to complete its authorization.
*
* If false, the service model will invoke other authorization policies and then call this one once more, passing the updated claim sets.
* This gives the authorization policy another chance to authorize calls.
*
**/
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
return false;
IList<IIdentity> identities = obj as IList<IIdentity>;
if (obj == null || identities.Count <= 0)
return false;
IIdentity identity = identities[0];
//This is claims conversion
ClaimSet claims = MapClaims(identity);
if (claims == null)
return false;
GenericPrincipal newPrincipal = new GenericPrincipal(identity, null);
evaluationContext.Properties["Principal"] = newPrincipal;
evaluationContext.AddClaimSet(this, claims);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
var client = GetClientIdentity(evaluationContext);
evaluationContext.Properties["Principal"] = PrincipalFactory.Create(client);
return true;
}
private ClaimSet MapClaims(EvaluationContext evaluationContext, out IIdentity identity)
{
List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
if (identities.Count == 0)
throw new SecurityException("Authorization failed, identity missing from evaluation context.");
identity = new CustomIdentity(identities[0].Name);
// TODO: check identity against credential store and
// determine the appropriate claims to allocate
// NOTE: in this sample, only partner certificates are provided,
// and at this point have passed authorization, so we will grant
// all custom claims
List<Claim> listClaims = new List<Claim>();
listClaims.Add(new Claim(CustomClaimTypes.Create, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Delete, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Read, "Application", Rights.PossessProperty));
listClaims.Add(new Claim(CustomClaimTypes.Update, "Application", Rights.PossessProperty));
return new DefaultClaimSet(this.m_issuer, listClaims);
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IPrincipal principal = null;
if (HttpContext.Current != null)
{
principal = HttpContext.Current.User;
}
if (principal != null)
{
// set the identity (for PrimaryIdentity)
evaluationContext.Properties["Identities"] =
new List<IIdentity>() { principal.Identity };
evaluationContext.Properties["Principal"] = principal;
var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
ClaimSet set;
if (HttpContext.Current != null)
{
set = new DefaultClaimSet(
nameClaim,
new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
}
else
{
set = new DefaultClaimSet(nameClaim);
}
evaluationContext.AddClaimSet(this, set);
}
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
var client = GetClientIdentity(evaluationContext);
evaluationContext.Properties["Principal"] = Thread.CurrentPrincipal;
return true;
}
// this method gets called after the authentication stage
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
WebOperationContext ctx = WebOperationContext.Current;
string authHeader = ctx.IncomingRequest.Headers[HttpRequestHeader.Authorization];
if(!string.IsNullOrEmpty(authHeader))
{
string decryptedAuth = Common.Utils.Decrypt(authHeader.Substring(5).Trim());
if (!string.IsNullOrEmpty(decryptedAuth) && decryptedAuth.Split('|').Length == 2 && decryptedAuth.Split('|')[0] == "mitko" && decryptedAuth.Split('|')[1] == "!@#mitko123")
{
evaluationContext.Properties["Principal"] = new CustomPrincipal(new CredentialsValidator.CustomIdeintity("Basic", true, "decryptedAuth[0]"));
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name)));
evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] {_principal.Identity});
evaluationContext.Properties["Principal"] = _principal;
return true;
}
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
{
foreach ( ClaimSet issuance in _issuedClaimSets )
evaluationContext.AddClaimSet( this, issuance );
return true;
}
// this method gets called after the authentication stage
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get the authenticated client identity
IIdentity client = GetClientIdentity(evaluationContext);
// set the custom principal
evaluationContext.Properties["Principal"] = new CustomPrincipal(client);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal;
evaluationContext.Properties["Principal"] = user;
evaluationContext.Properties["Identities"] = new List<IIdentity> { user.Identity };
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IIdentity identity = GetIdentityFromClient(evaluationContext);
CustomIdentity Identity = new CustomIdentity(identity.AuthenticationType, identity.Name);
evaluationContext.Properties["Principal"] = new CustomPrincipal(Identity, SecurityHelper.GetRolesByUserName(Identity.Name), SecurityHelper.GetPermissions());
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IIdentity client = GetClientIdentity(evaluationContext);
evaluationContext.Properties["Principal"] = new CustomPrincipal(client);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// set a new principal holding the combined roles
// this could be your own IPrincipal implementation
var currentIdentity = GetClientIdentity(evaluationContext);
evaluationContext.Properties["Principal"] = new GenericPrincipal(new GenericIdentity(currentIdentity.Name + "_Modified"), new string[]{});
return true;
}
public bool Evaluate(EvaluationContext context, ref object state)
{
foreach (ClaimSet issuance in this.issuedClaimSets)
{
context.AddClaimSet(this, issuance);
}
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
var client = GetClientIdentity(evaluationContext);
evaluationContext.Properties["Principal"] = new GenericPrincipal(client, new[] { client.Name });
Id = Guid.NewGuid().ToString();
return true;
}
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
{
if ( evaluationContext == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "evaluationContext" );
}
evaluationContext.AddClaimSet( this, _issuer );
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customstate = null;
// If state is null, then we've not been called before so we need
// to set up our custom state
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
customstate = (CustomAuthState)state;
Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");
// If we've not added claims yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of Claims
IList<Claim> claims = new List<Claim>();
// Iterate through each of the claimsets in the evaluation context
foreach (ClaimSet cs in evaluationContext.ClaimSets)
// Look for Name claims in the current claimset...
foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
// Get the list of operations the given username is allowed to call...
foreach (string s in GetAllowedOpList(c.Resource.ToString()))
{
// Check numbers aren't too large
// Add claims to the list
claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
Console.WriteLine("Claim added {0}", s);
}
// Add claims to the evaluation context
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
// record that we've added claims
customstate.ClaimsAdded = true;
// return true, indicating we do not need to be called again.
bRet = true;
}
else
{
// Should never get here, but just in case...
bRet = true;
}
return bRet;
}
private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
throw new Exception("No Identity found");
IList<IIdentity> identities = obj as IList<IIdentity>;
if (identities == null || identities.Count <= 0)
throw new Exception("No Identity found");
return identities[0];
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// find identity
Claim id = evaluationContext.ClaimSets.FindIdentityClaim();
string userId = Map(id);
evaluationContext.AddClaimSet(this, new CustomerClaimSet(userId, Issuer));
return true;
}
private IIdentity GetClientIdentity(EvaluationContext evaluationContext)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
{
var authorization = WebOperationContext.Current.IncomingRequest.Headers[HttpRequestHeader.Authorization] ?? DefaultAuthorization;
if (authorization == null)
{
WebOperationContext.Current.OutgoingResponse.Headers["WWW-Authenticate"] = "Basic realm=\"site\"";
Utility.ThrowError("Authorization header not provided.", HttpStatusCode.Unauthorized);
}
var splt = authorization.Split(' ');
var authType = splt[0];
if (splt.Length != 2)
Utility.ThrowError("Invalid authorization header.", HttpStatusCode.Unauthorized);
var cred = Encoding.UTF8.GetString(Convert.FromBase64String(splt[1])).Split(':');
if (cred.Length != 2)
Utility.ThrowError("Invalid authorization header content.", HttpStatusCode.Unauthorized);
var user = cred[0];
var password = new SecureString();
foreach (var c in cred[1])
password.AppendChar(c);
if (string.IsNullOrEmpty(user))
Utility.ThrowError("User not specified in authorization header.", HttpStatusCode.Unauthorized);
var identity = new RestIdentity
{
AuthenticationType = authType,
IsAuthenticated = Authentication.IsAuthenticated(user, password),
Name = user
};
var template = WebOperationContext.Current.IncomingRequest.UriTemplateMatch;
if (!identity.IsAuthenticated)
{
Utility.ThrowError("User '" + user + "' was not authenticated.", HttpStatusCode.Forbidden);
}
else if (template == null)
{
var url = OperationContext.Current.RequestContext.RequestMessage.Headers.To;
Utility.ThrowError("Unknown route: " + url.PathAndQuery, HttpStatusCode.NotFound);
}
return identity;
}
var identities = obj as IList<IIdentity>;
if (identities == null || identities.Count < 1)
Utility.ThrowError("No Identity found.", HttpStatusCode.Unauthorized);
return identities[0];
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
HttpContext context = HttpContext.Current;
if (context != null)
{
evaluationContext.Properties["Principal"] = context.User;
evaluationContext.Properties["Identities"] = new List<IIdentity>() { context.User.Identity };
}
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
Claim claim = Claim.CreateNameClaim(user.Identity.Name);
evaluationContext.AddClaimSet(this, new DefaultClaimSet(claim));
evaluationContext.Properties["Identities"] =
new List<IIdentity>(new IIdentity[] { user.Identity });
evaluationContext.Properties["Principal"] = user;
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
throw new Exception("No Identity Found");
IList<IIdentity> identity = obj as IList<IIdentity>;
if (identity == null || identity.Count <= 0)
throw new Exception("No Indentity Found");
IIdentity Identity = identity[0];
evaluationContext.Properties["Principal"] = new GenericPrincipal(Identity, new string[] { "admin", "user" });
return true;
}
// this method gets called after the authentication stage
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get the authenticated client identity
//IIdentity client = HttpContext.Current.User.Identity;
// set the custom principal
var client = new BaseAuthClient();
var principal = new CustomPrincipal(client);
evaluationContext.Properties["Principal"] = principal;
HttpContext.Current.User = principal;
return client.IsAuthenticated;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
const String IdentitiesKey = "Identities";
// Check if the properties of the context has the identities list
if (evaluationContext.Properties.Count == 0
|| evaluationContext.Properties.ContainsKey(IdentitiesKey) == false
|| evaluationContext.Properties[IdentitiesKey] == null)
{
return false;
}
// Get the identities list
List<IIdentity> identities = evaluationContext.Properties[IdentitiesKey] as List<IIdentity>;
// Validate that the identities list is valid
if (identities == null)
{
return false;
}
GenericIdentity newIdentity;
String[] roles = new string[] { };
// Password es el token, y UserName el idMovimiento
if (Password != "Guest" && ControllersHub.Instance.getISessionController().ValidateToken(Convert.ToInt32(UserName), Password))
{
newIdentity = new GenericIdentity(Password, UserName);
roles = ControllersHub.Instance.getISessionController().GetUserInfo(Password).Roles;
}
else
{
newIdentity = new GenericIdentity("NoId", UserName);
}
const String PrimaryIdentityKey = "PrimaryIdentity";
// Update the list and the context with the new identity
//identities.Remove(currentIdentity);
identities.Add(newIdentity);
evaluationContext.Properties[PrimaryIdentityKey] = newIdentity;
// Create a new principal for this identity
GenericPrincipal newPrincipal = new GenericPrincipal(newIdentity, roles);
const String PrincipalKey= "Principal";
// Store the new principal in the context
evaluationContext.Properties[PrincipalKey] = newPrincipal;
// This policy has successfully been evaluated and doesn't need to be called again
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IIdentity identity = GetIdentityFromClient(evaluationContext);
XmlIdentity xmlIdentity =
new XmlIdentity(identity.AuthenticationType, identity.Name);
evaluationContext.Properties["Principal"] =
new XmlPrincipal(
xmlIdentity,
XmlSecurityHelper.GetRolesByUserName(xmlIdentity.Name));
return true;
}
