public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
IPrincipal principal = null;
if (HttpContext.Current != null)
{
principal = HttpContext.Current.User;
}
if (principal != null)
{
// set the identity (for PrimaryIdentity)
evaluationContext.Properties["Identities"] =
new List<IIdentity>() { principal.Identity };
evaluationContext.Properties["Principal"] = principal;
var nameClaim = Claim.CreateNameClaim(principal.Identity.Name);
ClaimSet set;
if (HttpContext.Current != null)
{
set = new DefaultClaimSet(
nameClaim,
new Claim(ClaimTypes.Authentication, HttpContext.Current.User.Identity, Rights.Identity));
}
else
{
set = new DefaultClaimSet(nameClaim);
}
evaluationContext.AddClaimSet(this, set);
}
return true;
}
/**
This method receives the claim sets evaluated so far by other authorization policies.
For example, it may include a claim set for each token passed in the request message,
* thus contain a WindowsClaimSet or UserNameClaimSet or x509 cliams set and so on.
*
* Responsible for inspecting claims based on the credentials provided,
* mapping those claims to normalized claims,
* and constructing a security principal for the request thread.
*
* The method should return false if this authorization policy was not able to complete its authorization.
*
* If false, the service model will invoke other authorization policies and then call this one once more, passing the updated claim sets.
* This gives the authorization policy another chance to authorize calls.
*
**/
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
return false;
IList<IIdentity> identities = obj as IList<IIdentity>;
if (obj == null || identities.Count <= 0)
return false;
IIdentity identity = identities[0];
//This is claims conversion
ClaimSet claims = MapClaims(identity);
if (claims == null)
return false;
GenericPrincipal newPrincipal = new GenericPrincipal(identity, null);
evaluationContext.Properties["Principal"] = newPrincipal;
evaluationContext.AddClaimSet(this, claims);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name)));
evaluationContext.Properties["Identities"] = new List<IIdentity>(new[] {_principal.Identity});
evaluationContext.Properties["Principal"] = _principal;
return true;
}
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
{
foreach ( ClaimSet issuance in _issuedClaimSets )
evaluationContext.AddClaimSet( this, issuance );
return true;
}
public bool Evaluate(EvaluationContext context, ref object state)
{
foreach (ClaimSet issuance in this.issuedClaimSets)
{
context.AddClaimSet(this, issuance);
}
return true;
}
bool IAuthorizationPolicy.Evaluate( EvaluationContext evaluationContext, ref object state )
{
if ( evaluationContext == null )
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "evaluationContext" );
}
evaluationContext.AddClaimSet( this, _issuer );
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customstate = null;
// If state is null, then we've not been called before so we need
// to set up our custom state
if (state == null)
{
customstate = new CustomAuthState();
state = customstate;
}
else
customstate = (CustomAuthState)state;
Console.WriteLine("Inside MyAuthorizationPolicy::Evaluate");
// If we've not added claims yet...
if (!customstate.ClaimsAdded)
{
// Create an empty list of Claims
IList<Claim> claims = new List<Claim>();
// Iterate through each of the claimsets in the evaluation context
foreach (ClaimSet cs in evaluationContext.ClaimSets)
// Look for Name claims in the current claimset...
foreach (Claim c in cs.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
// Get the list of operations the given username is allowed to call...
foreach (string s in GetAllowedOpList(c.Resource.ToString()))
{
// Check numbers aren't too large
// Add claims to the list
claims.Add(new Claim("http://example.org/claims/allowedoperation", s, Rights.PossessProperty));
Console.WriteLine("Claim added {0}", s);
}
// Add claims to the evaluation context
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
// record that we've added claims
customstate.ClaimsAdded = true;
// return true, indicating we do not need to be called again.
bRet = true;
}
else
{
// Should never get here, but just in case...
bRet = true;
}
return bRet;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// find identity
Claim id = evaluationContext.ClaimSets.FindIdentityClaim();
string userId = Map(id);
evaluationContext.AddClaimSet(this, new CustomerClaimSet(userId, Issuer));
return true;
}
public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
ThrowIfDisposed();
if (_issuance != null)
{
evaluationContext.AddClaimSet(this, _issuance);
}
else
{
for (int i = 0; i < _issuances.Count; ++i)
{
if (_issuances[i] != null)
{
evaluationContext.AddClaimSet(this, _issuances[i]);
}
}
}
// Preferably Non-Anonymous
if (this.PrimaryIdentity != null && this.PrimaryIdentity != SecurityUtils.AnonymousIdentity)
{
IList <IIdentity> identities;
object obj;
if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
identities = new List <IIdentity>(1);
evaluationContext.Properties.Add(SecurityUtils.Identities, identities);
}
else
{
// null if other overrides the property with something else
identities = obj as IList <IIdentity>;
}
if (identities != null)
{
identities.Add(this.PrimaryIdentity);
}
}
evaluationContext.RecordExpirationTime(_expirationTime);
return(true);
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
Claim claim = Claim.CreateNameClaim(user.Identity.Name);
evaluationContext.AddClaimSet(this, new DefaultClaimSet(claim));
evaluationContext.Properties["Identities"] =
new List<IIdentity>(new IIdentity[] { user.Identity });
evaluationContext.Properties["Principal"] = user;
return true;
}
public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
this.ThrowIfDisposed();
if (this.issuance != null)
{
evaluationContext.AddClaimSet(this, this.issuance);
}
else
{
for (int i = 0; i < this.issuances.Count; i++)
{
if (this.issuances[i] != null)
{
evaluationContext.AddClaimSet(this, this.issuances[i]);
}
}
}
if ((this.PrimaryIdentity != null) && (this.PrimaryIdentity != System.IdentityModel.SecurityUtils.AnonymousIdentity))
{
IList <IIdentity> list;
object obj2;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj2))
{
list = new List <IIdentity>(1);
evaluationContext.Properties.Add("Identities", list);
}
else
{
list = obj2 as IList <IIdentity>;
}
if (list != null)
{
list.Add(this.PrimaryIdentity);
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return(true);
}
public bool Evaluate(EvaluationContext context, ref object state)
{
var identities = new List<IIdentity> {_identity};
context.AddClaimSet(this,
new DefaultClaimSet(Issuer, new Claim(ClaimTypes.Name, _identity == null ? null : _identity.Name, Rights.Identity)));
if (context.Properties.ContainsKey(AuthContextIdentityPropertyName))
context.Properties[AuthContextIdentityPropertyName] = identities;
else
context.Properties.Add(AuthContextIdentityPropertyName, identities);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (evaluationContext.Properties.ContainsKey("Identities"))
{
IIdentity identity;
ClaimSet claims = MapClaims(evaluationContext, out identity);
CustomPrincipal newPrincipal = new CustomPrincipal(identity, claims);
evaluationContext.Properties["Principal"] = newPrincipal;
evaluationContext.AddClaimSet(this, claims);
}
return true;
}
//We will add a custom claim to the EvaluationContext if the 'magic character' exists in the username
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
//Get the Identities Property
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
{
Debug.WriteLine("CustomNameCheckerPolicy: Identities is null");
return false;
}
//Get the list of IIdentities
IList<IIdentity> identities = obj as IList<IIdentity>;
if (identities == null || identities.Count != 1)
{
Debug.WriteLine("CustomNameCheckerPolicy: Identities.count = 0");
return false;
}
//Get the WindowsIdentity
//Any other type of IIdentity will cause it to return false
WindowsIdentity wID = identities[0] as WindowsIdentity;
if (wID == null)
{
Debug.WriteLine("CustomNameCheckerPolicy: Not a Windows Identity");
return false;
}
//retrieve the username
string[] domainAndUsername = wID.Name.Split(new char[]{'\\'});
string userName = domainAndUsername[0];
if (domainAndUsername.Length > 1)
userName = domainAndUsername[1];
//Check to see if the 'magic character' exists in the username
//Add our claim if it does
if (userName.ToUpper().Contains(Constants.magicCharacter.ToUpper()))
{
List<Claim> claims = new List<Claim>(1);
Claim magicCharacterClaim = new Claim(Constants.PossessesMagicCharacterType, Constants.magicCharacter, Rights.PossessProperty);
claims.Add(magicCharacterClaim);
evaluationContext.AddClaimSet(this, new DefaultClaimSet(claims));
}
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (evaluationContext.Properties.ContainsKey("Identities"))
{
List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
IIdentity identity = identities.FirstOrDefault(i => i.AuthenticationType == "X509");
GenericPrincipal genprincipal = new GenericPrincipal(identity, null);
evaluationContext.Properties["Principal"] = genprincipal;
var user = UserStore.GetUserByCertificate(identity.Name);
evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("User", user, Rights.Identity)));
return true;
}
else
return false;
}
// This method is expected to be thread safe
public bool Evaluate (EvaluationContext ec, ref object state)
{
lock (ec) {
ec.AddClaimSet (this, CreateClaims ());
List<IIdentity> list;
if (!ec.Properties.ContainsKey ("Identities")) {
list = new List<IIdentity> ();
ec.Properties ["Identities"] = list;
} else {
IList<IIdentity> ilist = (IList<IIdentity>) ec.Properties ["Identities"];
list = ilist as List<IIdentity>;
if (list == null) {
list = new List<IIdentity> (ilist);
ec.Properties ["Identities"] = list;
}
}
list.Add (CreateIdentity ());
ec.RecordExpirationTime (DateTime.MaxValue.AddDays (-1));
}
// FIXME: is it correct that this should always return true?
return true;
}
/// <summary>
/// Defines the set of rules to for authorizing a user given a set of claims.
/// It prepares the evaluation context with relevant information and adds the claims to the evaluation context.
/// </summary>
/// <param name="evaluationContext">Evaluation context</param>
/// <param name="state">State</param>
/// <returns>return false if this authorization policy was not able to complete its authorization, otherwise true</returns>
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (OperationContext.Current.IncomingMessageProperties[PRINCIPAL] != null)
{
IClaimsPrincipal principal = OperationContext.Current.IncomingMessageProperties[PRINCIPAL] as IClaimsPrincipal;
// If the principal is not an IClaimsPrincipal we can not authorize it
if (principal == null)
{
return false;
}
evaluationContext.Properties[PRINCIPAL] = principal;
if (principal.Claims != null)
{
evaluationContext.AddClaimSet(this, principal.Claims);
}
return true;
}
return false;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (null == state)
{
state = false;
}
bool hasAddedClaims = (bool)state;
if (hasAddedClaims)
{
return true; ;
}
IList<Claim> claims = new List<Claim>();
foreach (ClaimSet claimSet in evaluationContext.ClaimSets)
{
foreach (Claim claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
{
string userName = (string)claim.Resource;
if (userName.Contains('\\'))
{
userName = userName.Split('\\')[1];
if (string.Compare("Foo", userName, true) == 0)
{
claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfAdd, Rights.PossessProperty));
claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfSubtract, Rights.PossessProperty));
}
if (string.Compare("Bar", userName, true) == 0)
{
claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfMultiply, Rights.PossessProperty));
claims.Add(new Claim(ClaimType4AllowedOperation, ActionOfDivide, Rights.PossessProperty));
}
}
}
}
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
state = true;
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
evaluationContext.AddClaimSet(this, this.issuance);
if (this.identities != null)
{
object value;
IList<IIdentity> contextIdentities;
if (!evaluationContext.Properties.TryGetValue("Identities", out value))
{
contextIdentities = new List<IIdentity>(this.identities.Count);
evaluationContext.Properties.Add("Identities", contextIdentities);
}
else
{
contextIdentities = value as IList<IIdentity>;
}
foreach (IIdentity identity in this.identities)
{
contextIdentities.Add(identity);
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// Add the token claim set to the evaluation context.
evaluationContext.AddClaimSet(this, tokenClaims);
// Return true if the policy evaluation is finished.
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
evaluationContext.AddClaimSet(this, issuance);
evaluationContext.RecordExpirationTime(DateTime.UtcNow.AddDays(1.0));
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
for (int num1 = 0; num1 < this.claimSets.Count; num1++)
{
evaluationContext.AddClaimSet(this, this.claimSets[num1]);
}
if (this.identities != null)
{
object obj;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj))
{
evaluationContext.Properties.Add("Identities", (object)this.identities);
}
else
{
List<IIdentity> identities = obj as List<IIdentity>;
if (identities != null)
{
identities.AddRange(this.identities);
}
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
public virtual bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
ThrowIfDisposed();
if (this.issuance != null)
{
evaluationContext.AddClaimSet(this, this.issuance);
}
else
{
for (int i = 0; i < this.issuances.Count; ++i)
{
if (this.issuances[i] != null)
{
evaluationContext.AddClaimSet(this, this.issuances[i]);
}
}
}
// Preferably Non-Anonymous
if (this.PrimaryIdentity != null && this.PrimaryIdentity != SecurityUtils.AnonymousIdentity)
{
IList<IIdentity> identities;
object obj;
if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
identities = new List<IIdentity>(1);
evaluationContext.Properties.Add(SecurityUtils.Identities, identities);
}
else
{
// null if other overrides the property with something else
identities = obj as IList<IIdentity>;
}
if (identities != null)
{
identities.Add(this.PrimaryIdentity);
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
bool bRet = false;
CustomAuthState customAuthState = null;
// If state is null, then this method has not been called before, so
// set up a custom state.
if (state == null)
{
customAuthState = new CustomAuthState();
state = customAuthState;
}
else
{
customAuthState = (CustomAuthState)state;
}
// If claims have not been added yet...
if (!customAuthState.ClaimsAdded)
{
// helpful class for processing certificates
X509CertificateClaimSet certClaimSet = null;
// look for the client's certificate
foreach (ClaimSet cs in evaluationContext.ClaimSets)
{
certClaimSet = cs as X509CertificateClaimSet;
// As of this writing, calling evaluationContext.AddClaimSets
// directly modifies the ClaimSets collection we are enumerating,
// which will result in an exception, so we break out of this loop
// before adding our new ClaimSet
if (null != certClaimSet)
{
break;
}
}
if (null != certClaimSet)
{
// note how we can get access to the client certificate here,
// so if you already know how to program certs in .NET, you're all set
string clientName = certClaimSet.X509Certificate.Subject;
string x509ThumbPrint = certClaimSet.X509Certificate.Thumbprint;
// map the user's name onto a set of claims that represent WSC's entity attributes
ClaimSet newClaimSet = LookupClaimsForWsc(clientName, x509ThumbPrint);
evaluationContext.AddClaimSet(this, newClaimSet);
// Record that claims have been added.
customAuthState.ClaimsAdded = true;
bRet = true;
}
}
else
{
bRet = true;
}
return bRet;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (evaluationContext.Properties.ContainsKey("Identities"))
{
List<IIdentity> identities = evaluationContext.Properties["Identities"] as List<IIdentity>;
IIdentity identity = identities.FirstOrDefault(i=>i.AuthenticationType == "CustomUsernameValidator");
GenericPrincipal genprincipal = new GenericPrincipal(identity, null);
evaluationContext.Properties["Principal"] = genprincipal;
//find a user for this identity
var user = UserStore.GetUserByUsername(identity.Name);
//Add a claim with the user entity
evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("User", user, Rights.Identity)));
return true;
}
else
return false;
//evaluationContext.ClaimSets.
//var name = ServiceSecurityContext.Current.AuthorizationContext .AuthorizationContext.Properties["name"];
//OperationContext.Current
//IPrincipal user = OperationContext.Current.IncomingMessageProperties["Principal"] as IPrincipal;
//var user = OperationContext.Current.IncomingMessageProperties["Principal"] as DAL.User;//evaluationContext.Properties["Principal"] as DAL.User;
//if (user == null)
// throw new SecurityTokenException("Unauthorized");
//evaluationContext.AddClaimSet(this, new DefaultClaimSet(new Claim("UserId", user.UserId, Rights.Identity)));
//const String HttpRequestKey = "httpRequest";
//const String UsernameHeaderKey = "x-ms-credentials-username";
//const String PasswordHeaderKey = "x-ms-credentials-password";
//const String IdentitiesKey = "Identities";
//const String PrincipalKey = "Principal";
//// Check if the properties of the context has the identities list
//if (evaluationContext.Properties.Count > 0 ||
// evaluationContext.Properties.ContainsKey(IdentitiesKey) ||
// !OperationContext.Current.IncomingMessageProperties.ContainsKey(HttpRequestKey))
// return false;
//// get http request
//var httpRequest = (HttpRequestMessageProperty)OperationContext.Current.IncomingMessageProperties[HttpRequestKey];
//// extract credentials
//var username = httpRequest.Headers[UsernameHeaderKey];
//var password = httpRequest.Headers[PasswordHeaderKey];
//// verify credentials complete
//if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
// return false;
//// Get or create the identities list
//if (!evaluationContext.Properties.ContainsKey(IdentitiesKey))
// evaluationContext.Properties[IdentitiesKey] = new List<IIdentity>();
//var identities = (List<IIdentity>)evaluationContext.Properties[IdentitiesKey];
// lookup user
//using (var con = ServiceLocator.Current.GetInstance<IDbConnection>())
//{
// using (var userDao = ServiceLocator.Current.GetDao<IUserDao>(con))
// {
// var user = userDao.GetUserByUsernamePassword(username, password);
// //evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, roleClaims));
// }
//}
//check that!
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state) {
evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(this.principal.Identity.Name)));
evaluationContext.Properties["Principal"] = this.principal;
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
for (int i = 0; i < this.claimSets.Count; i++)
{
evaluationContext.AddClaimSet(this, this.claimSets[i]);
}
if (this.identities != null)
{
object obj2;
if (!evaluationContext.Properties.TryGetValue("Identities", out obj2))
{
evaluationContext.Properties.Add("Identities", this.identities);
}
else
{
List<IIdentity> list = obj2 as List<IIdentity>;
if (list != null)
{
list.AddRange(this.identities);
}
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
public bool Evaluate (EvaluationContext ec, ref Object state)
{
ec.AddClaimSet (this, new DefaultClaimSet (Claim.CreateRsaClaim (rsa)));
ec.RecordExpirationTime (DateTime.MaxValue.AddDays (-1));
return true;
}
/// <summary>
/// called for every server operation
/// </summary>
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (evaluationContext.Properties.ContainsKey("Identities"))
{
var identities = (List<IIdentity>) evaluationContext.Properties["Identities"];
IIdentity identity = identities[0];
ClaimSet claims = MapClaims(identity);
var newPrincipal = new GenericPrincipal(identity, null);
evaluationContext.Properties["Principal"] = newPrincipal;
if (claims != null)
evaluationContext.AddClaimSet(this, claims);
return true;
}
return false;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
for (int i = 0; i < this.claimSets.Count; ++i)
{
evaluationContext.AddClaimSet(this, this.claimSets[i]);
}
if (this.identities != null)
{
object obj;
if (!evaluationContext.Properties.TryGetValue(SecurityUtils.Identities, out obj))
{
evaluationContext.Properties.Add(SecurityUtils.Identities, this.identities);
}
else
{
// null if other overrides the property with something else
List<IIdentity> dstIdentities = obj as List<IIdentity>;
if (dstIdentities != null)
{
dstIdentities.AddRange(this.identities);
}
}
}
evaluationContext.RecordExpirationTime(this.expirationTime);
return true;
}
public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
if (state != null)
return true; // If state is null, then this method has already been called
Debug.WriteLine("Inside MyAuthorizationPolicy.Evaluate");
var claims = new List<Claim>();
// Iterate through each of the claim sets in the evaluation context.
foreach (var claimSet in evaluationContext.ClaimSets)
{
// Look for Name claims in the current claim set.
foreach (var claim in claimSet.FindClaims(ClaimTypes.Name, Rights.PossessProperty))
{
// Get the list of operations the given user (resource) is allowed to call.
var user = claim.Resource;
var ops = GetAllowedOperations(user);
foreach (var operation in ops)
{
// Add claims to the list
claims.Add(new Claim("http://example.org/claims/allowedoperation", operation, Rights.PossessProperty));
Debug.WriteLine("Claim added: " + operation);
}
}
}
// Add claims to the evaluation context.
evaluationContext.AddClaimSet(this, new DefaultClaimSet(this.Issuer, claims));
// Will signifies that claims have been added.
state = new object();
return true;
}